How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations (2014) / Chapter Skim
Currently Skimming:
Pages 20-28
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 20... ...
20 use or disclosure. De-identified health information is that information that does not identify an individual.
|
From page 21... ...
21 vised that HIPAA applied to them, or they at least treated the information as being confidential without knowing whether HIPAA actually applied.184 There are several reasons a transit agency would not be subject to HIPAA as a result of having health information on patrons. When a transit agency receives health information from a patron or pursuant to a patron's authorization or a release, the health information in the possession of a transit agency arguably is not PHI within the meaning of the HIPAA regulations.
|
From page 22... ...
22 For instance, Metro Transit, which maintains that HIPAA does not apply to the agency, stated that that it has a contract with a covered entity, but that "none of the health records come from the covered entity. Health records come directly from the patron.
|
From page 23... ...
23 complementary paratransit service, but state and local social services agencies offer paratransit for clients using government funding provided by one of approximately 90 programs.194 Under HIPAA, if a covered entity is providing PHI to a business associate, the parties must have a business associate agreement that complies with HIPAA's specifications. Although there is an issue of whether transit agencies satisfy HIPAA's definition of a business associate,195 some transit agencies are serving as brokers and/or have business associate agreements with covered entities to deliver transportation services.
|
From page 24... ...
24 provided by a Medicaid recipient to a transit agency does not appear to be subject to HIPAA because a transit agency is not a covered entity. However, a state Medicaid program or agency or one providing coordinated transportation services may require a contract with a transit agency that provides that the transit agency is subject to HIPAA.
|
From page 25... ...
25 ness associate requirements or exceptions" and are subject to HIPAA.215 This report also states that whether a participating agency may disclose information to another agency "for a particular purpose is a highly fact specific determination that must be made on a case by case basis."216 This report found that that the "HIPAA regulations are for the most part silent on the impact and responsibilities specifically for public transportation providers."217 However, this report also found that transportation providers generally are "required to comply with HIPAA if it is determined that, in addition to basic client demographic and medical service trip information, a client's protected health information (PHI) is also being shared when consolidating medical transportation trip information."218 As noted previously, a subset of PHI is individually identifiable health information that includes "demographic information collected from an individual."219 The TCRP Report noted earlier discusses the "opportunities" for public transit agencies to participate as a "direct provider, broker, or subcontractor" in Medicaid transportation programs.220 This report states that the confidentially of records is a potential barrier to coordinated transit service because public transit agencies may not be "equipped" to maintain the confidentiality of medical information.221 The TCRP Report also suggests, albeit in one brief sentence, that transit agencies are not subject to HIPAA regarding NEMT trips that may be arranged by a transit agency as a broker.222 However, as noted, a contract for NEMT could provide that HIPAA applies.
|
From page 26... ...
26 Salem-Keizer in Oregon in a follow-up interview explained the process for its agency and others involved with coordinated transportation services but noted that the arrangements may be in the process of changing.231 Salem-Keizer provided a copy of a Provider Agreement that is required to enroll [A] s a Provider with the Oregon Health Authority ("Authority")
|
From page 27... ...
27 "an enormous burden" on covered entities to determine which individuals and organizations are business associates under HIPAA.239 The HIPAA regulations define a business associate as a person or entity that performs on behalf of a covered entity a "function or activity regulated by [HIPAA] , including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, patient safety activities listed at 42 C.F.R.
|
From page 28... ...
28 As seen, the HIPAA regulations limit the kinds of entities that may be business associates and create, receive, maintain, or transmit PHI on behalf of a covered entity. With a patient's authorization, however, a covered entity may disclose health information to anyone permitted by a patient including a transit agency.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.