1 / 0

HIPAA Privacy Rule

HIPAA Privacy Rule . Compliance Training for YSU April 9, 2014. What is HIPAA?. Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996

baruch
Download Presentation

HIPAA Privacy Rule

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HIPAA Privacy Rule

    Compliance Training for YSU April 9, 2014
  2. What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996 Federal law designed to give patients control over all Protected Health Information (PHI) that might be shared between health care providers and other covered entities Ensure confidentiality of PHI
  3. What is PHI?(Protected Health Information) “Individually identifiable health information” in any form - paper, electronic, or oral Relates to the physical or mental health condition of an individual Identifies or can be used to identify an individual (e.g., name, address, birth date, Social Security number, account number) Is in the possession of or has been created by covered entities
  4. Examples of PHI Health care claims Health care payment and remittance advice Coordination of benefits Health care claim status Enrollment or disenrollment in a health plan Eligibility for a health plan Health plan premium payments Referral certification and authorization
  5. What is the HIPAA Privacy Rule? Provides federal protection for PHI held by covered entities and Business Associates Gives patients rights over determining who can look at and receive their health information Applies to all forms of protected health information – electronic, written, or oral
  6. Who Must Comply? Health Plans Health insurance companies - HMOs, Medicaid, Medicare, and employer-sponsored health plans Health Care Providers Doctors, clinics, hospitals, pharmacies, dentists Electronic billing to insurance Health Care Clearinghouses Process nonstandard health information (e.g., billing services)
  7. What is the HIPAA Security Rule? Specifies a series of administrative, physical and technical safeguards to use to assure confidentiality, integrity, and availability of electronic PHI
  8. Employer has 2 Roles If the Employer is the Plan Sponsor of a self-insured plan it has two different roles: Employer Plan Sponsor
  9. Employer Role HIPAA Privacy Rule does not apply when: Doctor’s information is needed for determining FMLA or an ADA Accommodation Doctor’s release to return to work Workers Compensation injury OHSA logs Wellness programs Health insurance
  10. Plan Sponsor Role HIPAA Privacy Rules does apply when: Employer participates in the administration of a group health plan Is involved in the decision-making process
  11. Plan Sponsor Responsibilities Designate a privacy officer Provide written PHI procedures Limit use and disclosures of PHI to the “minimum necessary” to accomplish the intended purpose Require business associates to ensure confidentiality with written contracts/agreements
  12. Employees’ Rights Employers acting in a plan sponsor role may not share employee PHI without written authorization unless it is shared: With the employee For treatment/care coordination To pay for employee health care services.
  13. Employees’ Rights (cont.) Employees have a right to: A copy of their medical records Restrict who can obtain their PHI Change incorrect information in their medical records A report of when and why PHI was used File complaints
  14. HIPAA Privacy Violations Civil penalties - $100 per violation Maximum civil penalties of $25,000 per year, per person, per standard Criminal penalties - $50,000 to $250,000 and imprisonment Additional penalties under state law Lawsuits
  15. Summary Medical information maintained by employers is not always considered PHI Employer must determine where the information was obtained and whether the information is maintained under the role of employer or plan sponsor of a group health plan Regardless of the role, employers should carefully handle all employee medical information
More Related