1 / 46

Child Welfare: Information Sharing Among Agencies

4 Key Policy Goals in Child Welfare Privacy and Information Sharing. . Protect the privacy and dignity of the individual.-- Protect child and family from needless embarrassment and invasion of privacy.Get information to protect the child. -- Get information to evaluate what danger, if any, a par

tamika
Download Presentation

Child Welfare: Information Sharing Among Agencies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Child Welfare: Information Sharing Among Agencies Howard Davidson Director, ABA Center on Children and the Law davidsonha@staff.abanet.org

    5. Conflicting Agency Agendas Regarding Privacy Other agencies feel that giving information to child protection agencies makes it harder for them to achieve their goals. Substance abuse providers’ concerns: Possibility of disclosure to agency limits clients’ willingness to share information necessary to their treatment Risk of disclosure to agency may take away a parent’s motivation to stay in treatment An important example involves substance abuse treatment records. The goal of substance abuse treatment programs is to help clients, including parents, to overcome their addiction. Success to the substance abuse treatment counselor is to get clients to stay in treatment and off drugs or alcohol. Disclosure also takes away a key motivation for parents with children in foster care to stay in substance abuse treatment -- to get their children back. Termination of the parent’s rights can remove that motivation. So the treatment program may want to deny or fudge information that might support the termination of parental rights. Add to that the fact that the counselor has a relationship with the parent and may never have even met the children.  It is often most comfortable to side with one’s clients and focus only one’s own institutional goal. It is also easy right now in the U.S. to demonize child protection agencies. This attitude can be a problem with all types of treatment agencies. It can be a problem with mental health providers, parent educators, and persons dealing with developmentally disabled parents. All may resist sharing information or present information about parents in an overly positive light – in order, to reinforce their own work with the parent. An important example involves substance abuse treatment records. The goal of substance abuse treatment programs is to help clients, including parents, to overcome their addiction. Success to the substance abuse treatment counselor is to get clients to stay in treatment and off drugs or alcohol. Disclosure also takes away a key motivation for parents with children in foster care to stay in substance abuse treatment -- to get their children back. Termination of the parent’s rights can remove that motivation. So the treatment program may want to deny or fudge information that might support the termination of parental rights. Add to that the fact that the counselor has a relationship with the parent and may never have even met the children.  It is often most comfortable to side with one’s clients and focus only one’s own institutional goal. It is also easy right now in the U.S. to demonize child protection agencies. This attitude can be a problem with all types of treatment agencies. It can be a problem with mental health providers, parent educators, and persons dealing with developmentally disabled parents. All may resist sharing information or present information about parents in an overly positive light – in order, to reinforce their own work with the parent.

    6. Domestic violence providers’ concerns: Disclosure to child welfare agency will disempower the protective parent victim by transferring control of their household to a child protection agency Disclosure to child protection/child welfare agency compounds victimization from domestic violence – with the loss of a child

    7. When Medical and Mental Health Privileges Apply Communications to medical professional: Generally applies only to communications for purposes of diagnosis or treatment. May not apply to physical observations or tests.

    8. Exceptions to Privileges Key exceptions relevant to child welfare:  Some states have categorical exceptions for child welfare cases (or cases where child custody at issue).  Other states have exceptions for referral to legal proceedings resulting from report of child abuse/neglect Some other exceptions – if privileges do otherwise apply to child welfare cases: Disclosures made in the presence of third parties. Waiver of the privilege, including but not limited to signed consent.

    9. Some Confidentiality Laws Important to Child Welfare Cases CAPTA Titles IV-B & IV-E of the Social Security Act Substance Abuse Treatment Information Criminal Records Educational Records – FERPA & IDEA Medical Records -- HIPAA

    10. CAPTA Child Abuse Prevention and Treatment Act 42 U.S.C. §5106a(b) Requires many types of employees and professionals to share information with agencies -- by reporting child abuse and neglect. More specifically, CAPTA requires states to pass laws that impose such requirements, 42 U.S.C. §5106a(b)(2)

    11. CAPTA restricts access to “records” related to child abuse and neglect, but allows disclosure of information to: Persons reported for abuse or neglect (but not the identities of confidential informants) Child abuse citizen review and child fatality review panels A grand jury or court that finds they need the information

