Virginia department for the aging hipaa overview
Download
1 / 15

Virginia Department for the Aging HIPAA Overview - PowerPoint PPT Presentation


  • 134 Views
  • Updated On :

Virginia Department for the Aging HIPAA Overview. April 24, 2002. Agenda. What is HIPAA? The Four Components of Administrative Simplification Who does HIPAA Apply to? Privacy Standards Additional Information. What is HIPAA ?.

Related searches for Virginia Department for the Aging HIPAA Overview

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Virginia Department for the Aging HIPAA Overview' - terry


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Virginia department for the aging hipaa overview l.jpg

Virginia Department for the Aging HIPAA Overview

April 24, 2002


Agenda l.jpg
Agenda

  • What is HIPAA?

  • The Four Components of Administrative Simplification

  • Who does HIPAA Apply to?

  • Privacy Standards

  • Additional Information


What is hipaa l.jpg
What is HIPAA ?

Health Insurance Portability & Accountability Act of 1996 (HIPAA)

  • Public law 104-191

  • Portability: Transfer of healthcare when employees change jobs

    • COBRA - Completed

  • Accountability: Fraud/Abuse & Administrative Simplification


The four components of administrative simplification l.jpg
The Four Components of Administrative Simplification

  • Electronic Health Transactions

    • Examples:Claims, Recipient Eligibility, Coordination of Benefits (COB’s), Claims Status

  • Unique Health Identifiers and Standard Medical Code Sets

    • Examples of Health Identifiers: National Provider ID, National Employer ID, Health Plan ID, National Individual ID

    • Example of Medical Code Sets: National Drug Codes (NDC)


Administrative simplification con t l.jpg
Administrative Simplification (con’t)

  • Security Standards & Electronic Signatures

    • Security and privacy standards for administrative procedures

    • Technical security services against unauthorized access to data

    • Physical safeguards


Administrative simplification cont l.jpg
Administrative Simplification (cont.)

  • Privacy

    • Signed by the Secretary of DHHS under Clinton Administration

    • Posted to the Federal Register on 12/28/00

    • Comply as of 04/13/2003

    • Focus on Policy and Procedures protecting Individuals’ rights, and audit trails of disclosures of personally identifiable health information (regardless of whether in electronic form).

    • Privacy Officer for Each Organization


If you remember only one thing about hipaa l.jpg
If You Remember Only One Thing About HIPAA?

  • Focus on Policy and Procedures protecting Individuals’ rights, and audit trails of disclosures of personally identifiable health information (regardless of whether in electronic form).


Who does hipaa apply to l.jpg
Who does HIPAA Apply to?

Examples of “Covered Entities” are:

  • Health Care Providers

    • Doctors, Dentists, Hospitals

  • Payers/Plans

    • HCFA (Medicare/Medicaid)

    • Collection Agencies

    • HMO’s, Group Health Plans

  • Prescription Drug Dispensing/Testing

    • Pharmaceuticals, Drug Stores, Labs

  • Clearinghouses/Donor Organizations

    • CDC, Blood banks, Organ Donors


Privacy standards l.jpg
Privacy Standards

  • Protected Health Information (PHI) by the regulation

    • Information relating to an individual’s physical or mental health, health care treatment, or payment for health care.

    • Protection continues as long as information in the hands of covered entity

    • Covered entities are encouraged to de-identify health information by removing, encoding, encrypting identifiers.

    • Personally identifiable health information in any form or medium.


Privacy standards10 l.jpg
Privacy Standards

  • Covered Entity must enter into a contract requiring that identifiable information be kept confidential by a Business Associate receiving information from or on behalf of a covered entity


Privacy standards11 l.jpg
Privacy Standards

  • Obligations of health care plans and providers

    • Provide Training to all staff who have access to PHI

    • Establish administrative, technical, and physical safeguards

    • Establish Policies and Procedures

    • Develop and apply sanctions from re-training to reprimand to termination

    • Have available documentation with the regulation requirements

    • Develop methods to disclose minimum amount of PHI

    • Develop and use contracts with business partners


Privacy standards12 l.jpg
Privacy Standards

  • Minimum Necessary Standard:

    “Must maintain every effort not to use or disclose, internally or externally, any more information than is necessary to accomplish the intended purpose.”

  • Preemption:

    Provides a “floor” of privacy protection. State laws that are “less protective” of privacy are preempted. States are free to enact “more stringent” statutes.


Privacy standards13 l.jpg
Privacy Standards

  • Penalties and Enforcement

    • Civil Liability for each standard provision violated the penalty up to $25,000 in any calendar year

    • Federal Criminal penalties are fines up to $50,000/and or 1 year imprisonment for using or disclosing individual identifiable health information

    • If disclosure is “under false pretenses, $100,000 fine and/ or up to 5 years imprisonment”

    • If offense is with intent to sell, transfer, or use individual identifiable information for commercial gain, $250,000 and / or imprisonment of up to 10 years

    • Enforcement has been delegated to the Office for Civil Rights (OCR) for civil enforcement and Department of Justice (DOJ) for criminal enforcement


Compliance gaps privacy l.jpg
Compliance Gaps – Privacy

  • Paper copies of patient records aren’t shredded

  • Registration terminals can be viewed by visitors

  • General lack of awareness as to where identifiable health information is being sent

  • Staff discuss patient care in public places such as elevators, cafeterias, and waiting rooms

  • Facsimile copies are sent to physicians at unidentified phone numbers

  • Lack of ongoing privacy training for workforce

    Provided by Phoenix Health Systems


References l.jpg
References

  • (www.healthprivacy.org)

  • http://aspe.hhs.gov/admnsimp/

  • http://www.hipaadvisory.com/

    HIPAA questions to – [email protected]

    Privacy question to – [email protected]


ad