HIPAA Training and
Download
1 / 51

Health Insurance Portability and Accountability Act HIPAA Program Privacy Overview Training - PowerPoint PPT Presentation


  • 204 Views
  • Uploaded on

HIPAA Training and Education Series. Health Insurance Portability and Accountability Act ( HIPAA ) Program Privacy Overview Training . PLEASE NOTE THE FOLLOWING IMPORTANT INFORMATION:. The slides you will be viewing were developed for all DHR staff.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Health Insurance Portability and Accountability Act HIPAA Program Privacy Overview Training' - kaili


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

HIPAA Training and

Education Series

Health Insurance Portability and Accountability Act (HIPAA) Program

Privacy Overview

Training


Please note the following important information l.jpg
PLEASE NOTE THE FOLLOWING IMPORTANT INFORMATION:

  • The slides you will be viewing were developed for all DHR staff.

  • Any laws or regulations regarding DMHDDAD consumer information that are more stringent do take precedence over the HIPAA standards.

  • When in doubt, check it out!


Slide3 l.jpg

HIPAA Training and

Education Series

Table of Contents

Lesson 1: Origin of the HIPAA Privacy Rules

Lesson 2: Protected Health Information (PHI)

Lesson 3: Permitted Uses and Disclosures of PHI

Lesson 4: Minimum Necessary Disclosure Standard

Lesson 5: Administrative Requirements and Obligations

Lesson 6: Rights of Individuals

Lesson 7: Summary


Slide4 l.jpg

HIPAA Training and

Education Series

Lesson 1: Origin of the HIPAA Privacy Rules


Slide5 l.jpg

“Banker who serves on a county health board calls in all mortgages of customers with cancer”

“Congresswoman’s medical records faxed from an area hospital to the media on the eve of her election”

“Hacker downloads medical records and Social Security Numbers of over 5,000 patients at a local University Medical Center”

“Employees at a health plan improperly access private medical claims’ information of a famous athlete”

Lesson 1: Origin of the

HIPAA Privacy Rules


Slide6 l.jpg

Lesson 1: mortgages of customers with cancer”Origin of the

HIPAA Privacy Rules

What is HIPAA Privacy?

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)

  • Improvement in healthcare systems

  • Administrative Simplification Provisions

  • Increased electronic transactions & general erosion of privacy in healthcare industry

  • HIPAA Privacy Rules address how and to whom PHI may be disclosed by healthcare entities covered under the law.


Slide7 l.jpg

Lesson 1: mortgages of customers with cancer”Origin of the

HIPAA Privacy Rules

Who Must Comply?

  • Healthcare Providers (hospitals, physicians, nurses, Veterans Health Administration, etc.)

  • Health Plans (HMOs, PPOs, Medicare, Medicaid, etc.)

  • Healthcare Clearinghouses

  • DHR


Slide8 l.jpg

Lesson 1: mortgages of customers with cancer”Origin of the

HIPAA Privacy Rules

Who Must Comply?

  • Business Associates

  • Trading Partners


Slide9 l.jpg

HIPAA Training and mortgages of customers with cancer”

Education Series

Lesson 2: Protected Health Information (PHI)


Slide10 l.jpg

Lesson 2: mortgages of customers with cancer”Protected

Health Information (PHI)

What is Protected Health Information?

  • Individually identifiable health information (IIHI)

  • Transmitted or stored electronically

  • Examples of PHI include:

    • Name, age, sex and other personal demographic information

    • Health status information

    • Prescription drug information

    • Healthcare payment information

    • Prior existing conditions


Slide11 l.jpg

Lesson 2: mortgages of customers with cancer”Protected

Health Information (PHI)

What is Protected Health Information?

  • Applies to health information transactions such as:

    • Claim payments and remittance advices

    • Provider claims and attachments

    • Premium invoices and payments

    • Eligibility information

    • Authorization and referral certifications

    • First report of injury


Slide12 l.jpg

Lesson 2: mortgages of customers with cancer”Protected

Health Information (PHI)

How is PHI disclosed or transmitted?

