Understanding hipaa health insurandce portability and accountability act
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Understanding HIPAA (Health Insurandce Portability and Accountability Act) PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Understanding HIPAA (Health Insurandce Portability and Accountability Act). Special Thanks. Alex Johnson, ASHA President Elect. HIPAA. The Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191)

Download Presentation

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Understanding hipaa health insurandce portability and accountability act

Understanding HIPAA(Health Insurandce Portability and Accountability Act)

Special thanks

Special Thanks

  • Alex Johnson, ASHA President Elect



  • The Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191)

  • Mandates compliance with patient privacy rules designed to maintain confidentiality of medical information

  • No federal rules to protect privacy of health information existed until Standards for Privacy were published 12/28/2000

Hipaa includes

HIPAA Includes

  • A “privacy” component

  • A “security” component

Hipaa privacy


  • Provides Americans with a basic level of protection that is essential to their full participation of care

  • Regulation became effective April 14, 2003

  • “Covered entities” include health care providers who conduct certain financial and administrative transactions such as billing electronically

  • UW Speech and Hearing was identified as a UW “hybrid” entity and would need to follow HIPAA

The hipaa privacy focus is on protected health information phi

The HIPAA Privacy Focus is on protected Health Information(PHI)

Protected health information

Protected Health Information

  • All medical records and other individually identifiable health information used by or disclosed by a covered entity in any form

    • electronically

    • on paper

    • or orally

      are covered by the HIPAA final rule

  • 18 Patient identifiers – including name, SS#, telephone #, medical health #, zip code . . . .

  • What is phi

    What is PHI ?

    • Any information about past, present, or future illnesses

    • Physical or mental health of an individual

    • Provision of health care for an individual

    • Payment information in cases where the patient is individually identifiable

    What is required by hipaa

    What is required by HIPAA?

    • Must post privacy regulations

    • Pts. must be made aware of privacy rights

    • Pt. must sign a consent to have information used and disclosed:

      • Clearly written

      • Provider may refuse treatment if patient will not sign consent

      • Pt. may revoke consent in writing

    Understanding hipaa health insurandce portability and accountability act


    • Provider must retain consent for six years

    • Clinician consultation with another clinician is considered part of treatment and is covered by consent

    • Pt. may need to sign Authorization for uses other than those above (billing, exchanging records, etc.)

    The covered entity our clinic must

    The covered entity (Our clinic) must:

    • Try to disclose only minimum necessary information

    • Adopt clear privacy policies in writing

    • Inform patients of policies

    • Train the workforce (students, staff, faculty)

    • Designate a “privacy officer” to oversee

    • Secure PHI (hard copy or electronic, tapes)

    Research and hipaa

    Research and HIPAA

    • Is allowed if authorization is obtained

    • If no authorization, research may be allowed if a waiver is approved by the IRB

    • Research data needs to be de-identified

    What about public and private schools

    What about public and private schools?

    • Medical information created by the school system for the student record (audiology evaluations completed at school; SLP evaluations) is part of the EDUCATIONAL record and is not covered by HIPAA

    • Contractors with the school who maintain records must comply with HIPAA standards

    Establish accountability for medical records use and release

    Establish Accountability for Medical Records Use and Release

    • Civil penalties - violation of standards subject to civil liability - $100 per violation, up to $25,000 per person, per year for each requirement or prohibition violated

    • Federal criminal penalties - up to $50,000 and one year in prison for obtaining or disclosing protected health information; up to $100,000 and up to and up to 5 years in prison for obtaining health info under false pretenses

    Criminal penalties continued

    Criminal Penalties continued

    • Up to $250,000 and up to 10 years in prison for obtaining or disclosing protected heath information with intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm

    • Recent example: Fred Hutch employee

    Balancing public responsibility with privacy protections

    Balancing Public Responsibility with Privacy Protections

    • Final rule permits covered entities to continue certain existing disclosures of health information without individual authorization for specific public responsibilities

    • Includes emergency circumstances, public health needs, research (generally limited to when a waiver of authorization is independently approved)

    What do i need to do

    What Do I Need To Do?

    • Complete the HIPAA on-line training by October 8th

    • Carefully assess how ALL PHI is currently generated, stored and transmitted in your work setting (our clinic, department, all practicum and internship sites)

    Some questions to assess your situation

    Some Questions To Assess Your Situation

    • Do I collect oral, paper, or electronic information about clients?

    • Do I safeguard all PHI?

    • Do I destroy all PHI in the proper manner?

    • Do I safeguard email of patient reports with PHI deleted until the final print

    • Do I safeguard by using password protection on all practicum documents with PHI?

    • Do I have policies and procedures to refer to?

    • Who do I contact is I suspect a violation?

  • Login