Overview:
This session focuses on the issues of managing health information when it may that of students and may involve substance abuse treatment information.
HIPAA and FERPA allow a number of disclosures without consent that SAMHSA prohibits without consent.
First we will explain how HIPAA relates to information management and
release and explain the processes required for various releases of
information under the HIPAA and FERPA rules, including release according
to individual access requests, and under consents and HIPAA
authorizations.
While FERPA overrides HIPAA, both HIPAA and FERPA take a back seat to
the rules under 42 CFR Part 2. When substance abuse treatment
information is involved, first you need to understand how to identify
it. We will discuss how to make it distinguishable from "regular"health
information, so that the appropriate extra protections can be provided.
You may be able to use functions in your EHR to flag the information, or
you may create a manual process for tracking the information, if it is
rarely handled in your organization.
And the substance abuse treatment information you collect may or may not
be under SAMHSA depending on whether or not you have a department or
even a response team that specializes in SAMHSA-related situations. You
need to understand your status under the rules before you release
information inappropriately. We will discuss what qualifies treatment
that falls under SAMHSA.
If your organization provides services that create information that is
under the SAMHSA regulations, you will need to establish the consent and
release of information processes that are required to be followed for
information releases under 42 CFR Part 2. This involves getting the
proper consents upon establishment of the relationship, as well as
managing consents for releases that may be necessary after the initial
establishment of the relationship. The session will include an
explanation of the consent and release requirements that must be
followed.
When you release information under HIPAA, there are no special notices
required to be placed on the records. But when you release information
under SAMHSA, each document must have a notice that explains that
re-disclosure is not permitted without a new consent.
Complicating matters are updated rules going into effect that will allow
a consent that permits a re-release to a defined team of providers
caring for the individual, but then require meticulous documentation of
to whom the information has been released under such a consent. The
session will go over the rules on consents and re-release of
information.
This session will explore the complications and requirements of each of
the rules controlling student health information, HIPAA, FERPA, and 42
CFR Part 2, and provide insights into how to apply the rules in an
education setting.
Why you should Attend:
For much of healthcare, HIPAA sets the standards for how to manage uses
and disclosures of patient information, known as Protected Health
Information (PHI). But when it comes to information about students, even
health information is controlled under the FERPA rules.
For information related to the treatment of substance use disorders,
regulations of the Substance Abuse and Mental Health Services
Administration (SAMHSA) under 42 CFR Part 2 prevail. These rules apply
to information collected under SAMHSA, which may be difficult to
separate from "regular" PHI in your records, and there are special rules
for disclosure and re-disclosure of substance abuse treatment
information.
Student health information may be subject to some or all of these rules,
so it is essential to know where each rule applies and which rules
supersede each other.
A number of factors must be considered when managing the privacy and
security of student information. School records are rather decisively
controlled by the FERPA regulations, but those regulations don't always
apply, and when they don't, HIPAA steps in with the necessary privacy
and security controls. While many of the concepts in the rules are
similar, there are extensive detail differences
Today we are in the midst of an epidemic of substance abuse, and
particularly opioid abuse, and more and more providers are involved in
providing treatment to students with substance abuse issues. When
substance abuse is involved, the rules of SAMHSA under 42 CFR Part 2
come into play and override both HIPAA and 42 CFR Part 2.
But who is covered under the rules, what's involved in meeting them, and
how do they interact with HIPAA? HIPAA allows a number of disclosures,
for treatment, payment, and healthcare operations purposes, without
consent from the individual being treated.
SAMHSA rules, on the other hand, require consent for every disclosure or
re-disclosure, and if the proper consents aren't obtained, the provider
can be in violation of the rules and subject to penalties.
Areas Covered in the Session:
- What FERPA controls and how to Determine where it Applies
- How FERPA and HIPAA Interact
- What HIPAA allows, what SAMHSA requires, and the Differences will be Explained
- We will Examine how to Deternmine if the Services you Provide Place you under FERPA or 42 CFR Part 2
- We will Explore the means for Making sure Substance Abuse Treatment Information Receives the Appropriate Protections
- The consent and release Requirements under HIPAA, FERPA, and 42 CFR Part 2 will be Explained
- Re-release of Information Released under 42 CFR Part 2 will be Discussed
- Sharing of information with Family and Friends in an overdose Incident will be Explored
- The latest Guidance from the US Department of Health and Human
Services on HIPAA and FERPA, as well as Harmonization of SAMHSA and
HIPAA will be Explained
Who Will Benefit:
- Compliance Director
- CEO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/Lawyer
- Office Manager