Data Practices Act & HIPAA

Gives individuals certain rights to both protect and have access to the data that this agency collects, maintains, uses and disseminates.

Why we request consumer information

• • • • • • • • • • Determine eligibility for our services Provide effective services Handle complaints or concerns Enable us to collect public funding Confirm our license compliance Prepare statistical reports and evaluations Collect reimbursements for services Financial Audits Account for wages paid Research

Our Policy

• It is the policy of ProAct to require an Authorization for Release of Information (ARI) form to be completed when information is requested of ProAct by other agencies. ProAct also requires an ARI form when we need information from other agencies.

HIPAA

• Health Insurance Portability & Accountability Act (HIPAA) • Standardization of electronic patient health, administrative, and financial data.

• Security standards protecting confidentiality and integrity of “individually identifiable health information”, past, present or future.

Recognize this Form?

It’s the form we fill out every year and keep in every consumer’s file.

MN Statute 13.04, Subdivision 2 A.K.A.

Privacy Act Notice

What Triggers the Warning?

• • • • A Consumer Is asked to supply Private or confidential data Concerning him or herself

Notice of Privacy Practices informs the consumers of these areas of concern:

Why is the data being collected?

How will the agency use the data?

Is the consumer legally required to supply the data – or may he/she refuse?

Consequences for supplying the data – or not?

Identity of other authorized persons?

Consequences of failing to provide the Notice of Privacy Practices

You didn’t think you were going to get out of here without consequences, did you?

Failure to give the warning is a violation of the law and may be used as evidence that you (and the agency) should lose licensing.

Confidentiality issues

• Data on Individuals When the data on individuals is classified as

Private

, the data is not accessible to the public – but is accessible to the consumer.

(Also accessible to authorized agencies)

More Confidentiality Issues

• Data on Individuals When data is classified as Confidential , the data is not accessible to the public or to the consumer • (but is accessible to authorized agencies)

A Rule of Thumb

• The Data Practices Act seeks to ensure that the public has access to all government data that is classified as

Public

.

• And very limited access to data that is classified as

Private

or

Confidential

If the person has died -

• Upon the death of a consumer, all information about that person becomes

private

.

• If the information was classified

confidential

, then it remains

confidential

.

• All Data Practice Act rights conferred on the consumer become conferred on their living representative.

Who’s Responsible for Enforcement?

• The individual in each agency who is required to perform the duties necessary to implement and administer the Data Practice Act.

You’re responsible if you:

• • • • • Prepare procedures to assure access to the information Prepare an annual report to the public regarding the information Are responsible for limiting the amount of information collected Are responsible for storage (filing) of the data Are responsible for setting the procedures for collecting the information

When you are collecting data, ask yourself these questions.

• Are you asking the consumer to supply private or confidential data?

No. Collect the data Yes. Give a Notice of Privacy and collect the data.

Is Data Necessary?

• Is the use of the data necessary to manage the State authorized program?

No. Do not use or disseminate the information.

Yes. Collect the data, but ask yourself the following question.

Given Notice

• Was the consumer given the Notice of Privacy that the data would be disseminated?

No. Get the consumer’s

informed

consent.

Yes. Collect the data but ask yourself the following question.

Collection / Storage

• Is collection/storage necessary to manage the program?

No. Do not collect or store the data.

Yes. Store the data according to the letter and spirit of the Tennessen Act.

Any Questions or Points of Discussion