    12. Allows expansion of the list – but only through state legislation 42 U.S.C. §5106a(b)(2)(viii)(VI) Allows courts to be open to the public, but only if that doesn’t harm the “safety and well being of children, families,and parents.” 42 U.S.C. §5106a(b)(2)(D) (paragraph following (D)

    13. CAPTA Requires: Disclosure of CPS/child welfare agency records to government agencies (and their agents) that need the information to protect children from abuse or neglect; 42 USC §5106a(b)(2)(ix) Public disclosures concerning fatalities and near fatalities (an act, that, as certified by a physician, places the child in serious or critical condition). 42 USC §§5106a(b)(2)(x); 5106a(b)(4)

    14. AACWA (1980) and ASFA (1997) Additional rules governing child welfare agency records: While information generally is confidential, disclosure is permitted, e.g., for: Purposes related to the administration of Titles IV-B and IV-E “Any investigation, prosecution, or criminal or civil proceeding” related to the administration of Titles IV-B and IV-E or [certain other federal programs].

    15. CAPTA, AACWA and ASFA (Titles IV-B and IV-E) Children’s Bureau Policy: The same confidentiality rules – both CAPTA and IV-E – may apply to the same cases. Confidentiality restrictions apply to all forms of information, written or verbal, 42 USC §671(a)(8).

    21. FERPA Requirements Parent’s have right to: Inspect and review child’s records A hearing to challenge content record Keep records confidential unless consent to release Special requirements concerning consent forms -- records requested, reasons for release, and to whom released. 20 U.S.C. §1232g(b)(2) FERPA Requirements Parent’s have right to: Inspect and review child’s records A hearing to challenge content record Keep records confidential unless consent to release Special requirements concerning consent forms -- records requested, reasons for release, and to whom released. 20 U.S.C. §1232g(b)(2)

    22. These are most relevant for child welfare -- Health and Safety – used for emergencies where immediate release of the info is necessary to control a serious situation – investigation stage, perhaps? Day to day enrollment, probably not. JJ exception – if state statute permits disclosure – IL and FL only at this point Court order exception and all other FERPA exceptions…no redisclosure unless there is another FERPA exception. For example, court order could contain language about release to child welfare, but child welfare could not release to mental health or other provider unless the court order also contained language about releasing to them. In contrast, if child welfare accesses the records as the parent under FERPA, they are free to redisclose to whomever they choose. (In accordance with CW policies and procedures). These are most relevant for child welfare -- Health and Safety – used for emergencies where immediate release of the info is necessary to control a serious situation – investigation stage, perhaps? Day to day enrollment, probably not. JJ exception – if state statute permits disclosure – IL and FL only at this point Court order exception and all other FERPA exceptions…no redisclosure unless there is another FERPA exception. For example, court order could contain language about release to child welfare, but child welfare could not release to mental health or other provider unless the court order also contained language about releasing to them. In contrast, if child welfare accesses the records as the parent under FERPA, they are free to redisclose to whomever they choose. (In accordance with CW policies and procedures).

    23. Law: 42 U.S.C. §290dd-2; 42 C.F.R. Part 2 Regulations are complex and strict Must have either consent or court order to have access to information

    24. Special consent requirements in 42 C.F.R. §2.31: Detailed written consent – content of information, form of information, specific sources of records, time period of consent Therefore, use of unique forms required Retroactive revocation of consent is permitted The consent form should specify the form of information being released, such as records, confidential communications, or charts are sought. The consent form should indicate the substance of the information to be released, such as information about program attendance and test results.   The consent form should specify the period of time covered by the release, such as that records are being released specifically for the last year of treatment. The consent should specify how long the consent will remain valid, such as the consent will remain valid for 18 months. Why is this a problem? It defeats omnibus consent forms.The consent form should specify the form of information being released, such as records, confidential communications, or charts are sought. The consent form should indicate the substance of the information to be released, such as information about program attendance and test results.   The consent form should specify the period of time covered by the release, such as that records are being released specifically for the last year of treatment. The consent should specify how long the consent will remain valid, such as the consent will remain valid for 18 months. Why is this a problem? It defeats omnibus consent forms.

