BIOMEDICAL BIOMEDICAL ETHICSETHICS

R.B. FRIEDLANDERDeputy General Counsel

What is Biomedical What is Biomedical Ethics?Ethics?Philosophical study of ethical

controversies brought about by advances in biology and medicine

Relationship among ◦life sciences◦biotechnology◦medicine◦politics◦ law – discussion today ◦philosophy

Biomedical Ethics Biomedical Ethics – A Few Legal Areas– A Few Legal Areas

Today’s topics◦Confidentiality◦HIPAA◦Compliance◦Informed Consent◦Whistleblowers

Takeaway PointsTakeaway PointsUse common sense

Go with your gut — do the right thing

Ask the experts

If you proceed, how would it appear on the front page of the newspaper?

Could you defend the benefits vs. the risks in a way a non-clinician / non-researcher could understand?

Biomedical Ethical Issues Biomedical Ethical Issues – Numerous and Complex – Numerous and Complex

Don’t try to know all the applicable rules/regulations/laws on the topics of confidentiality, compliance, HIPAA, informed consents, etc. – leave it to the lawyers. USF also relies on expert outside counsel

With bioethical issues, not always a matter of what one can or cannot do — it’s often a matter of weighing the risks vs. benefits

Confidentiality in the Confidentiality in the University WorldUniversity WorldHIPAA applies to covered entities (more

later)Florida state law on medical privacy is

more restrictive than HIPAA◦ Which is allowable

Student records protected from disclosure under FERPA — also applies to Residents

Generally, all written records of faculty or staff of this University can be released to the public◦ Exemption from disclosure examples:

Social Security Numbers Medical information Research protocols Impaired practitioner information

Florida Laws on Medical Florida Laws on Medical RecordsRecordsMedical records are confidential

Some records are “Super” confidential◦Mental health◦Substance abuse◦STDs◦Genetic testing◦HIV

Health Insurance Portability Health Insurance Portability and Accountability Act of and Accountability Act of 1996 - HIPAA1996 - HIPAAGoal

◦To protect patient privacy, Protected Health Information (PHI) and allow portability of health insurance.

◦Covers privacy, security (use of technology)

◦Broad congressional attempt at healthcare reform

HIPAAHIPAAPurpose is to increase efficiency

and effectiveness of health care system through

◦Electronic exchange of information

◦Standardization of that information

◦Enhanced security and privacy of Protected Health Information (PHI)

HIPAA HIPAA Perceived need – 1 in 6 patients omit medical

history information from physician out of fear of misuse or mishandling

Applies to covered entities, health plans, HMOs, Medicare, providers, health clearinghouses.

USF is a “hybrid” covered entity. USF College of Medicine, College of Nursing, Student Health Services, Byrd Institute are covered because they are entities providing medical treatment for which they electronically bill.

Covered entities must:◦ Maintain reasonable & appropriate safeguards◦ Maintain physical safeguards

HIPAA Privacy RuleHIPAA Privacy RuleKey Features PHI Uses and disclosures Consents Authorization Notice of privacy practices Minimum necessary information given Patient rights Business associates Marketing, fundraising and research Interaction with state privacy and confidentiality

laws Penalties

HIPAA AcronymsHIPAA AcronymsPHI

Protected Health Information - Health and demographic information about an individual

IIHIIndividually Identifiable Health Information, e.g., name, address, dates, telephone number, SSN, medical record #, fingerprints, photographic images, etc.

