How the Health Insurance Portability and Accountability Act (HIPAA) and Other Privacy Laws Affect Public Transportation Operations (2014) / Chapter Skim
Currently Skimming:
Pages 58-65
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 58... ...
58 APPENDIX A -- FEDERAL PRIVACY LAWS OTHER THAN HIPAA Although transit agencies did not identify any federal laws applicable to them other than the ADA and DOT laws and regulations, Appendix A discusses other federal privacy statutes, including those identified by HHS, that restrict the disclosure of an individual's health information.608 1. Patient Protection and Affordable Care Act In National Federation of Independent Business v.
|
From page 59... ...
59 privacy protections similar to the HIPAA privacy rule; requires security safeguards for data collection, analysis, and sharing; and protects against all inappropriate internal use by any entity that collects, stores, or receives the data, including use of such data in determinations of eligibility (or continued eligibility) in health plans, and from other inappropriate uses (to be defined by the Secretary)
|
From page 60... ...
60 such information without an employee's consent pursuant to a legal action, grievance, or administrative proceeding that the employee brings as a result of a positive drug or alcohol test or a refusal to take a drug or alcohol test.625 An employer may release such records to a court in lieu of a civil or criminal proceeding when the court determines that the results of a test are relevant because of an "employee's performance of safety-sensitive duties."626 In any case, an employer must notify an employee in writing if the employer decides to disclose an employee's information under 49 C.F.R. § 40.323.627 Employers or service agents are required to release information to an employee (or former employee)
|
From page 61... ...
61 3. Public Health Service Act and Records of Substance Abuse The confidentiality of patient records of substance abuse under § 543 of the Public Health Service Act636 and its implementing regulations637 interact with several of HIPAA's privacy provisions.638 There are requirements that apply to patient records maintained by federally assisted specialized alcohol or drug abuse programs.639 The law's provisions apply to a number of health care providers that must comply also with HIPAA requirements.640 Generally, however, no conflict will exist in the simultaneous application of both of these statutes.641 Records of substance abuse, patients' identity, diagnosis, prognosis, or treatment, maintained in connection with programs assisted by the government must remain confidential unless a patient gives written consent.642 However, the records may be disclosed to medical personnel, even if the patient does not provide written consent, in a medical emergency or to qualified personnel for the purposes of conducting scientific research, management or financial audits, or program evaluations.643 In such cases, personnel may not identify an individual patient in any manner.644 Records of patients' substance abuse must be disclosed pursuant to a court order regardless of a patient's prior written consent; however, "[u]
|
From page 62... ...
62 cations between a program and a qualified service organization of information needed by the organization to provide services to the program."652 Under this rule, although no state law may permit disclosure of records that is prohibited by the rule, if a state law prohibits a disclosure that is allowed by the federal statute, a disclosure is not permitted.653 4. Employee Retirement Income Security Act of 1974 The Employee Retirement Income Security Act of 1974 (ERISA)
|
From page 63... ...
63 FERPA provides parents with the right to review and inspect their children's educational records;667 however, "[w] hen a student turns eighteen or attends any school beyond high school, the rights given to parents under FERPA transfer to that student, and [the student]
|
From page 64... ...
64 tifying information to prevent unwarranted invasion of personal privacy.680 However in each case, the agency must explain fully in writing the reason for and scope of each deletion.681 Private entities "are not bound by the fair information practices, open-access rules, and dataownership principles embodied in the Act."682 On the other hand, the Act "requires notice to, and consent from, individuals when the government collects and shares information about them."683 In general, unless governed by federal or state law, private companies may gather and share data without obtaining an individual's consent.684 DOT explains that the Privacy Act of 1974 sets forth "how the federal government should treat individuals and their information and imposes duties upon federal agencies regarding the collection, use, dissemination, and maintenance of personally identifiable information (PII) ."685 DOT also observes that § 208 of the E-Government Act of 2002 "establishes the requirement for agencies to conduct privacy impact assessments (PIAs)
|
From page 65... ...
65 crimination statute preceding it" because it is prospective:691 "GINA prohibits health insurers and employers from making decisions based on genetic information" even though there was "scant evidence" of a "significant history of genetic-information discrimination."692 It is now "unlawful for employers to discharge, refuse to hire, or make employment decisions relating to compensation or the terms and privileges of employment based on an employee's genetic information."693 Under 42 U.S.C.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.