    25. Strict grounds for court orders under 42 U.S.C. §290dd-2(b)(2)(C) Good cause is required – a balancing test Plus there are no other effective means to get the information Plus, to obtain records of communications, there must be an existing threat to life or bodily injury (including child abuse or neglect) or the records are needed for prosecution -- 42 C.F.R. §2.63 Consent is not required if there is a court order. 42 U.S.C. §§290dd-2(b)(2); 290dd-2(c). A court order must based on good cause -- that the public interest and need for disclosure outweighs any damage to the physician patient relationship and the treatment services. 42 U.S.C. §290dd-2(b)(2)(C). A statutory example of good cause is the need to avert a substantial risk of death or serious bodily harm. Plus must be a showing that there is no other effective means available to get the information. If you want confidential communications to a service program, the regulations require still another showing, that disclosure is necessary to protect against an existing threat to life or of serious bodily injury, including circumstances which constitute suspected child abuse and neglect....@ OR the disclosure is necessary in connection with investigation or prosecution of a serious crime, such as . . . child abuse and neglect[.] 42 CFR §§ 2.61, 2.63, 2.64.   A special and unique court process is required to get a court order. Advance notice to service providers and parents. Opportunity to contest disclosure before subpoena and court order. Unique format of court orders.Consent is not required if there is a court order. 42 U.S.C. §§290dd-2(b)(2); 290dd-2(c). A court order must based on good cause -- that the public interest and need for disclosure outweighs any damage to the physician patient relationship and the treatment services. 42 U.S.C. §290dd-2(b)(2)(C). A statutory example of good cause is the need to avert a substantial risk of death or serious bodily harm. Plus must be a showing that there is no other effective means available to get the information. If you want confidential communications to a service program, the regulations require still another showing, that disclosure is necessary to protect against an existing threat to life or of serious bodily injury, including circumstances which constitute suspected child abuse and neglect....@ OR the disclosure is necessary in connection with investigation or prosecution of a serious crime, such as . . . child abuse and neglect[.] 42 CFR §§ 2.61, 2.63, 2.64.   A special and unique court process is required to get a court order. Advance notice to service providers and parents. Opportunity to contest disclosure before subpoena and court order. Unique format of court orders.

    26. Child Welfare Agency’s Need for Criminal Records To assure safe caretakers for children, such as foster and adoptive parents, natural parents, and others’ living in the household Learn important information about parents that will affect the case plan Past criminal court ordered services and how a parent did Current involvement with criminal justice system including court ordered services Past severe maltreatment of child or children (in some cases)

    27. Mandatory Criminal Records Checks Mandatory criminal records checks, 42 U.S.C. §§ 671(a)(20), 5106a(b)(2)(A)(xxii). For potential foster and adoptive parents—and now for other adult members of their households But records checks not required for biological parents or people in their households Must do FBI criminal records checks (should also do state checks) Federal foster care law requires criminal record checks for prospective foster and adoptive parents. 42 U.S.C. '§ 671(a)(20)(A)). Federal law bars agencies from approving a foster or adoptive parent if they have been convicted of certain crimes. 42 U.S.C. §'§ 671(a)(20)(A)(i) and (ii). This requirement can be waived by an act of a state’s governor or legislature. 42 U.S.C. §671(a)(20)(B).  Federal foster care law requires criminal record checks for prospective foster and adoptive parents. 42 U.S.C. '§ 671(a)(20)(A)). Federal law bars agencies from approving a foster or adoptive parent if they have been convicted of certain crimes. 42 U.S.C. §'§ 671(a)(20)(A)(i) and (ii). This requirement can be waived by an act of a state’s governor or legislature. 42 U.S.C. §671(a)(20)(B).  

