HIPAA, 42 CFR Part 2, and FERPA - Rules for Managing Student Health Information

Overview:
This session focuses on the issues of managing health information when it may that of students
and may involve substance abuse treatment information.
HIPAA and FERPA allow a number of disclosures without consent that SAMHSA prohibits without
consent.
First we will explain how HIPAA relates to information management and release and explain the
processes required for various releases of information under the HIPAA and FERPA rules,
including release according to individual access requests, and under consents and HIPAA
authorizations.
While FERPA overrides HIPAA, both HIPAA and FERPA take a back seat to the rules under 42 CFR
Part 2. When substance abuse treatment information is involved, first you need to understand
how to identify it. We will discuss how to make it distinguishable from "regular"health
information, so that the appropriate extra protections can be provided. You may be able to use
functions in your EHR to flag the information, or you may create a manual process for tracking
the information, if it is rarely handled in your organization.
And the substance abuse treatment information you collect may or may not be under SAMHSA
depending on whether or not you have a department or even a response team that specializes in
SAMHSA-related situations. You need to understand your status under the rules before you
release information inappropriately. We will discuss what qualifies treatment that falls under
SAMHSA.
If your organization provides services that create information that is under the SAMHSA
regulations, you will need to establish the consent and release of information processes that
are required to be followed for information releases under 42 CFR Part 2. This involves getting
the proper consents upon establishment of the relationship, as well as managing consents for
releases that may be necessary after the initial establishment of the relationship. The session
will include an explanation of the consent and release requirements that must be followed.
When you release information under HIPAA, there are no special notices required to be placed on
the records. But when you release information under SAMHSA, each document must have a notice
that explains that re-disclosure is not permitted without a new consent.
Complicating matters are updated rules going into effect that will allow a consent that permits
a re-release to a defined team of providers caring for the individual, but then require
meticulous documentation of to whom the information has been released under such a consent. The
session will go over the rules on consents and re-release of information.
This session will explore the complications and requirements of each of the rules controlling
student health information, HIPAA, FERPA, and 42 CFR Part 2, and provide insights into how to
apply the rules in an education setting.
Why should you Attend: For much of healthcare, HIPAA sets the standards for how to manage uses
and disclosures of patient information, known as Protected Health Information (PHI). But when
it comes to information about students, even health information is controlled under the FERPA
rules.
For information related to the treatment of substance use disorders, regulations of the
Substance Abuse and Mental Health Services Administration (SAMHSA) under 42 CFR Part 2 prevail.
These rules apply to information collected under SAMHSA, which may be difficult to separate
from "regular" PHI in your records, and there are special rules for disclosure and re-
disclosure of substance abuse treatment information.
Student health information may be subject to some or all of these rules, so it is essential to
know where each rule applies and which rules supersede each other.
A number of factors must be considered when managing the privacy and security of student
information. School records are rather decisively controlled by the FERPA regulations, but
those regulations don't always apply, and when they don't, HIPAA steps in with the necessary
privacy and security controls. While many of the concepts in the rules are similar, there are
extensive detail differences
Today we are in the midst of an epidemic of substance abuse, and particularly opioid abuse, and
more and more providers are involved in providing treatment to students with substance abuse
issues. When substance abuse is involved, the rules of SAMHSA under 42 CFR Part 2 come into
play and override both HIPAA and 42 CFR Part 2.
But who is covered under the rules, what's involved in meeting them, and how do they interact
with HIPAA? HIPAA allows a number of disclosures, for treatment, payment, and healthcare
operations purposes, without consent from the individual being treated.
SAMHSA rules, on the other hand, require consent for every disclosure or re-disclosure, and if
the proper consents aren't obtained, the provider can be in violation of the rules and subject
to penalties.
Areas Covered in the Session:
What FERPA controls and how to Determine where it AppliesHow FERPA and HIPAA InteractWhat HIPAA allows, what SAMHSA requires, and the Differences will be ExplainedWe will Examine how to Deternmine if the Services you Provide Place you under FERPA or 42 CFR
Part 2We will Explore the means for Making sure Substance Abuse Treatment Information Receives the
Appropriate ProtectionsThe consent and release Requirements under HIPAA, FERPA, and 42 CFR Part 2 will be ExplainedRe-release of Information Released under 42 CFR Part 2 will be DiscussedSharing of information with Family and Friends in an overdose Incident will be ExploredThe latest Guidance from the US Department of Health and Human Services on HIPAA and FERPA, as
well as Harmonization of SAMHSA and HIPAA will be Explained
Who Will Benefit:Compliance DirectorCEOCFOPrivacy OfficerSecurity OfficerInformation Systems ManagerHIPAA OfficerChief Information OfficerHealth Information ManagerHealthcare Counsel/LawyerOffice Manager
Speaker Profile Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems,
LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and
security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the
Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of
the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy
and security compliance issues at seminars and conferences, including speaking engagements at
numerous regional and national healthcare association conferences and conventions and the
annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Price - $139Contact Info:Netzealous LLC - MentorHealthPhone No: 1-800-385-1607Fax: 302-288-6884 Email: mentorhealth84@gmail.comWebsite: http://www.mentorhealth.com/
https://www.mentorhealth.com/webinar/hipaa-42-cfr-part-2-and-ferpa---rules-for-managing-student-health-information-801500LIVE?emagister_jan_2019_seo
Webinar Sponsorship: https://www.mentorhealth.com/control/webinar-sponsorship/Follow us on : https://www.facebook.com/MentorHealth1Follow us on : https://www.linkedin.com/company/mentorhealth/Follow us on : https://twitter.com/MentorHealth1