  • Telephone

  • Fax Machine

  • Internet/Intranet, Direct Dial-up Lines, Direct Data Entry and other EDI (Electronic Data Interchange)

  • Orally

  • Letters and Other Written Material


Slide13 l.jpg

Lesson 2: mortgages of customers with cancer”Protected

Health Information (PHI)

How is PHI stored?

  • Magnetic disk (hard disk, floppy disk, etc.)

  • Tape

  • Written or “hard copies” of medical records, enrollment forms, claim forms, beneficiary inquiries etc.


Slide14 l.jpg

Lesson 2: mortgages of customers with cancer”Protected

Health Information (PHI)

What is the importance and value of protecting health information?

  • We all have the right to keep information about ourselves private and free from improper use or disclosure.

  • In the electronic age, PHI may be more susceptible to privacy violations.

  • If the healthcare industry is to progress, it is imperative that consumers feel assured that their PHI is safe and free from privacy violations.


Slide15 l.jpg

HIPAA Training and mortgages of customers with cancer”

Education Series

Lesson 3: Permitted Uses and Disclosures of PHI


Slide16 l.jpg

Lesson 3: mortgages of customers with cancer”Permitted Uses

and Disclosures

What Uses and Disclosures of PHI Require an Authorization?

  • Third party disclosures

  • Marketing and fund raising activities

  • Non-health related affiliates

  • Underwriting or risk rating activities

  • Employment determinations

  • Sale, rental or barter of PHI

  • Psychotherapy notes


Slide17 l.jpg

Lesson 3: mortgages of customers with cancer”Permitted Uses

and Disclosures

What PHI Uses and Disclosures do not Require an Authorization?

  • Treatment, payment and healthcare operations (TPO)

  • Public health agency activities

  • Health oversight and regulatory agency activities

  • Judicial proceedings and law enforcement investigations

  • Healthcare fraud investigations

  • Emergency situations

  • Research purposes

  • If information is “de-identified”


Slide18 l.jpg

Lesson 3: mortgages of customers with cancer”Permitted Uses

and Disclosures

Verification Procedures

  • DHR must verify the identity and the authority of a person requesting access to PHI.

  • DHR must secure documentation, statements or other representations, whether oral or written, from the person requesting the PHI.

  • May use professional judgment


Slide19 l.jpg

HIPAA Training and mortgages of customers with cancer”

Education Series

Lesson 4:Minimum Necessary Disclosure Standard


Slide20 l.jpg

Lesson 4: mortgages of customers with cancer”Minimum Necessary

Disclosure Standard

What does “minimum necessary” mean?

  • Making a reasonable effort not to use or disclose more than the minimum amount of information necessary to accomplish an intended task


Slide21 l.jpg

Lesson 4: mortgages of customers with cancer”Minimum Necessary

Disclosure Standard

Why is minimum necessary so important?

  • An individual has the right to expect that their PHI will remain secure and confidential.

  • The more PHI is used or disclosed, the more likely it is to be revealed to third parties.

  • Limiting the exchange of PHI to the “minimum necessary” reduces the potential of fraud and abuse.


Slide22 l.jpg

Lesson 4: mortgages of customers with cancer”Minimum Necessary

Disclosure Standard

How is minimum necessary determined?

  • DHR will determine who needs access to PHI and the amount of PHI needed per function.

  • Varies by division and function

  • DHR will evaluate each and every business activity requiring the use and/or disclosure of PHI.

  • Once the minimum necessary is determined, DHR will communicate to all affected parties (employees, business associates, trading partners, etc.).


Slide23 l.jpg

Lesson 4: mortgages of customers with cancer”Minimum Necessary

Disclosure Standard

Responding to a request for the disclosure of PHI

  • DHR will develop criteria that limit disclosures only to that necessary to comply with a specific request.

  • Disclosure requests must be individually reviewed by employees according to the developed criteria.

  • Ensure that only the minimum amount necessary is disclosed

  • Exceptions include requests from another covered entity, certain public officials or agencies, certain business associates, researchers, etc.


Slide24 l.jpg

HIPAA Training and mortgages of customers with cancer”

Education Series

Lesson 5: Administrative Requirements and Obligations


Slide25 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

What are the administrative requirements under HIPAA Privacy?