    28. Access to Criminal Records Databases Additional permissive access to criminal record databases: Federal FBI database of “child abuse crimes” available to check persons and entities working with or caring for children 20 U.S.C. §§5119c(3), (8), (9), (10) And full access to state criminal records databases is legal if permitted by state law. 38 CFR §§20.21(b)(2); 20.21(c)(3) Another federal law also authorizes using the FBI database for record checks concerning a wide range of service providers for children. 42 U.S.C. §5119(a). Background checks from the FBI database are authorized for child abuse related crimes. 20 U.S.C. §§5119c(3), (8), (9), (10). Unfortunately, however, these FBI records checks are not available to the child welfare agency to check records of parents and others living in the home with the child.Another federal law also authorizes using the FBI database for record checks concerning a wide range of service providers for children. 42 U.S.C. §5119(a). Background checks from the FBI database are authorized for child abuse related crimes. 20 U.S.C. §§5119c(3), (8), (9), (10). Unfortunately, however, these FBI records checks are not available to the child welfare agency to check records of parents and others living in the home with the child.

    29. Federal database also available to child protection agency to get information on parents – if: Consent State statutory authorization Request made through National Crime Prevention and Privacy Compact 42 U.S.C. §14616

    30. Access to Substance Abuse Treatment Records 45 CFR Part 2 permits programs to comply with State laws that require the reporting of child abuse and neglect [42 CFR §2.12(c)(6)]. Privacy Rule also permits reporting [45 CFR §164.512(b)(1)(ii)] Part 2 limits programs to only an initial report; it does not allow programs to respond to follow-up requests for information or to subpoenas, unless patient has signed a consent form or court has issued an order that complies with the Part 2 rule

    34. Access to “Protected Health Information” Generally (HIPAA) Protected health information: all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. PHI is what the privacy rule is all about – attempting to protect your PHI from being used or disclosed without certain protections.PHI is what the privacy rule is all about – attempting to protect your PHI from being used or disclosed without certain protections.

    35. Individually Identifiable Health Information “Individually identifiable health information includes: The individual’s past, present or future physical or mental health or condition The provision of health care to the individual OR The past, present, or future payment for the provision of health care to the individual AND that identifies the individual or for which there is a reasonable basis to believe the information can be used to identify the individual. This includes names, addresses, telephone numbers, email, pictures, etc. Anything that identifies or could reasonably be said to identify someone. Pictures on TV advertising a child for adoption. Information that an agency might give to a preadoptive home about their child’s genetic history. This includes names, addresses, telephone numbers, email, pictures, etc. Anything that identifies or could reasonably be said to identify someone. Pictures on TV advertising a child for adoption. Information that an agency might give to a preadoptive home about their child’s genetic history.

    36. If a Child Welfare Agency is a “Covered Entity”, Then What? Covered entities must comply with the “privacy rule”: Governs “protected health information” Permits certain “uses and disclosures” Requires “authorization” for certain “uses and disclosures” Specifies that covered entities may use or disclose only “minimum necessary” health information Allows certain exceptions to “minimum necessary” rule Provides administrative requirements for covered entities Again, each entity will have to make their own determination of whether they are a covered entity. Feds may be making some type of broad statement. Let’s assume that child welfare agencies are covered entities. There are some uses and disclosures that the privacy rule allows. We’ll go into the relevant ones. For those not specified, Child Welfare agencies must obtain authorization to use or disclose the PHI. For either of these cases, the child welfare agency must only disclose what is minimally necessary to achieve the intended purpose. There are exceptions to this requirement. Generally speaking, covered entities must follow administrative remedies related to PHI. Again, each entity will have to make their own determination of whether they are a covered entity. Feds may be making some type of broad statement. Let’s assume that child welfare agencies are covered entities. There are some uses and disclosures that the privacy rule allows. We’ll go into the relevant ones. For those not specified, Child Welfare agencies must obtain authorization to use or disclose the PHI. For either of these cases, the child welfare agency must only disclose what is minimally necessary to achieve the intended purpose. There are exceptions to this requirement. Generally speaking, covered entities must follow administrative remedies related to PHI.

