Download biomedical ethics - USF General Counsel

BIOMEDICAL
ETHICS
R.B. FRIEDLANDER
Deputy General Counsel
What is Biomedical Ethics?

Philosophical study of ethical controversies
brought about by advances in biology and
medicine

Relationship among
◦
◦
◦
◦
◦
◦
life sciences
biotechnology
medicine
politics
law – discussion today
philosophy
Biomedical Ethics
– A Few Legal Areas
Today’s topics
◦
◦
◦
◦
◦
Confidentiality
HIPAA
Compliance
Informed Consent
Whistleblowers
Takeaway Points

Use common sense

Go with your gut — do the right thing

Ask the experts

If you proceed, how would it appear on the
front page of the newspaper?

Could you defend the benefits vs. the risks in
a way a non-clinician / non-researcher could
understand?
Biomedical Ethical Issues
– Numerous and Complex

Don’t try to know all the applicable
rules/regulations/laws on the topics of
confidentiality, compliance, HIPAA, informed
consents, etc. – leave it to the lawyers. USF
also relies on expert outside counsel

With bioethical issues, not always a matter
of what one can or cannot do — it’s often a
matter of weighing the risks vs. benefits
Confidentiality in the
University World
HIPAA applies to covered entities (more later)
 Florida state law on medical privacy is more
restrictive than HIPAA

◦ Which is allowable


Student records protected from disclosure under
FERPA — also applies to Residents
Generally, all written records of faculty or staff of
this University can be released to the public
◦ Exemption from disclosure examples:




Social Security Numbers
Medical information
Research protocols
Impaired practitioner information
Florida Laws on Medical Records

Medical records are confidential

Some records are “Super” confidential
◦
◦
◦
◦
◦
Mental health
Substance abuse
STDs
Genetic testing
HIV
Health Insurance Portability and
Accountability Act of 1996 - HIPAA

Goal
◦ To protect patient privacy, Protected Health
Information (PHI) and allow portability of health
insurance.
◦ Covers privacy, security (use of technology)
◦ Broad congressional attempt at healthcare reform
HIPAA

Purpose is to increase efficiency and
effectiveness of health care system through
◦ Electronic exchange of information
◦ Standardization of that information
◦ Enhanced security and privacy of Protected
Health Information (PHI)
HIPAA

Perceived need – 1 in 6 patients omit medical history
information from physician out of fear of misuse or
mishandling

Applies to covered entities, health plans, HMOs,
Medicare, providers, health clearinghouses.

USF is a “hybrid” covered entity. USF College of
Medicine, College of Nursing, Student Health Services,
Byrd Institute are covered because they are entities
providing medical treatment for which they
electronically bill.

Covered entities must:
◦ Maintain reasonable & appropriate safeguards
◦ Maintain physical safeguards
HIPAA Privacy Rule
Key Features











PHI
Uses and disclosures
Consents
Authorization
Notice of privacy practices
Minimum necessary information given
Patient rights
Business associates
Marketing, fundraising and research
Interaction with state privacy and confidentiality laws
Penalties
HIPAA Acronyms

PHI
Protected Health Information - Health and
demographic information about an individual

IIHI
Individually Identifiable Health Information,
e.g., name, address, dates, telephone number, SSN,
medical record #, fingerprints, photographic images,
etc.
Permitted Use of PHI / IIHI –“TPO”

Subject to a general consent from the
patient, HIPAA permits use or disclosure
within the covered entity or to a business
associate for
◦ Treatment
◦ Payment
◦ Health Care Operations, which can include





Qualify assessment and improvement
Peer review/credentialing
Medical review, legal services, auditing
Business planning and development
Administrative activities
HIPAA Requirements

Providers must obtain prior consent to
treatment, except
◦ In emergencies, or
◦ Where provider is obligated by law to provide
care
◦ Providers can condition treatment on granting of
consent to treatment

Authorization must be obtained for all uses and
disclosures other than TPO or those mandated
by law

Provider must give privacy notice to patients
HIPAA - Other Applicability

Business Associate
Person or entity who provides services on behalf
of covered entity or to a covered entity and is not
a member of your workforce

Research
If it involves health information about living
participants, deceased persons, is related to human
tissue samples, chart review and or stored in
databases or repositories
Individual Rights Under HIPAA

Receive written notice of privacy practices

Request restrictions on uses and disclosures

Access, inspect and copy their PHI

Request amendment or correction of the
PHI

Receive an accounting of disclosures of their
PHI (except those related to treatment,
payment and operations)
Enforcement of HIPAA
— as to state agencies

Enforcement
◦
◦
◦
◦

DHHS/OIG
CMS
DOJ
State Attorneys General
Penalties for the intent to sell or use PHI
◦ Civil and criminal penalties with fines up to
$250,000, and/or
◦ 10 years in prison
Amendments to HIPAA – HITECH

HITECH – Health Information Technology
for Economic and Clinical Health
◦ Part of the American Recovery and Reinvestment
Act (ARRA) of 2009 – eff. 2/17/09
◦ Expanded definition of privacy breaches
◦ Greater reporting/notification of suspected
breaches
◦ Responsibility to investigate breaches and
mitigate losses enhanced
◦ Improved enforcement
Compliance

Just do it

Someone else’s alleged non-compliance does
not grant permission to others to do the same

Hundreds of laws/regulations USF employees
have to comply with in medical/research areas

Different types of conflict of interest
considerations
◦ Sponsored research
◦ As a public officer/employee
◦ University employment/conflict of commitment,
institutional COI
Whistleblowers

Federal and State False Claims Act (FCA)
— see class handout

Federal FCA
◦
◦
◦
◦
◦
Old law
Very broadly defined
Whistleblower protections
Penalties steep – civil penalty for each claim
Multi-million dollar payouts, even for public
entities, e.g., UMDNJ – over $350M
Other “Whistleblower” Provisions

Other state laws on subject

General state law on whistleblowers
– not just in medical arena
◦ Usually applied in employment-related context

Important principle for USF
– if complaint is made, no retaliation allowed
Informed Consent

Consents & authorization requirements
◦
◦
◦
◦

Written in plain language
Inform patient of the procedure’s risks/benefits
How will it be used
Signed and dated
Divorced parents
◦ Either parent can consent to medical or surgical treatment
unless court order provides otherwise
◦ Physical custody does not determine authority to consent
◦ If divorced parents disagree, consent of either parent will
suffice

Non-parents can consent under certain
circumstances
Minor’s Rights

Minors can give consent in certain situations
◦
◦
◦
◦

Emancipated
Married minor
Pregnant minor
Minor mother
Minors can consent for treatment of
◦
◦
◦
◦
STDs
Maternal health/contraception
Substance abuse
Outpatient emotional crisis counseling
Valid Authorizations

Authorizations must be obtained for all uses
other than TPO or those mandated under
law and must include:
◦ Description of the information to be disclosed
◦ Name of person or entities to whom the
information will be disclosed
◦ An expiration date
◦ Information regarding right to revoke
◦ Date and signature
Consent Principles
Remember…

Have consents drafted and reviewed by
counsel with input from providers

Inform patient what is happening and what
might happen

Verify they understand scope of the consent

Discuss consent in person

Don’t rely exclusively on a consent to insure
no legal action will be brought
Conclusion

Do what’s right in medical/research context
◦ What did your mother tell you?

For healthcare providers, treat in emergency

Providers discuss mistakes when needed to
improve treatment/performance for future
patients

Let lawyers worry about legal consequences
◦ Do the right thing!