  • Privacy Official

  • Privacy Training Program

  • Safeguards

  • Complaints

  • Sanctions

  • Documented Policies and Procedures

  • Notice of Privacy Practices

  • “Business Associate” Contracts


Slide26 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Privacy Officer

  • DHR will designate a privacy official or officer

  • Responsible for the development, implementation and maintenance of the privacy policies and procedures

  • In addition, DHR will designate a contact person to receive and process privacy complaints and to provide further information about privacy practices


Slide27 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Privacy Training Program

  • DHR will train all employees about privacy policies and procedures for PHI.

  • DHR will document that training has been provided.

  • Training will be completed within specific timeframes.


Slide28 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Safeguards

  • DHR will implement and maintain appropriate administrative, technical, and physical safeguards.

  • DHR will safeguard PHI from any intentional or unintentional use or disclosure, or violation of the requirements of the regulation.

  • PHI safeguards are also a requirement of the HIPAA Security Rules.


Slide29 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Complaints

  • DHR will develop and maintain a process for individuals to make complaints concerning:

    • Privacy policies and procedures;

    • Compliance with privacy policies and procedures ; and

    • Compliance with the Privacy requirements of HIPAA.


Slide30 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Sanctions

  • DHR will implement appropriate sanctions for failure to comply with privacy policies and procedures of the HIPAA regulations.

  • DHR will apply appropriate sanctions against employees who fail to comply with the privacy policies and procedures of the regulations.


Slide31 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Documented Policies and Procedures

  • DHR will develop and implement privacy policies and procedures with respect to PHI.

  • Address DHR’s specific privacy practices as well as all of the elements of the HIPAA privacy rules

  • DHR will change or update its policies and procedures as necessary and appropriate to remain in compliance.


Slide32 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Notice of Privacy Practices

  • DHR employees will provide individuals with a Notice of Privacy Practices.

  • Notice must be in plain language.

  • DHR will revise Privacy Notice with any material change to DHR’s privacy practices.

  • Direct treatment providers will make a good faith effort to obtain the patient's written acknowledgement of the Notice of Privacy Practices and rights.


Slide33 l.jpg

Lesson 5: mortgages of customers with cancer”Administrative

Requirements and Obligations

Business Associate Contracts

  • Business Associates are entities with which DHR shares or exchanges PHI.

  • Business Associates must comply with HIPAA, indirectly, through mandated Business Associate Contracts with DHR.

  • Business Associate Contracts allow DHR to obtain satisfactory assurance that the Business Associate will appropriately safeguard PHI.

  • If DHR becomes aware of a material breach by the Business Associate, the contract (and relationship) must be terminated.


Slide34 l.jpg

HIPAA Training and mortgages of customers with cancer”

Education Series

Lesson 6: Rights of Individuals


Slide35 l.jpg

Lesson 6: mortgages of customers with cancer”Rights of

Individuals

What are the Rights of Individuals Under HIPAA Privacy?

  • PHI uses and disclosures are permitted only with authorization.

  • Request privacy protection for PHI

  • Confidential communications regarding PHI

  • Access to PHI

  • Amendment or correction of PHI

  • Accounting of PHI disclosures


Slide36 l.jpg

Lesson 6: mortgages of customers with cancer”Rights of

Individuals

Uses & Disclosures Permitted Only with an Authorization

  • Individuals have the right to expect that certain uses and disclosures of their PHI will be permitted only with an authorization.

  • The authorization is not valid unless signed by the individual in question.


Slide37 l.jpg

Lesson 6: mortgages of customers with cancer”Rights of

Individuals

Request Privacy Protection for PHI

Individuals have the right to request that DHR restrict:

  • Uses and disclosures for treatment, payment and healthcare operations (TPO), and

  • Disclosures permitted for involvement in the individual’s care and notification purposes.

    DHR does not have to agree to the request, but must have procedures in place to process request.


Slide38 l.jpg

Lesson 6: mortgages of customers with cancer”Rights of

Individuals

Confidential Communications Regarding PHI

  • Individuals have the right to confidential communications regarding their PHI.

  • DHR must accommodate reasonable requests by individuals to receive communications of PHI by alternative means or at alternative locations.

  • Applies to health plans when disclosure of all or part of PHI could endanger the individual.


