National Academies Press: OpenBook

How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations (2014)

Chapter: APPENDIX D Survey Questions to Transit Agencies

Get This Book
Unfortunately, this book can't be printed from the OpenBook. If you need to print pages from this book, we recommend downloading it as a PDF.

Visit NAP.edu/10766 to get more information about this book, to buy it in print, or to download it as a free PDF.
« Previous: APPENDIX C BUSINESS ASSOCIATE AGREEMENTS, GUIDES, NOTICES, POLICIES, PRACTICES, AND PROCEDURES PROVIDED BY TRANSIT AGENCIES
Page 226
Suggested Citation:"APPENDIX D Survey Questions to Transit Agencies." National Academies of Sciences, Engineering, and Medicine. 2014. How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations. Washington, DC: The National Academies Press. doi: 10.17226/22359.
×
Save
Cancel
Page 226
Page 227
Suggested Citation:"APPENDIX D Survey Questions to Transit Agencies." National Academies of Sciences, Engineering, and Medicine. 2014. How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations. Washington, DC: The National Academies Press. doi: 10.17226/22359.
×
Save
Cancel
Page 227
Page 228
Suggested Citation:"APPENDIX D Survey Questions to Transit Agencies." National Academies of Sciences, Engineering, and Medicine. 2014. How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations. Washington, DC: The National Academies Press. doi: 10.17226/22359.
×
Save
Cancel
Page 228
Page 229
Suggested Citation:"APPENDIX D Survey Questions to Transit Agencies." National Academies of Sciences, Engineering, and Medicine. 2014. How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations. Washington, DC: The National Academies Press. doi: 10.17226/22359.
×
Save
Cancel
Page 229
Page 230
Suggested Citation:"APPENDIX D Survey Questions to Transit Agencies." National Academies of Sciences, Engineering, and Medicine. 2014. How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations. Washington, DC: The National Academies Press. doi: 10.17226/22359.
×
Save
Cancel
Page 230
Page 231
Suggested Citation:"APPENDIX D Survey Questions to Transit Agencies." National Academies of Sciences, Engineering, and Medicine. 2014. How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations. Washington, DC: The National Academies Press. doi: 10.17226/22359.
×
Save
Cancel
Page 231

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

226 APPENDIX D SURVEY QUESTIONS TCRP, STUDY TOPIC 15-04 HOW THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) AND OTHER PRIVACY LAWS AFFECT PUBLIC TRANSPORTATION OPERATIONS Agency Name: ________________________________________________________________________ Name of Employee: ________________________________________________________________________ Job Title: ________________________________________________________________________ Contact telephone/ cell phone number: ___________________/ _____________________ Email address: _________________________________ How many years have you been with the agency? _____ NOTES: a. The survey questions relate only to health information or records that your agency receives, cre- ates, transmits, or maintains on patrons for whom your agency provides transportation to health care pro- viders. b. The survey does not seek information relating to any employee health information or records or to any health insurance plan provided or sponsored by your agency. c. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA); (i) Entities subject to HIPAA are referred to as covered entities – namely, a health care pro- vider, a health plan, or a health care clearinghouse. (ii) Hybrid entity means a single legal entity (1) that is a covered entity; (2) whose business activities include both covered and non-covered functions; and (3) that designates health care components in accordance with HIPAA regulations. (iii) A health care provider includes doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies. (iv) (3) Business associate includes: (i) A Health Information Organization, E-prescribing Gateway, or other person that provides data transmission services with respect to protected health informa- tion to a covered entity and that requires access on a routine basis to such protected health information. (ii) A person that offers a personal health record to one or more individuals on behalf of a covered entity. (iii) A subcontractor that creates, receives, maintains, or transmits protected health information on behalf of the business associate. d. HIPAA’s Privacy Rule protects all “individually identifiable health information” held or transmit- ted by a covered entity or its business associate in any form or media whether electronic, paper, or oral. Un- der the Privacy Rule the information is referred to as “protected health information.” The foregoing type of information is included in the term “health information or records” used in the survey.