Permitted Use of PHI / IIHI Permitted Use of PHI / IIHI ––“TPO” “TPO” Subject to a general consent from

the patient, HIPAA permits use or disclosure within the covered entity or to a business associate for◦Treatment◦Payment◦Health Care Operations, which can

include Qualify assessment and improvement Peer review/credentialing Medical review, legal services, auditing Business planning and development Administrative activities

HIPAA RequirementsHIPAA RequirementsProviders must obtain prior consent to

treatment, except ◦In emergencies, or◦Where provider is obligated by law to

provide care◦Providers can condition treatment on

granting of consent to treatment

Authorization must be obtained for all uses and disclosures other than TPO or those mandated by law

Provider must give privacy notice to patients

HIPAA - Other HIPAA - Other Applicability Applicability Business Associate

Person or entity who provides services on behalf of covered entity or to a covered entity and is not a member of your workforce

ResearchIf it involves health information about living participants, deceased persons, is related to human tissue samples, chart review and or stored in databases or repositories

Individual Rights Under Individual Rights Under HIPAAHIPAAReceive written notice of privacy

practices

Request restrictions on uses and disclosures

Access, inspect and copy their PHI

Request amendment or correction of the PHI

Receive an accounting of disclosures of their PHI (except those related to treatment, payment and operations)

Enforcement of HIPAA Enforcement of HIPAA — as to state agencies — as to state agencies

Enforcement◦DHHS/OIG◦CMS◦DOJ◦State Attorneys General

Penalties for the intent to sell or use PHI◦Civil and criminal penalties with fines

up to $250,000, and/or◦10 years in prison

Amendments to HIPAA – Amendments to HIPAA – HITECH HITECH HITECH – Health Information

Technology for Economic and Clinical Health◦Part of the American Recovery and

Reinvestment Act (ARRA) of 2009 – eff. 2/17/09

◦Expanded definition of privacy breaches◦Greater reporting/notification of suspected

breaches◦Responsibility to investigate breaches and

mitigate losses enhanced◦ Improved enforcement

ComplianceComplianceJust do itSomeone else’s alleged non-compliance

does not grant permission to others to do the same

Hundreds of laws/regulations USF employees have to comply with in medical/research areas

Different types of conflict of interest considerations◦ Sponsored research

◦ As a public officer/employee

◦ University employment/conflict of commitment, institutional COI

WhistleblowersWhistleblowersFederal and State False Claims Act

(FCA)— see class handout

Federal FCA ◦Old law◦Very broadly defined◦Whistleblower protections◦Penalties steep – civil penalty for each

claim◦Multi-million dollar payouts, even for public

entities, e.g., UMDNJ – over $350M

Other “Whistleblower” Other “Whistleblower” ProvisionsProvisions

Other state laws on subject

General state law on whistleblowers

– not just in medical arena◦Usually applied in employment-related

context

Important principle for USF – if complaint is made, no retaliation allowed

Informed ConsentInformed ConsentConsents & authorization requirements

◦ Written in plain language◦ Inform patient of the procedure’s risks/benefits◦ How will it be used◦ Signed and dated

Divorced parents◦ Either parent can consent to medical or

surgical treatment unless court order provides otherwise

◦ Physical custody does not determine authority to consent

◦ If divorced parents disagree, consent of either parent will suffice

Non-parents can consent under certain circumstances

Minor’s RightsMinor’s RightsMinors can give consent in certain

situations◦Emancipated◦Married minor◦Pregnant minor◦Minor mother

Minors can consent for treatment of◦STDs◦Maternal health/contraception◦Substance abuse◦Outpatient emotional crisis counseling

Valid AuthorizationsValid AuthorizationsAuthorizations must be obtained for

all uses other than TPO or those mandated under law and must include:◦Description of the information to be

disclosed◦Name of person or entities to whom the

information will be disclosed◦An expiration date◦ Information regarding right to revoke◦Date and signature

Consent PrinciplesConsent Principles

Remember…Have consents drafted and reviewed

by counsel with input from providers

Inform patient what is happening and what might happen

Verify they understand scope of the consent

Discuss consent in person

Don’t rely exclusively on a consent to insure no legal action will be brought

ConclusionConclusionDo what’s right in medical/research

context◦What did your mother tell you?

For healthcare providers, treat in emergency

Providers discuss mistakes when needed to improve treatment/performance for future patients

Let lawyers worry about legal consequences◦Do the right thing!