Virginia department for the aging hipaa overview l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 15

Virginia Department for the Aging HIPAA Overview PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on
  • Presentation posted in: General

Virginia Department for the Aging HIPAA Overview. April 24, 2002. Agenda. What is HIPAA? The Four Components of Administrative Simplification Who does HIPAA Apply to? Privacy Standards Additional Information. What is HIPAA ?.

Download Presentation

Virginia Department for the Aging HIPAA Overview

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Virginia department for the aging hipaa overview l.jpg

Virginia Department for the Aging HIPAA Overview

April 24, 2002


Agenda l.jpg

Agenda

  • What is HIPAA?

  • The Four Components of Administrative Simplification

  • Who does HIPAA Apply to?

  • Privacy Standards

  • Additional Information


What is hipaa l.jpg

What is HIPAA ?

Health Insurance Portability & Accountability Act of 1996 (HIPAA)

  • Public law 104-191

  • Portability: Transfer of healthcare when employees change jobs

    • COBRA - Completed

  • Accountability: Fraud/Abuse & Administrative Simplification


The four components of administrative simplification l.jpg

The Four Components of Administrative Simplification

  • Electronic Health Transactions

    • Examples:Claims, Recipient Eligibility, Coordination of Benefits (COB’s), Claims Status

  • Unique Health Identifiers and Standard Medical Code Sets

    • Examples of Health Identifiers: National Provider ID, National Employer ID, Health Plan ID, National Individual ID

    • Example of Medical Code Sets: National Drug Codes (NDC)


Administrative simplification con t l.jpg

Administrative Simplification (con’t)

  • Security Standards & Electronic Signatures

    • Security and privacy standards for administrative procedures

    • Technical security services against unauthorized access to data

    • Physical safeguards


Administrative simplification cont l.jpg

Administrative Simplification (cont.)

  • Privacy

    • Signed by the Secretary of DHHS under Clinton Administration

    • Posted to the Federal Register on 12/28/00

    • Comply as of 04/13/2003

    • Focus on Policy and Procedures protecting Individuals’ rights, and audit trails of disclosures of personally identifiable health information (regardless of whether in electronic form).

    • Privacy Officer for Each Organization


If you remember only one thing about hipaa l.jpg

If You Remember Only One Thing About HIPAA?

  • Focus on Policy and Procedures protecting Individuals’ rights, and audit trails of disclosures of personally identifiable health information (regardless of whether in electronic form).


Who does hipaa apply to l.jpg

Who does HIPAA Apply to?

Examples of “Covered Entities” are:

  • Health Care Providers

    • Doctors, Dentists, Hospitals

  • Payers/Plans

    • HCFA (Medicare/Medicaid)

    • Collection Agencies

    • HMO’s, Group Health Plans

  • Prescription Drug Dispensing/Testing

    • Pharmaceuticals, Drug Stores, Labs

  • Clearinghouses/Donor Organizations

    • CDC, Blood banks, Organ Donors


Privacy standards l.jpg

Privacy Standards

  • Protected Health Information (PHI) by the regulation

    • Information relating to an individual’s physical or mental health, health care treatment, or payment for health care.

    • Protection continues as long as information in the hands of covered entity

    • Covered entities are encouraged to de-identify health information by removing, encoding, encrypting identifiers.

    • Personally identifiable health information in any form or medium.


Privacy standards10 l.jpg

Privacy Standards

  • Covered Entity must enter into a contract requiring that identifiable information be kept confidential by a Business Associate receiving information from or on behalf of a covered entity


Privacy standards11 l.jpg

Privacy Standards

  • Obligations of health care plans and providers

    • Provide Training to all staff who have access to PHI

    • Establish administrative, technical, and physical safeguards

    • Establish Policies and Procedures

    • Develop and apply sanctions from re-training to reprimand to termination

    • Have available documentation with the regulation requirements

    • Develop methods to disclose minimum amount of PHI

    • Develop and use contracts with business partners


Privacy standards12 l.jpg

Privacy Standards

  • Minimum Necessary Standard:

    “Must maintain every effort not to use or disclose, internally or externally, any more information than is necessary to accomplish the intended purpose.”

  • Preemption:

    Provides a “floor” of privacy protection. State laws that are “less protective” of privacy are preempted. States are free to enact “more stringent” statutes.


Privacy standards13 l.jpg

Privacy Standards

  • Penalties and Enforcement

    • Civil Liability for each standard provision violated the penalty up to $25,000 in any calendar year

    • Federal Criminal penalties are fines up to $50,000/and or 1 year imprisonment for using or disclosing individual identifiable health information

    • If disclosure is “under false pretenses, $100,000 fine and/ or up to 5 years imprisonment”

    • If offense is with intent to sell, transfer, or use individual identifiable information for commercial gain, $250,000 and / or imprisonment of up to 10 years

    • Enforcement has been delegated to the Office for Civil Rights (OCR) for civil enforcement and Department of Justice (DOJ) for criminal enforcement


Compliance gaps privacy l.jpg

Compliance Gaps – Privacy

  • Paper copies of patient records aren’t shredded

  • Registration terminals can be viewed by visitors

  • General lack of awareness as to where identifiable health information is being sent

  • Staff discuss patient care in public places such as elevators, cafeterias, and waiting rooms

  • Facsimile copies are sent to physicians at unidentified phone numbers

  • Lack of ongoing privacy training for workforce

    Provided by Phoenix Health Systems


References l.jpg

References

  • (www.healthprivacy.org)

  • http://aspe.hhs.gov/admnsimp/

  • http://www.hipaadvisory.com/

    HIPAA questions to – [email protected]

    Privacy question to – [email protected]


  • Login