227 Questions and Requests 1. Does your agency receive, create, transmit or maintain health information or records on individuals for whom your agency provides transportation to doctors, hospitals, clinics, or other health care providers? YES __ NO __ a. If your answer is “No,” please STOP and return the survey as requested on page 9. b. If your answer is “Yes,” please continue with the survey and provide copies of any documents re- quested. 2. Has your agency been advised, or have agency officials assumed for any reasons, that it is subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) because your agency possesses health information or records on patrons for whom your agency provides transportation to health care pro- viders? YES __ NO __ If your answer is “Yes,” please provide details and a copy, if possible, of any advice or opinion regard- ing the applicability of HIPAA to your agency. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ 3. Does your agency receive health information or records from, or transmit health information or re- cords to, a health care provider, health plan, or health care clearinghouse as those terms are defined in the HIPAA laws and regulations regarding patrons for whom your agency provides transportation to health care providers? YES __ NO __ If your answer is “Yes,” please provide details. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ 4. (a) Is your agency a business associate of a covered entity as those terms are defined in the HIPAA laws and regulations? YES __ NO __ If your answer is “Yes,” please provide details. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ (b) Is your agency a subcontractor to a business associate of a covered entity as those terms are de- fined in the HIPAA laws and regulations? YES __ NO __ If your answer is “Yes,” please provide details. _____________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________

228 (c) Is your agency a hybrid entity as defined in the HIPAA regulations, for example, a department of a covered entity providing transportation services in connection with health care services subject to HIPAA? YES __ NO __ If your answer is “Yes,” please provide details. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ 5. If your agency receives, creates, transmits, or maintains health information or records on patrons for whom your agency provides transportation services, please describe how and under what circumstances your agency receives, transmits, or maintains health information or records on its patrons. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 6. In regard to question 5, to the extent the information has not been provided already, please describe the manner in which your agency receives, creates, transmits, or maintains health information or records, including but not limited to electronic information. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 7. Has your agency ever provided to its patrons or others a notice of its privacy policies or practices on the use or disclosure of patrons’ health information or records that your agency receives, creates, transmits, or maintains in connection with transporting patrons to health care providers? YES __ NO __ If your answer is “Yes,” please provide details and a copy of the privacy notice(s) provided to patrons or others. (The question does not concern any such notice provided by your agency to employees or in con- nection with any health insurance plan for employees of your agency.) _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 8. Does your agency have security arrangements such as those required by the HIPAA laws and regu- lations for safeguarding health information or records, including those in electronic format, that your agency receives, creates, transmits, or maintains on patrons for whom your agency provides transportation to health care providers? YES __ NO __ If your answer is “Yes,” please provide and/or describe the arrangements. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 9. Does your agency have now or has it had previously a contract with a covered entity as defined by the HIPAA laws and regulations to provide transportation to the named covered entity or to health care pro- viders? YES __ NO __

229 If your answer is “Yes,” please (a) provide details, including what kind of health information or re- cords your agency receives, creates, transmits, or maintains and (b) provide a copy of any contract or con- tracts with a covered entity relating to such services. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 10. Has your agency been required or requested to provide health information or records concerning pa- trons of your agency pursuant to a subpoena, including a Grand Jury subpoena, a discovery request, or a court order? YES __ NO __ If your answer is “Yes,” please (a) provide details and if possible a copy of the subpoena, discovery request, or court order and (b) state whether the agency furnished the health information or records. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 11. Has your agency been requested or required to provide health information or records that your agency receives, creates, transmits, or maintains on patrons for whom your agency provides transportation to health care providers pursuant to a request under a Freedom of Information Act or a Public Records Dis- closure Law? YES __ NO __ If your answer is “Yes,” please (a) provide details and if possible a copy of the request and (b) state whether the agency furnished the health information or records. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 12. Has your agency been the subject of any legal action or administrative proceeding in connection with the use or disclosure of health information or records that your agency receives, creates, transmits, or main- tains in connection with transporting patrons to health care providers? YES __ NO __ If your answer is “Yes,” please (a) describe the nature of the legal action or administrative proceed- ing; (b) state the outcome of the action or proceeding; and (c) provide a copy of any complaint, order, and/or decision related to the action or proceeding. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 13. Are you aware of any state laws applicable to your agency on the use or disclosure of any health in- formation or records that you agency receives, creates, transmits, or maintains on patrons for whom your agency provides transportation to health care providers? YES __ NO __ If your answer is “Yes,” please provide citations to the applicable state law(s). _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________

