Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act PowerPoint PPT Presentation


  • 91 Views
  • Uploaded on
  • Presentation posted in: General

March 21, 2003. ? 2003, Mallah, Furman

Download Presentation

Health Insurance Portability and Accountability Act

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. March 21, 2003 1 Health Insurance Portability and Accountability Act Change Your Culture - Protecting Patients Privacy is a Must!

2. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 2 What is H.I.P.A.A. ? Clue! It’s not a Zoo Animal! An act of congress that sets new standards for: Electronic transmission of data Mandates uniform standards for ALL healthcare claims Safeguarding patient’s protected healthcare information (PHI) Rights of patients to control their own PHI Healthcare provider’s responsibility to maintain privacy

3. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 3 Who Must Comply With H.I.P.A.A. ? Pursuant to Sec 160.102 of Federal Register Standards, Requirements, and Implementation Specifications Apply to A Covered Entity defined as one of the Following: Health Plan Healthcare Clearinghouse Healthcare Provider who transmits any Healthcare Information in Electronic Form

4. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 4 Who Must Comply With H.I.P.A.A. ? Continued Pursuant to Sec 162.923 (c) of Federal Register Requirements for Covered Entities; Use of a Business Associate REQUIRES the Business Associate to: Meet All H.I.P.A.A. Requirements Who is a Business Associate? Software Vendors Medical Management Companies Independent Claims Auditors Accountants and Attorneys

5. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 5 When Must you Comply with H.I.P.A.A.? Timeline April 14, 2003 – Privacy – Compliance Deadline April 16, 2003 – Transactions & Code Sets– Deadline for Starting Software and Systems Testing October 16, 2003 – Transactions & Code Sets– Compliance Deadline July 30, 2004 – Employer Identifier Standard – Compliance Deadline

6. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 6 What Happens if You Don’t Comply? Pursuant to Public Law 104-191 of the 104th Congress Health Insurance Portability and Accountability Act of 1996 SEC.1176 (a) and SEC.1177 (b): STATUTORY SANCTIONS Range From: $100 per Violation to $250,000 per Violation plus 10 Years of Imprisonment

7. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 7 What Happens if You Don’t Comply? Continued Collateral Damage Negative Publicity Civil False Claims Legal Action for Tortious Disclosure of PHI Upsets Office Environment

8. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 8 STOP TAKE THIS SERIOUSLY! YOU MUST CHANGE YOUR CULTURE!!!! ALL IT TAKES IS ONE DISGRUNTLED PATIENT TO CREATE A PROBLEM!

9. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 9 STANDARD ELECTRONIC FORMATS AND CODE SETS FOR ELECTRONIC TRANSMISSION The Standardization of Electronic Formats Will Change Your Practice in the Areas of Billing and Medical Records Standardized Electronic Transaction Formats: Claim Forms (CPT;ICD-9) Enrollment Forms (Health Plans) Eligibility Forms (Health Plans) Healthcare Payment Advices Premium Payments Claims Status Referral Certification Coordination of Benefits

10. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 10 PATIENT RIGHTS H.I.P.A.A. Establishes the Right of the Patient to: Access, Inspection and Ability to Copy Own PHI Receive an Accounting of Disclosures of Own PHI Restrict the Use and Disclosure of Own PHI Establish Alternative Means of Communicating Own PHI Amend Errors or Correct Incomplete PHI File Complaints for the Misuse of Their PHI

11. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 11 What Should You Do Next? Develop H.I.P.A.A. Compliance Plan Policies Select a Privacy Officer   Train Staff to Understand and Identify PHI and Guard Against Unauthorized or Inappropriate Use Recognizing Types of PHI Authorize Different Levels of Personnel to Access to PHI Based on Job Descriptions  Establish List of Business Associates that Will Need Access to PHI  Managing and Fulfilling Requests for Routine and Non-Routine Disclosure of PHI Informing Patients about PHI  

12. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 12 Select a Privacy Officer Appoint a Medical Office Staff Member to Ensure Minimal Exposure of PHI A. Office Manager Most Commonly Selected B. Responsible for Oversight of Exposure To Ensure Minimal Exposure: 1. Assign Levels of Access to Specific Job Descriptions 2. Create and Enforce Policies & Procedures that Control Access to Outsiders 3. Review ALL Non-Routine Requests for Use & Disclosure of PHI 4. Ensure Appropriate Consent or Authorization is Obtained and Staff Discloses no more PHI than Necessary 5. Develop & Control Agreements with Business Associate Requiring Access to PHI

13. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 13 Train Staff to Understand and Identify PHI Staff to Guard Against Unauthorized or Inappropriate Use of PHI A. Staff to Read and Sign Affidavit Attesting to Their Understanding Policies and Procedures Placed in Effect to Govern Privacy B. Staff is Notified that Any and All Conversations Relative to a Patient’s PHI is to be Spoken in a Way to Ensure Patient Privacy Staff is Notified that all Communications (Written or Oral) are Limited to Those Needing Information for Treatment, Payment and Healthcare Operations Staff if Notified as to What is Appropriate: 1. PHI Disclosure Required By Federal or State Law; 2. PHI Information Disclosed to Patient at Their Request 3. PHI Disclosure Required By Health and Human Services Department

14. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 14 What is Protected Healthcare Information? Definition of PHI: PHI is ANY “Individually Identifiable Health Information” that is Transmitted or Maintained in Any Form or Medium. Individually Identifiable Health Information Includes Any Information About the Healthcare of an Individual Including Payment Information Which is Identified as Being Related to That Individual or Which Provides Enough Specific Information That Someone Reading The Information Could Identify the Individual.

15. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 15 Really, What is Protected Health Information? Information that Identifies Patient A. The medical record jacket B. Copies of insurance cards C. The patient’s registration information whether on paper or stored electronically D. All treatment and diagnosis related materials stored in the patient’s medical record which include the patient’s name or identifying number(s) E. The patient’s accounts receivable records F. The patient’s billing records G. Demographic information such as age, gender, address, zip code, or telephone number H. Patient’s family information

16. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 16 Really, What is Protected Health Information? Information Related to Patient Health Status A. Progress notes B. Reports of diagnostic tests or treatment processes C. Health care problems D. Medications E. Diagnoses F. Time of a specific patient’s presence in the medical office G. Prescriptions H. Referrals -- dates, name of referred provider, specialty of referred provider, etc. I. Frequency of patient visits to the medical office

17. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 17 Authorize Different Levels of Personnel To Access PHI Based on Job Descriptions Levels of Authorization to PHI are Assigned to Each Employee Classification: Housekeeping and Maintenance – No Access to PHI is Granted to this Classification Clerical – Level One – Access only to Healthcare Basic Information ( Lab Result Slips, X-Rays, Diagnosis and Treatment Reports). No Access to Financial Information Clerical – Level Two - Access to Pertinent Financial Information and Healthcare Information. Access to Healthcare Information is Limited to Generating Patient Records or for Billing Those Services. The Complete Medical Records are not Accessible at this Level. Administrative – Level Three - Access to Both Healthcare and Financial Information Necessary to Manage the Accounts receivable or Medical Record Storage Systems. Ancillary – Level Four - Access to Complete Healthcare Information Only for the Diagnosis, Treatment, or Management of Patients Health Status. Peripheral Access to Financial Information May Occur, But No Further Is Allowable. Provider – Level Five - Access to All PHI with Financial Information on a Need to Know Basis.

18. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 18 Authorize Different Levels of Personnel To Access PHI Based on Job Descriptions All Personnel Should Be Cautioned: Exceeding Their Authorization By Accessing Healthcare Information Other Than That to Which They Are Granted Access By Virtue of Their Employment Classification Are Subject To: Immediate Termination

19. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 19 Technically Safeguarding Your Office What Should You Do to Safeguard PHI Accessed by Computer? 1. Position “Workstations” not to be Visible to the Public; 2. Log-off Computer When Left Unattended; Password Protected Screen Savers; Keyboard Locks Do Not Leave Computer in Medical Records Program 3. Assign Passwords or Codes Which Limit Access to Information Based Upon Employee Job Levels; 4. Firewalls.

20. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 20 Establish List of Business Associates Medical Offices With Business Associates Requiring Access to PHI Are Subject To the Following Rules: 1. Staff Member Working with “New” Business Associate Should Notify the Privacy Officer of the New Relationship; 2. Privacy Officer to Establish Level Of Necessary Access; 3. Business Associate Signs a “Protection of Privacy Agreement” Which Identifies the Level of Access Available to the Business Associate; 4. Signed Privacy Agreement is Stored in Privacy Officer’s File; 5. List of “Business Associates Approved for Routine Disclosure” is Maintained by the Privacy Officer. List Includes Level of Access for Each Business Associate Listed.

21. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 21 Managing and Fulfilling Requests for Routine and Non-Routine Disclosure of PHI To Manage and Fulfill Request For PHI, You Must Do The Following: 1. Divide Disclosures of PHI Between Routine and Non-Routine 2. Verifying Authenticity of Requestor of PHI 3. Limit the Information Provided in Response to a Request; Should Only Be Limited to Scope of the Request and Almost Will Never Be Request for Entire Medical Record (If For Entire Medical record, Refer to Privacy Officer) 4. Must Obtain Consent Prior to Treatment, Payment or Operation to Disclose PHI 5. Must Obtain Authorization for Disclosure of PHI for Any Other Purpose. It Must Be in writing, Disclose Requestor and the Requestors Use of PHI. The Practice May Consent or Refuse Disclosure Without Penalty. The Practice Must Maintain an Accounting of “Who, What, Why and When” 6. Guard Against Inadvertent and Inappropriate Sharing of PHI at the Front Desk

22. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 22 Managing and Fulfilling Requests for Routine and Non-Routine Disclosure of PHI Routine Disclosure Versus Non-Routine Disclosure Routine 1. Includes All Instances in Which PHI is Shared Between Staff 2. Includes Requests of Other Providers Assisting In Treatment 3. Includes Insurer’s Requesting Supportive Information 4. Includes Those Requests of Business Associates 5. Includes request of Patient or Patient’s Guardian, Unless Request is For Entire Medical Record 6. Is Limited To No More Than the Minimum Amount Necessary to Fulfill the Request Routine Disclosures Do Not Require Review of Privacy Officer Non-Routine 1. Requests for Entire Medical Records by Anyone 2. Requests For PHI by Law Enforcement or Officer of the Court 3. Request for PHI by Health and Human Services Department

23. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 23 Managing and Fulfilling Requests for Routine and Non-Routine Disclosure of PHI Verifying Authenticity of Requestor Patient – Patient Known to Staff, Drivers License or S.S. Card Patient’s Guardian – Person Known to Staff or Court Documents and Drivers License or SS Card Patient’s Friend or Relative - Verbal or Written Consent of Patient and Drivers License or SS Card Patient’s Employer - Verify Existence of Business(Telephone book) ; Identify Employer Representative and Consent From Patient. Law Enforcement Officer, Officer of Court or Lawyer - Must be Referred to Privacy Officer; Privacy Officer to verify With Court Or Enforcement Agency and Request Document for Patient’s Medical Records

24. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 24 Managing and Fulfilling Requests for Routine and Non-Routine Disclosure of PHI Protecting Information at the Front Desk as Follows: 1. No Patient records Left unattended and in Plain Sight 2. No Patient Record Will Be left Open and In Plain Sight 3. No Verbal Utterances Will Be Made Which Would Indicate The Reason For The Patients Visit, Treatment of or Condition of Patient. 4. Patient Should Be Summoned to Treatment Area By a Simple” Follow Me, Please” 5. When Discussing Payment for Services, There Is To Be No Other Patient Within Earshot of the Conversation 6. Staff Should Stop, If Possible, A Patient From Innocently Disclosing Their Own PHI to Unauthorized Personnel at Front Desk

25. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 25 Informing Patients About PHI All Patients Must Be Notified of How Their Healthcare Information is to Be Used and Protected: 1. Patients Will Receive a Copy of Written Material Outlining Privacy Practices (Handed Directly to Patient and Available in Waiting Room); 2. Patient Shall Sign (On Patient Intake Form) as to the Receipt and Review of This Material; 3. Each Patient Will Be Asked to Consent in Writing to Whom they Wish To Grant Access to Their PHI at Their Initial Visit; 4. Promise to Inform Patient of Any Disclosure of Their PHI except When it is Required By Law (IE: Subpoena).

26. March 21, 2003 © 2003, Mallah, Furman & Company P.A. All Rights Reserved.   The CPA licensure designation is regulated by the State of Florida. 26 Arthur S. Unger, C.P.A. Mallah Furman and Company, P.A. 1001 Brickell Bay Drive, Suite 1400 Miami, Florida 33131 (305) 371-6200 (954) 728-9844 Fax (305) 371-8726 E-mail: [email protected] Visit our website: www.mallahfurman.com Thank You !!!

  • Login