1 / 20

HIPAA ( Please press F5 to view )

HIPAA ( Please press F5 to view ). Health Information Privacy and Accountability Act Enacted in 1996 Governs the Privacy of Protected Health Information (PHI) Defines basic terms and lists principles that all personnel must follow.

aspen-rowland
Download Presentation

HIPAA ( Please press F5 to view )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA(Please press F5 to view) • Health Information Privacy and Accountability Act • Enacted in 1996 • Governs the Privacy of Protected Health Information (PHI) • Defines basic terms and lists principles that all personnel must follow. • State law that is stricter than HIPAA and is more protective of health information privacy than HIPAA still applies

  2. Basics of the HIPAA Privacy Rule  • Personnel can only see or use the minimum amount of PHI that is necessary for a task . • Personnel who see or use PHI in violation of HIPAA have violated federal law.  Penalties include fines, jail, and disciplinary action which may include termination. • All requests for patient health information must be directed through the company's Privacy Officer.

  3. HIPAA Penalties • $100 fine per day for each standard violation.  (Up to $25,000 per person, per year, per standard.)  • $50,000 fine + up to one year in prison for improperly obtaining or disclosing health information.  • $100,000 fine + up to five years in prison for obtaining or disclosing health information under false pretenses.  • $250,000 fine + up to ten years in prison for obtaining health information with the intent to sell, transfer or use for commercial advantage, personal gain or harm.  • Penalties under company policy, which can include termination.

  4. Who Must Comply? • Everyone employed by the company, whether ambulance, wheelchair, dispatch, management, etc.

  5. What is PHI? • Comes from a health care provider or a health plan. • Identifies an individual or could be used to identify an individual. • Describes the health care, condition, or payments of  an individual or describes the demographics of an individual.

  6. Examples of Demographics  • Name • Zip code • Address • Name of employer • Birth date • Telephone number • Fax number • E-mail address • Social security number • Medical record number  Health plan beneficiary number • Account number • Driver’s license number • Vehicle serial number • URL • IP address • Biometric identifiers • Full-face photo • Any other unique identifying characteristic

  7. PHI Describes Health Condition  • Information from a health care provider or health plan about an Individual’s Physical or Mental condition, including: • Past history of a condition • Present condition • Plans or predictions about the future of a condition • Some specific documents covered: • - Patient Care Report • - Billing forms • - Physician certifications • - Verbal reports

  8. PHI Describes Health Care  • Information from a health care provider or health plan about an Individual’s Health Care, including: • Who provided care • What type of care was given • Where care was given • When care was given • Why care was given 

  9. PHI Describes  Health Care Payments  • Information from a health care provider or health plan about an Individual’s Health Care Payments, including: • Who was paid • What services were covered by the payment • Where payment was made • When payment was made • How payment was made

  10. PHI must be secured in all forms • Written information (reports, charts, x-rays, letters, messages, etc.) Must be locked in a container with limited access. • Oral communication (phone calls, meetings, informal conversations, etc.)  • E-mail, computerized and electronic information (computer records, faxes, voicemail, PDA entries, etc.)  • Don't leave written information out for 3rd parties to see. • Law enforcement may not be given patient information in the performance of their duties as law officers, except for non-medical information such as driver's license, Social Security Card, etc. (Can’t be given PCR without a court order or written consent of patient.)

  11. HIPAA Golden Rule • " What you see here, •    what you hear here, •     when you leave here, •     let it stay here."

  12. When Can Personnel Use PHI? • Disclose any and all information required to affect treatment and continued care of the patient. • Only Relevant information may be transmitted by radio to ensure response to a patient and for continued care (dispatch and encode communications). • Information may be discussed with present family members. • Healthcare providers must share protected information as required to provide continuous care and to facilitate billing. • When the individual has signed a valid authorization form. • Patient information may be discussed with disaster relief agencies for the purpose of disaster relief efforts. • All caregivers are entitled to patient health information and demographics required to provide any needed patient care. • As specifically permitted or required by law.  • In all cases, use reasonable security measures to safeguard Protected Health Information 

  13. Security Measures for PHI • Do NOT share user names and passwords. • Lock doors, lock file cabinets, and limit access to workspace where health information is used or stored. • Limit access to printers and faxes where health information is printed. • Limit access to health information to only those who need it for a specific task. • Redact (black out) or use de-identified health information whenever possible. • Shred or otherwise properly dispose of health information trash. • Use and keep only the minimum health information necessary for a specific task. • Follow privacy policies and procedures .

  14. Privacy Policy • Given the nature of our work, it is imperative that we maintain the confidence of patient information that we receive in the course of our work. Carolina MedCare prohibits the release of any patient information to anyone outside the organization unless required for treatment, payment, or healthcare operations, and discussions of Protected Health Information (PHI) within the organization should be limited. Acceptable uses of PHI within the organization include, but are not limited to, exchange of patient information needed for treatment of the patient, billing, and other essential healthcare operations, peer review, internal audits, and quality assurance activities.

  15. Privacy Policy • I understand that Carolina MedCare provides services to patients that are private and confidential and that I am a crucial step in respecting the privacy rights of Carolina MedCare’s patients. I understand that it is necessary, in the rendering of Carolina MedCare’s services, that patients provide personal information and that such information may exist in a variety of forms such as electronic, oral, written, or photographic and that all such information is strictly confidential and protected by federal and state laws.

  16. Privacy Policy • I agree that I will comply with all confidentiality policies and procedures set in place by Carolina MedCare during my entire employment or association with Carolina MedCare. If I, at any time, knowingly or inadvertently breach the patient confidentiality policies and procedures, I agree to notify the Privacy Officer of Carolina MedCare immediately. In addition, I understand that a breach of patient confidentiality may result in suspension or termination of my employment or association with Carolina MedCare. Upon termination of my employment or association for any reason, or at any time upon request, I agree to return any and all patient confidential information in my possession. This is not a contract for continued employment.

  17. Privacy Policy • I have read and understand all privacy policies and procedures that have been provided to me by Carolina MedCare. I agree to abide by all policies or be subject to disciplinary action, up to and including termination of employment. This is not a contract of employment and does not alter the nature of the existing relationship between Carolina MedCare and me.

  18. Privacy Policy • I understand that every patient transported by Carolina Medcare is entitled to a written copy of the privacy policy and will be provided, at no cost to the patient, at the time of transport.

  19. Privacy Officer • The Designated Privacy Officer for Carolina Medcare is: • Mark Self • 1935 Second Loop Road • Florence, SC 29501 • (843) 662-8887 Ext. 304

  20. Summary  • Keep Protected Health Information private and secure at all times. • Make sure only Personnel who need to use Protected Health Information see it or use it. • Use only the minimum amount of Protected Health Information necessary to accomplish the task. • Read and understand Privacy policies and procedures • Know your Privacy Officer • Consult your Privacy Officer with any questions you have about privacy or Protected Health Information. • Click Here to Take HIPAA Quiz • Return to New Employee Orientation Page

More Related