    37. Permitted Uses And Disclosures of Protected Health Information To the Individual Treatment, Payment, and Health Care Operations “Public Interest and Benefit” Activities To the individual who is the subject of the PHI. For Child welfare agencies, it would be the child or the parent. A covered entity may use/disclose PHI for its own treatment, payment, and health care operations activities. When a covered entity provides, coordinates, or manages health care and related services to an individual, including consultation between providers regarding a patient, they can use and disclose PHI. When a covered entity is trying to get paid for it’s health care services through insurance, they can use/disclose PHI. A covered entity can get consent from the individual to do this, but it’s not required. There is an argument that CW agencies can use this permitted use/disclosure for treatment purposes to use/disclose PHI. CW agencies provides health care services through counseling, therapy, and other forms of health care. Even stronger, though, is the argument that CW agencies coordinate health care services by referring kids and parents to health care providers – case planning and management. In order for a S/W to refer a child to a doctor or therapist, they must share a certain amount of PHI. When discussing therapy with a health care provider (covered entity), PHI can be exchanged. DOCUMENT all disclosures and reasons for disclosing. Get authorizations when you can. To the individual who is the subject of the PHI. For Child welfare agencies, it would be the child or the parent. A covered entity may use/disclose PHI for its own treatment, payment, and health care operations activities. When a covered entity provides, coordinates, or manages health care and related services to an individual, including consultation between providers regarding a patient, they can use and disclose PHI. When a covered entity is trying to get paid for it’s health care services through insurance, they can use/disclose PHI. A covered entity can get consent from the individual to do this, but it’s not required. There is an argument that CW agencies can use this permitted use/disclosure for treatment purposes to use/disclose PHI. CW agencies provides health care services through counseling, therapy, and other forms of health care. Even stronger, though, is the argument that CW agencies coordinate health care services by referring kids and parents to health care providers – case planning and management. In order for a S/W to refer a child to a doctor or therapist, they must share a certain amount of PHI. When discussing therapy with a health care provider (covered entity), PHI can be exchanged. DOCUMENT all disclosures and reasons for disclosing. Get authorizations when you can.

    38. Public Interest and Benefit Activities Required by Law Public Health Activities Aiding Victims of Abuse, Neglect, or Domestic Violence Judicial and Administrative Proceedings Serious Threats to Health or Safety Required by law means a mandate contained in law that compels an entity to make a use or disclosure of PHI and that is enforceable in a court of law (court orders, subpoenas, statutes that require the production of information in exchange for public benefits). In other words, there is a legal basis for the use/disclosure. So, if a court orders PHI disclosed then the covered entity is permitted to disclose that PHI – the court order must be specific. My opinion is that this is one of the best ways to be safe with PHI (rec’g and disclosing). Get a court order from your judge. The court order must be specific and your court will require that it be in the best interests of the child. Public health activities – public health authorities authorized by law to collect or receive information for preventing or controlling disease, injury, or disability and to a public health or other government authorities authorized to received reports of child abuse and neglect. Public health authorities opearte under broad mandates to protect the health of their constituent population. Victims of abuse, neglect or DV – In certain circumstances, covered entities may disclose protected health information to appropriate gov’t authorities regarding victims of abuse, neglect, or DV. Judicial and administrative proceedings – Covered entities may disclose PHI in a judicial or administrative proceeding If the request for the information is through an order from a court or administrative tribunal. Covered entities may disclose protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen threat. Required by law means a mandate contained in law that compels an entity to make a use or disclosure of PHI and that is enforceable in a court of law (court orders, subpoenas, statutes that require the production of information in exchange for public benefits). In other words, there is a legal basis for the use/disclosure. So, if a court orders PHI disclosed then the covered entity is permitted to disclose that PHI – the court order must be specific. My opinion is that this is one of the best ways to be safe with PHI (rec’g and disclosing). Get a court order from your judge. The court order must be specific and your court will require that it be in the best interests of the child. Public health activities – public health authorities authorized by law to collect or receive information for preventing or controlling disease, injury, or disability and to a public health or other government authorities authorized to received reports of child abuse and neglect. Public health authorities opearte under broad mandates to protect the health of their constituent population. Victims of abuse, neglect or DV – In certain circumstances, covered entities may disclose protected health information to appropriate gov’t authorities regarding victims of abuse, neglect, or DV. Judicial and administrative proceedings – Covered entities may disclose PHI in a judicial or administrative proceeding If the request for the information is through an order from a court or administrative tribunal. Covered entities may disclose protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen threat.

