1 / 16

Health Insurance Portability and Accountability Act (HIPAA) Review

Health Insurance Portability and Accountability Act (HIPAA) Review. Auburn University Harrison School of Pharmacy. HIPAA Basics. HIPAA passed in 1996 Protect and secure patient information Guarantee patients’ right to access health information and control its use Implemented April 14, 2003.

lotus
Download Presentation

Health Insurance Portability and Accountability Act (HIPAA) Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Health Insurance Portability and Accountability Act (HIPAA) Review Auburn University Harrison School of Pharmacy

  2. HIPAA Basics • HIPAA passed in 1996 • Protect and secure patient information • Guarantee patients’ right to access health information and control its use • Implemented April 14, 2003

  3. Protected Health Information (PHI) • Spoken, written, or electronic • Prescription • Fax or email • Patient consultation • Created or received by a covered entity (e.g. health care providers, pharmacies, health insurance plans) • Info related to past, present, or future health

  4. De-identified Data • Data that cannot identify an individual patient • De-identified data does not fall under HIPAA rules • Often used in research

  5. Patient Rights • Limit how PHI used • Determine when/how communicated with patient • Review and obtain copy of PHI • Request edits of PHI • Know how pharmacy uses PHI

  6. Rx Obligations • Provide written notice to patients regarding Privacy Practices • Patient rights • How uses and discloses PHI • Who to contact with complaints • Obtain written acknowledgement from patients of receipt of Privacy Practices

  7. Rx Obligations • “Minimum Necessary” • Limit PHI provided by pharmacy • Provide only minimum necessary information to complete a task (e.g. fill prescription, counsel patient, file a claim)

  8. Rx Obligations • Exceptions to “Minimum Necessary” • Health care provider request to aid treatment • Disclosure directly to patient • Disclosure according to patients’ written authorization • Must avoid incidental uses and disclosures of PHI!

  9. Acknowledgement vs. Authorization • Acknowledgement • Patient written acknowledgement of receipt of written notice of privacy practices • Notice to include types of PHI disclosures for treatment, payment, operations (TPO) • Authorization • Signed authorization required for any disclosure other than that necessary for TPO

  10. Authorization Exemptions • PHI relative to the following: • Public Health • Abuse, neglect, domestic violence • Health oversight • Law enforcement • Judicial and administrative proceedings • Decedents • Avert serious threat to health or safety • Specialized government • Comply with worker’s compensation laws • ADR reports to the FDA • DEA or state Board of Pharmacy inspections

  11. Authorization Exemptions • Refer ALL authorization exemptions to Privacy Officer for review!

  12. Rx Obligations • Prevent incidental disclosures of PHI! • Telephone (refills, call in Rx) • Faxed Rx • Info left via pharmacy voice mail • Drive through pick up window • Insurance requests for information • Patient consultations • Friend or family member requests info regarding patient’s Rx or condition

  13. Penalties for HIPAA Violation • Civil • $100 per rule violation, up to $25,000 for identical violations in one calendar year • Only 2 Exceptions (do not apply) • Did not know violated HIPAA rule • Failure to comply with rule not due to willful negligence, and corrected within 30 days

  14. Penalties for HIPAA Violation • Criminal • Knowingly and in violation of HIPAA rules uses or causes to be used unique health identifiers, and/or obtains or discloses PHI relating to an individual • $50,000 fine and/or up to 1 year imprisonment

  15. Penalties for HIPAA Violation • Criminal • $10,000 fine and/or up to 5 years imprisonment if obtain PHI under false pretenses • $250,000 and/or up to 10 years imprisonment if intent to sell, transfer, or use PHI for commercial advantage, personal gain, or malicious harm • AUHSOP Honor Code Violation

  16. Summary • You will have access to PHI every day • Access only PHI necessary to complete the task at hand • Make every effort to avoid incidental disclosure of PHI • If unsure about a request for PHI, do not disclose and contact Privacy Officer • Treat PHI as if it is your own

More Related