Consent Models in the Context of PHI, Behavioral Health, 42 CFR Part 2 Regulated Data–the HIPAA Privacy Rule
The Strategic Health Information Exchange Collaborative (SHIEC) and Kuma’s Jenn Behrens, recently partnered to present this informative webinar to the SHIEC membership. Jenn earlier presented the first in a two-part webinar to the SHIEC Behavioral Health Learning Cooperative.
This part two webinar of a two-part series builds on an original look at the federal and state laws that require advanced and specific consent mechanisms for sharing behavioral health, mental health, and substance use disorder information. In this webinar, Jenn digs deeper into consent and authorization and what the HIPAA Privacy Rule provides for guidance, the difference between opt-in and opt-out, and consent models that HIE’s may consider using.
What you will learn:
A Review of Data Types
- Understand the difference between protected health information, behavioral health, and 42 CFR Part 2 data
- Learn about the interplay of consent models, privacy protections, and security control
- A look at where HIEs fit into this topic
Consent Versus Authorization
- Learn how to decipher between the two and why it matters
- How the HIPAA Privacy Rule plays into consent and authorization
Opt-In & Opt-Out
- What do opt-in and opt-out mean and what criteria defines each option
HIE Consent Models
- Get a detailed picture of four different models used by HIEs and how they are being used
Consent & QSOAs
- Learn about Qualified Service Organization Agreements, how they function, and their impact on consent
This webinar will help you understand the interplay of consent regulations, privacy and security and what to consider when developing a consent model for your HIE.
Don’t have time to listen to the recorded session? Download the full transcript.
Disclaimer: Both webinars do not offer legal advice and we encourage you to always check with your current counsel and get to know your specific state and local regulations and how they may interact with how your organization needs to govern the exchange of data.
The Kuma difference
Health Information Exchanges must meet highly regulated privacy and security requirements and may not have the resources to go it alone. Kuma can help you with all your needs from the complexities of consent to HIPAA compliance to establishing a long-term program that ensures compliance today and in the future.
We ensure you have access to senior level resources and confidence through our forward-thinking approach. Learn more about Kuma at www.kuma.pro.
About Jenn Behrens
Jenn started her career in social work as a foster care social worker. For over a decade, she moved through and up local departments of social services and landed at the state level where she oversaw the information management systems for Family Services. Through her journey there, she started understanding research implications, data sharing implications, as well as the designs that go into building the systems that contain raw data about very vulnerable populations. She had to opportunity to jump from social service to work on a cybersecurity initiative out of NIST and from there, she took on the task of managing privacy – an area misunderstood throughout the industry. This led her to the world of security, privacy, and digital identity – and with that her first pilot which was about sharing information with a healthcare organization. At Kuma, she continues her work in security and privacy consulting services and with that, applies her original passion for healthcare to working with clients to integrate best practices into their organization.