    39. Authorization A covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information that is not for treatment, payment or health care operations An authorization must be written in plain language and contain specific information For those uses and disclosures that are not permitted under the Privacy Rule, a covered entity must obtain authorization from the individual to use/disclose PHI. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization.For those uses and disclosures that are not permitted under the Privacy Rule, a covered entity must obtain authorization from the individual to use/disclose PHI. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization.

    40. Minimum Necessary A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request A central aspect of the privacy rule is the principle of “minimum necessary” use and disclosure. A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of PHI needed to accomplish the intended purpose of the use, disclosure or request. If a use or disclosure is made based on permitted uses/disclosures or pursuant to an authorization, a covered entity must use the minimum necessary standard when releasing the information. Whatever the purpose of the need for PHI, the covered entity can only disclose what is minimally necessary to achieve that purpose. When minimum necessary standard applies to a use or disclosure a covered entity may not use, disclose, or request the entire medical record for a particular purpose unless it can specifically justify the whole record as the amount reasonably needed for the purpose. A central aspect of the privacy rule is the principle of “minimum necessary” use and disclosure. A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of PHI needed to accomplish the intended purpose of the use, disclosure or request. If a use or disclosure is made based on permitted uses/disclosures or pursuant to an authorization, a covered entity must use the minimum necessary standard when releasing the information. Whatever the purpose of the need for PHI, the covered entity can only disclose what is minimally necessary to achieve that purpose. When minimum necessary standard applies to a use or disclosure a covered entity may not use, disclose, or request the entire medical record for a particular purpose unless it can specifically justify the whole record as the amount reasonably needed for the purpose.

    41. The “Minimum Necessary” Rule Is Not Required If: Disclosure is to a health care provider for treatment Disclosure is to an individual or the individual’s personal representative Disclosure is to HHS to investigate a complaint or to review compliance, or is for enforcement Use or disclosure is “otherwise required by law”

    42. Special Administrative Burdens for Covered Entities Covered entities must, e.g.: Create a handout (“notice”) that provides a detailed explanation of privacy policies and procedures Train their workforce on their privacy policies and procedures Ensure security of its protected health information Meet certain data requirements in the preservation of protected health information Have procedures to take & resolve complaints Adopt special safeguards for their data

    43. The “Business Associate” Applicability A person or organization, other than a member of a covered entity’s workforce (i.e., an employee), that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involves the use or disclosure of individually identifiable health information 164.502.164.502.

    44. Is a Child Welfare Agency a “Business Associate”? Arguably yes, if they are disclosing or receiving protected health information to or from a “covered entity.”

    45. If a Child Welfare Agency is a Business Associate, Then What? The child welfare agency must enter into a contract with every “covered entity” that provides it protected health information The contract must ensure that the child welfare agency will itself apply the privacy rule regarding information exchanged with the covered entity This includes the administrative requirements that apply to covered entities 164.504(e) A covered entity may disclose protected health information to a business associate and may allow a business associate to create or receive PHI on its behalf, if the covered entity obtains satisfactory assurance that the business associate will appropriately safeguard the information. This assurance must be documented through a written contract or other written agreement or arrangement with the business associate. Public health authorities receiving information from covered entities as required or authorized by law are not business associates of the covered entities and therefore not required to enter into business associate agreements. 164.504(e) A covered entity may disclose protected health information to a business associate and may allow a business associate to create or receive PHI on its behalf, if the covered entity obtains satisfactory assurance that the business associate will appropriately safeguard the information. This assurance must be documented through a written contract or other written agreement or arrangement with the business associate. Public health authorities receiving information from covered entities as required or authorized by law are not business associates of the covered entities and therefore not required to enter into business associate agreements.

    46. What We Do Know HIPAA does not inhibit reporting of child abuse and neglect HIPAA supports disclosures of health information for public health prevention, surveillance, investigation, and intervention activities HIPAA provides protections for child victim health information, but disclosures can still be made with victim consent or where necessary to prevent serious harm to them or other potential child victims HIPAA gives courts, law enforcement agencies, and those determining the cause of child deaths the ability to access relevant health information

More Related