230 14. Are you aware of an opinion by any court (federal, state, city, or county) in which an issue was whether HIPAA preempted state law on the use or disclosure of health information or records? YES __ NO __ If your answer is “Yes,” please provide citations to the applicable state law(s). _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 15. Excluding HIPAA, are you aware of any federal privacy laws that apply or may apply to your agency regarding its use or disclosure of health information or records that your agency receives, creates, transmits, or maintains on patrons for whom your agency provides transportation to health care providers? YES __ NO __ If your answer is “Yes,” please provide citations to the federal privacy laws that apply or may apply to your agency. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 16. Has the state attorney general or another official in your state, city, or county issued any opinions regarding the applicability to your agency of state or federal privacy laws, including but not limited to HIPAA, concerning health information or records that your agency receives, creates, transmits, or maintains on patrons for whom your agency provides transportation to health care providers? YES __ NO __ If your answer is “Yes,” please (a) provide citations to the opinions and (b) furnish a copy of the opin- ions. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 17. In particular, have any of the following federal laws had any effect on health information or records that your agency receives, creates, transmits, or maintains on patrons for whom your agency provides trans- portation to health care providers? 1. Patient Protection and Affordable Care Act YES __ NO __ 2. Department of Transportation Regulations YES __ NO __ 3. Drug and Alcohol Treatment Programs YES __ NO __ 4. Americans with Disabilities Act and the YES __ NO __ Rehabilitation Act of 1973 YES __ NO __ 5. Employee Retirement Income Security Act of 1974 YES __ NO __ 6. Family Educational Rights and Privacy Act YES __ NO __ 7. Privacy Act of 1974 YES __ NO __ 8. Medicare and Medicaid YES __ NO __ 9. Genetic Information Nondiscrimination Act YES __ NO __ 10. Other Federal Privacy Laws (please identify below) YES __ NO __ If your answer to any of the foregoing subparts 1–10 is “Yes,” please provide details. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________

231 18. To the extent information has not been provided already, has your agency been sued in tort, for breach of contract, or otherwise regarding an alleged, unauthorized or improper use or disclosure of health information or records your agency receives, creates, transmits, or maintains on patrons for whom your agency provides transportation to health care providers? YES __ NO __ If your answer is “Yes,” please provide details and a citation to any decision(s) that resulted from the action. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 19. Does your agency have a plan or policy regarding the handling of health information or records in your agency’s possession on patrons when providing them with transportation during an emergency? YES __ NO __ If your answer is “Yes,” please (a) provide details; (b) state whether the plan or policy includes provi- sions on the use or disclosure of the health information or records in your agency’s possession; and (c) pro- vide a copy of the plan or policy. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ 20. Please explain (a) what your agency considers the industry practices or standards to be on receiving, creating, transmitting, or maintaining health information or records and/or on the use or disclosure of health information or records on patrons for whom your agency provides transportation to health care pro- viders and (b) provide copies of any industry practices or standards and/or your agency’s polices or proce- dures in regard to the foregoing. _________________________________________________________________________________________________ ____________________________________________________________________________________________________ _____________________________________ Thank you for your cooperation and for copies of contracts and other documents provided with your responses. As noted, please provide the copies by e-mail or on a disk or provide them via an Internet link if the contracts or other documents are available on line. ****************************************************************************** Please return your completed survey preferably via e-mail to: The Thomas Law Firm ATTN: Larry W. Thomas 1701 Pennsylvania Avenue, N.W. Suite 300 Washington, D.C. 20006 Tel. (202) 465-5050 lwthomas@cox.net

Next: APPENDIX E Summary of Transit Agencies' Responses to Survey »
How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations Get This Book
×
How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Transit Cooperative Research Program (TCRP) Legal Research Digest 46: How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations explores whether the privacy and security rules established by HIPAA apply to transit agencies that possess patrons’ health information.

The first seven sections of this digest discuss HIPAA and whether various entities are subject to HIPAA’s privacy and security provisions applicable to the protection of protected health information, as defined by HIPAA. This digest also analyzes how protected health information is defined by HIPAA and discusses HIPAA’s Privacy Rule and Security Rule as defined by the U.S. Department of Health and Human Services in its most recent final rule.

This digest summarizes other important aspects of HIPAA including whether protected health information must be produced in response to a subpoena, discovery request, or a request under a freedom of information act (FOIA) or similar law. The remainder of the digest discusses the privacy of health information under other federal and state laws. The digest also covers industry standards and best practices used by transit agencies to protect the privacy of patrons’ health information.

READ FREE ONLINE

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!