Slide39 l.jpg

Lesson 6: mortgages of customers with cancer”Rights of

Individuals

Access to PHI

  • Individuals have the right to unfettered access to PHI that is used to make decisions about the individual.

  • Such PHI must be kept for 6 years

  • Exceptions include access to psychotherapy notes, PHI used in judicial or administrative actions, etc.


Slide40 l.jpg

Lesson 6: mortgages of customers with cancer”Rights of

Individuals

Amendment or Correction of PHI

  • An individual has the right to amend or correct his or her PHI in a designated record set (e.g. medical record) for as long as the covered entity maintains the information.

  • DHR does not have to agree to amend or correct the PHI.


Slide41 l.jpg

Lesson 6: mortgages of customers with cancer”Rights of

Individuals

Accounting of Disclosures

  • An individual has the right to receive an accounting of PHI disclosures made in the six years prior to the request.

  • Exceptions include disclosures for treatment, payment and healthcare operations, disclosures to the individual, for national security purposes, etc.

  • A written account of such disclosures must include the date of the disclosure, to whom the information was disclosed, and a description of the information disclosed.


Slide42 l.jpg

HIPAA Training and mortgages of customers with cancer”

Education Series

Lesson 7: Summary


Slide43 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

What are the Penalties for Non-Compliance?

  • Violation of HIPAA Privacy Rules may lead to both civil and criminal penalties.

  • Civil penalties range between $100 for a single violation to as much as $25,000 for multiple violations of the same requirement during a calendar year.

  • Criminal penalties range from $50,000 and one year in imprisonment for a simple PHI disclosure to as much as $250,000 and 10 years imprisonment for wrongful disclosure.


Slide44 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

The Importance of Privacy

  • HIPAA Privacy Rules address how and to whom protected health information may be disclosed.

  • The increased use of electronic transactions of health care data and the general erosion of privacy necessitate minimum standards for the privacy of PHI.

  • HIPAA Privacy Rules intend to assure individuals that their PHI will remain private and free from improper use or disclosure.


Slide45 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

Covered Entities

“Covered entities” generally include:

  • Healthcare providers

  • Healthcare payers

  • Healthcare clearinghouses


Slide46 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

Protected Health Information (PHI)

  • PHI is any and all individually identifiable health information.

  • PHI may be in electronic, paper-based, or oral form.

  • Includes PHI that is stored as well as disclosed by a covered entity


Slide47 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

Permitted Uses and Disclosures

  • Treatment, payment, and other standard healthcare operations (TPO) do not require an authorization.

  • Disclosures to a third party, disclosures for employment determinations, the sale, rental or barter of PHI, and other such uses and disclosures are not permitted without a signed authorization.


Slide48 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

Minimum Necessary Disclosure Standard

  • Must make a reasonable effort not to use or disclose more than the minimum amount of information necessary to accomplish an intended task.

  • Minimum necessary does not apply to activities related to healthcare treatment, payment or healthcare operations (TPO), and to certain other activities such as disclosures to the Department of Health and Human Services (DHHS).


Slide49 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

Administrative Requirements and Obligations

  • Requirements and obligations include:

    • A Privacy Official

    • A Privacy Training Program

    • Administrative Safeguards

    • A Complaints Process

    • Sanctions for Violations of Privacy

    • Documented Policies and Procedures

    • A Notice of Privacy Practices

    • “Business Associate” Contracts


Slide50 l.jpg

Lesson 7: mortgages of customers with cancer”Summary

Rights of Individuals

  • Uses and disclosures of PHI permitted only with authorization

  • Request privacy protection for PHI

  • Confidential communications regarding PHI

  • Access to PHI

  • Amendment or correction of PHI

  • Accounting of Disclosures of PHI


Slide51 l.jpg

  • FOLLOW THESE DIRECTIONS TO RECEIVE CREDIT mortgages of customers with cancer”

  • ENSURE YOU VIEW THE HIPAA 101 PRESENTATION

  • ENSURE YOU COMPLETE THE COMPETENCY

  • EXAM AND SEND TO HRD

  • ENSURE YOU COMPLETE A INSERVICE TRAINING

  • ROSTER AND SEND TO HRD


ad