BIOMEDICAL ETHICS R.B. FRIEDLANDER Deputy General Counsel What is Biomedical Ethics? Philosophical study of ethical controversies brought about by advances in biology and medicine Relationship among ◦ ◦ ◦ ◦ ◦ ◦ life sciences biotechnology medicine politics law – discussion today philosophy Biomedical Ethics – A Few Legal Areas Today’s topics ◦ ◦ ◦ ◦ ◦ Confidentiality HIPAA Compliance Informed Consent Whistleblowers Takeaway Points Use common sense Go with your gut — do the right thing Ask the experts If you proceed, how would it appear on the front page of the newspaper? Could you defend the benefits vs. the risks in a way a non-clinician / non-researcher could understand? Biomedical Ethical Issues – Numerous and Complex Don’t try to know all the applicable rules/regulations/laws on the topics of confidentiality, compliance, HIPAA, informed consents, etc. – leave it to the lawyers. USF also relies on expert outside counsel With bioethical issues, not always a matter of what one can or cannot do — it’s often a matter of weighing the risks vs. benefits Confidentiality in the University World HIPAA applies to covered entities (more later) Florida state law on medical privacy is more restrictive than HIPAA ◦ Which is allowable Student records protected from disclosure under FERPA — also applies to Residents Generally, all written records of faculty or staff of this University can be released to the public ◦ Exemption from disclosure examples: Social Security Numbers Medical information Research protocols Impaired practitioner information Florida Laws on Medical Records Medical records are confidential Some records are “Super” confidential ◦ ◦ ◦ ◦ ◦ Mental health Substance abuse STDs Genetic testing HIV Health Insurance Portability and Accountability Act of 1996 - HIPAA Goal ◦ To protect patient privacy, Protected Health Information (PHI) and allow portability of health insurance. ◦ Covers privacy, security (use of technology) ◦ Broad congressional attempt at healthcare reform HIPAA Purpose is to increase efficiency and effectiveness of health care system through ◦ Electronic exchange of information ◦ Standardization of that information ◦ Enhanced security and privacy of Protected Health Information (PHI) HIPAA Perceived need – 1 in 6 patients omit medical history information from physician out of fear of misuse or mishandling Applies to covered entities, health plans, HMOs, Medicare, providers, health clearinghouses. USF is a “hybrid” covered entity. USF College of Medicine, College of Nursing, Student Health Services, Byrd Institute are covered because they are entities providing medical treatment for which they electronically bill. Covered entities must: ◦ Maintain reasonable & appropriate safeguards ◦ Maintain physical safeguards HIPAA Privacy Rule Key Features PHI Uses and disclosures Consents Authorization Notice of privacy practices Minimum necessary information given Patient rights Business associates Marketing, fundraising and research Interaction with state privacy and confidentiality laws Penalties HIPAA Acronyms PHI Protected Health Information - Health and demographic information about an individual IIHI Individually Identifiable Health Information, e.g., name, address, dates, telephone number, SSN, medical record #, fingerprints, photographic images, etc. Permitted Use of PHI / IIHI –“TPO” Subject to a general consent from the patient, HIPAA permits use or disclosure within the covered entity or to a business associate for ◦ Treatment ◦ Payment ◦ Health Care Operations, which can include Qualify assessment and improvement Peer review/credentialing Medical review, legal services, auditing Business planning and development Administrative activities HIPAA Requirements Providers must obtain prior consent to treatment, except ◦ In emergencies, or ◦ Where provider is obligated by law to provide care ◦ Providers can condition treatment on granting of consent to treatment Authorization must be obtained for all uses and disclosures other than TPO or those mandated by law Provider must give privacy notice to patients HIPAA - Other Applicability Business Associate Person or entity who provides services on behalf of covered entity or to a covered entity and is not a member of your workforce Research If it involves health information about living participants, deceased persons, is related to human tissue samples, chart review and or stored in databases or repositories Individual Rights Under HIPAA Receive written notice of privacy practices Request restrictions on uses and disclosures Access, inspect and copy their PHI Request amendment or correction of the PHI Receive an accounting of disclosures of their PHI (except those related to treatment, payment and operations) Enforcement of HIPAA — as to state agencies Enforcement ◦ ◦ ◦ ◦ DHHS/OIG CMS DOJ State Attorneys General Penalties for the intent to sell or use PHI ◦ Civil and criminal penalties with fines up to $250,000, and/or ◦ 10 years in prison Amendments to HIPAA – HITECH HITECH – Health Information Technology for Economic and Clinical Health ◦ Part of the American Recovery and Reinvestment Act (ARRA) of 2009 – eff. 2/17/09 ◦ Expanded definition of privacy breaches ◦ Greater reporting/notification of suspected breaches ◦ Responsibility to investigate breaches and mitigate losses enhanced ◦ Improved enforcement Compliance Just do it Someone else’s alleged non-compliance does not grant permission to others to do the same Hundreds of laws/regulations USF employees have to comply with in medical/research areas Different types of conflict of interest considerations ◦ Sponsored research ◦ As a public officer/employee ◦ University employment/conflict of commitment, institutional COI Whistleblowers Federal and State False Claims Act (FCA) — see class handout Federal FCA ◦ ◦ ◦ ◦ ◦ Old law Very broadly defined Whistleblower protections Penalties steep – civil penalty for each claim Multi-million dollar payouts, even for public entities, e.g., UMDNJ – over $350M Other “Whistleblower” Provisions Other state laws on subject General state law on whistleblowers – not just in medical arena ◦ Usually applied in employment-related context Important principle for USF – if complaint is made, no retaliation allowed Informed Consent Consents & authorization requirements ◦ ◦ ◦ ◦ Written in plain language Inform patient of the procedure’s risks/benefits How will it be used Signed and dated Divorced parents ◦ Either parent can consent to medical or surgical treatment unless court order provides otherwise ◦ Physical custody does not determine authority to consent ◦ If divorced parents disagree, consent of either parent will suffice Non-parents can consent under certain circumstances Minor’s Rights Minors can give consent in certain situations ◦ ◦ ◦ ◦ Emancipated Married minor Pregnant minor Minor mother Minors can consent for treatment of ◦ ◦ ◦ ◦ STDs Maternal health/contraception Substance abuse Outpatient emotional crisis counseling Valid Authorizations Authorizations must be obtained for all uses other than TPO or those mandated under law and must include: ◦ Description of the information to be disclosed ◦ Name of person or entities to whom the information will be disclosed ◦ An expiration date ◦ Information regarding right to revoke ◦ Date and signature Consent Principles Remember… Have consents drafted and reviewed by counsel with input from providers Inform patient what is happening and what might happen Verify they understand scope of the consent Discuss consent in person Don’t rely exclusively on a consent to insure no legal action will be brought Conclusion Do what’s right in medical/research context ◦ What did your mother tell you? For healthcare providers, treat in emergency Providers discuss mistakes when needed to improve treatment/performance for future patients Let lawyers worry about legal consequences ◦ Do the right thing!