Hipaa privacy rule
1 / 15

HIPAA Privacy Rule - PowerPoint PPT Presentation

  • Uploaded on

HIPAA Privacy Rule . Compliance Training for YSU April 9, 2014. What is HIPAA?. Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' HIPAA Privacy Rule ' - baruch

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Hipaa privacy rule

HIPAA Privacy Rule

Compliance Training for YSU

April 9, 2014

What is hipaa
What is HIPAA?

  • Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996

  • Federal law designed to give patients control over all Protected Health Information (PHI) that might be shared between health care providers and other covered entities

  • Ensure confidentiality of PHI

What is phi protected health information
What is PHI?(Protected Health Information)

  • “Individually identifiable health information” in any form - paper, electronic, or oral

  • Relates to the physical or mental health condition of an individual

  • Identifies or can be used to identify an individual (e.g., name, address, birth date, Social Security number, account number)

  • Is in the possession of or has been created by covered entities

Examples of phi
Examples of PHI

  • Health care claims

  • Health care payment and remittance advice

  • Coordination of benefits

  • Health care claim status

  • Enrollment or disenrollment in a health plan

  • Eligibility for a health plan

  • Health plan premium payments

  • Referral certification and authorization

What is the hipaa privacy rule
What is the HIPAA Privacy Rule?

  • Provides federal protection for PHI held by covered entities and Business Associates

  • Gives patients rights over determining who can look at and receive their health information

  • Applies to all forms of protected health information – electronic, written, or oral

Who must comply
Who Must Comply?

Health Plans

  • Health insurance companies - HMOs, Medicaid, Medicare, and employer-sponsored health plans

    Health Care Providers

  • Doctors, clinics, hospitals, pharmacies, dentists

  • Electronic billing to insurance

    Health Care Clearinghouses

  • Process nonstandard health information (e.g., billing services)

What is the hipaa security rule
What is the HIPAA Security Rule?

  • Specifies a series of administrative, physical and technical safeguards to use to assure confidentiality, integrity, and availability of electronic PHI

Employer has 2 roles
Employer has 2 Roles

If the Employer is the Plan Sponsor of a self-insured plan it has two different roles:

  • Employer

  • Plan Sponsor

Employer role
Employer Role

HIPAA Privacy Rule does not apply when:

  • Doctor’s information is needed for determining FMLA or an ADA Accommodation

  • Doctor’s release to return to work

  • Workers Compensation injury

  • OHSA logs

  • Wellness programs

  • Health insurance

Plan sponsor role
Plan Sponsor Role

HIPAA Privacy Rules does apply when:

  • Employer participates in the administration of a group health plan

  • Is involved in the decision-making process

Plan sponsor responsibilities
Plan Sponsor Responsibilities

  • Designate a privacy officer

  • Provide written PHI procedures

  • Limit use and disclosures of PHI to the “minimum necessary” to accomplish the intended purpose

  • Require business associates to ensure confidentiality with written contracts/agreements

Employees rights
Employees’ Rights

Employers acting in a plan sponsor role may not share employee PHI without written authorization unless it is shared:

  • With the employee

  • For treatment/care coordination

  • To pay for employee health care services.

Employees rights cont
Employees’ Rights (cont.)

Employees have a right to:

  • A copy of their medical records

  • Restrict who can obtain their PHI

  • Change incorrect information in their medical records

  • A report of when and why PHI was used

  • File complaints

Hipaa privacy violations
HIPAA Privacy Violations

  • Civil penalties - $100 per violation

  • Maximum civil penalties of $25,000 per year, per person, per standard

  • Criminal penalties - $50,000 to $250,000 and imprisonment

  • Additional penalties under state law

  • Lawsuits


  • Medical information maintained by employers is not always considered PHI

  • Employer must determine where the information was obtained and whether the information is maintained under the role of employer or plan sponsor of a group health plan

  • Regardless of the role, employers should carefully handle all employee medical information