Hipaa workforce training
Download
1 / 49

HIPAA Workforce Training - PowerPoint PPT Presentation


  • 271 Views
  • Updated On :

HIPAA Workforce Training. PRIVACY and HIPAA. MANDATORY. Completion of training is mandatory under HIPAA for the entire workforce of the MHRB Including volunteers, like yourselves. What is HIPPA?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'HIPAA Workforce Training' - bronwen


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Hipaa workforce training l.jpg

HIPAA Workforce Training

PRIVACY and HIPAA


Mandatory l.jpg
MANDATORY

  • Completion of training is mandatoryunder

    HIPAA for the entire workforce of the MHRB

    Including volunteers, like yourselves.


What is hippa l.jpg
What is HIPPA?

In 1996 President Clinton signed the Health Insurance Portability and Accountability Act (HIPAA). This new law was enacted as part of a broad congressional attempt at incremental healthcare reform.

HIPAA has two primary purposes. One is to provide continuous insurance coverage for workers who change jobs, and the other is to “reduce the costs and administrative burdens of health care by making possible the standardized, electronic transmission of many administrative and financial transactions that are currently carried out manually on paper”.


Hipaa workforce training4 l.jpg
HIPAA Workforce Training

  • HIPAA requires that the MHRB create HIPAA policies and procedures that may affect your work as a Board member.


This hipaa training program will answer l.jpg
This HIPAA Training Program will answer…

  • What does HIPAA do?

  • Who has to follow the HIPAA law?

  • What is Protected Health Information?

  • When do we start?

  • How does HIPAA affect you?

  • Why is HIPAA important?


What does hippa do l.jpg
What does HIPPA do?

  • HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is a federal law that…

    • Protects the privacy of a client’s personal and health information

    • Provides for electronic and physical security of personal and health information

    • Simplifies billing and other transactions



Hipaa is the floor l.jpg
HIPAA is the FLOOR

  • HIPAA regulations are the minimum starting point for protecting health information and do not supersede any rules, regulations, or standards that are more stringent. For example, if ODMH rules are more stringent than HIPAA rules, we must follow the ODMH rule.


Organizational and administrative requirements l.jpg
Organizational and Administrative Requirements

  • A Privacy Officer must be appointed to implement and develop privacy policies and procedures for the agency.

  • Must train all employees (current and new) on privacy policies and procedures.

  • Must amend all business associate contracts to establish the permitted and required uses and disclosures of PHI.

  • Must verify the identity and authority of person requesting PHI.


Organizational and administrative requirements10 l.jpg
Organizational and Administrative Requirements

  • Must disseminate a notice of our privacy practices to existing clients and all new clients and within 60 days of any material revision.

  • Must notify clients every 3 years of the availability of the notice.

  • A covered entity with a website must post their notice on the web.


Organizational and administrative requirements11 l.jpg
Organizational and Administrative Requirements

  • Must document compliance with notice requirements and keep copies of notices issued.

  • Must document who is responsible for receiving and processing client inquiries regarding his/her PHI.


Organizational and administrative requirements12 l.jpg
Organizational and Administrative Requirements

  • Must provide a process for individuals to make complaints and document such complaints and their disposition.

  • Must develop anti-retaliation policy.



Who is impacted l.jpg
Who Is Impacted?

  • Health care providers – A provider of medical, psychiatric, or other health services, and any other person or entity furnishing health care services or supplies.

  • Health plans – an individual or group health plan that provides or pays the cost of medical care.

  • Clearinghouses – A public or private entity that processes or facilitates the processing of non-standard data elements of health information into standard data elements and who transmits any health information in electronic form in connection with a transaction covered in the legislation.

  • Business Associates and Trading Partners


Business associate l.jpg
Business Associate

  • A person or entity to whom a covered entity discloses protected health information, to perform a function on behalf of or to provide services to a covered entity.

  • Includes lawyers, accountants, consultants, and accrediting agencies.

  • Must have a contract obligating them to safeguard protected health information.


Business associate contracts l.jpg
Business Associate Contracts

  • Must establish the permitted and required uses and disclosures of protected health information by the business associate and may not authorize further disclosure in violation of the regulations

  • If the covered entity knows of a practice or pattern of activity that constitutes a material breach of the business associate’s obligations under the contract, the covered entity must take reasonable steps to ensure cure of the breach or terminate the contract or report the problem to the Secretary of Health and Human Services.


Business associate obligations l.jpg
Business Associate Obligations

  • Must not use or disclose protected health information in violation of the law or contract.

  • Implement safeguards against improper use or disclosure.

  • Ensure that any agents or subcontractors agree to fulfill contractual and legal obligations.

  • Afford individual access to records; make available records for amendment by the individual; account to the individual for use or disclosure other than for payment, treatment, or operations.

  • At termination of the contract, return or destroy protected health information.


What is impacted l.jpg
What Is Impacted?

TRANSACTIONS

  • A transaction is the exchange of information between two parties to carry out financial and administrative activities related to health care. It includes:

    • Health claims or encounter information,

    • Health care payment and Explanation of Benefits (EOB),


What is impacted transactions continued l.jpg
What Is Impacted?Transactions Continued

  • Coordination of benefits,

  • Enrollment/disenrollment in a health plan,

  • Eligibility for a health plan,

  • Health plan premium payments,

  • Referral certification and authorization,

  • First report of injury, and

  • Health claims attachments.


What is impacted20 l.jpg
What Is Impacted?

PROTECTED HEALTH INFORMATION

Protected Health Information is defined as any information, whether oral or recorded, in any form or medium, that-

  • Is created or received by a provider, health plan, public health authority, employer, life insurer, school, or clearinghouse; and

  • Relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.


What is considered protected health information l.jpg
What is considered Protected Health Information?

  • A person’s name, address, birth date, age, phone and fax numbers, e-mail address

  • Medical records, diagnosis, x-rays, photos, prescriptions, lab work, test results

  • Billing records, claim data, referral authorizations, explanation of benefits

  • Research records


The board may create use and share a person s phi for l.jpg
The Board may create, use and share a person’s PHI for:

  • Treatment

  • Billing and Payment

  • Agency Business Management and Operations

  • Disclosures Required by Law

  • Public Health and Other Governmental Reporting


Phi consent l.jpg
PHI Consent

  • Some uses and disclosures of PHI do not require consent.

  • The use and disclosure of protected health information relating to treatment, payment, or health care operations does not require prior written consent.


Minimum necessary rule l.jpg
Minimum Necessary Rule

When using or disclosing Protected Health Information (PHI) or when requesting PHI from another covered entity, The Board must make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request, unless an exception applies.


Minimum necessary rule exceptions l.jpg
Minimum Necessary RuleExceptions

The minimum necessary requirement does not apply in the following instances:

  • Disclosures to or requests by a health care entity for purposes of treatment.

  • Uses or disclosures made to the individual who is the subject of the PHI.

  • Uses or disclosures made pursuant to a valid authorization initiated by the individual.

  • Disclosures to the secretary of the Department of Health and Human Services (HHS).

  • Uses or disclosures that are required by law.

  • Uses or disclosures required for compliance under HIPAA, including compliance with the implementation specifications for conducting standard data transactions.


Requests for disclosure l.jpg
Requests for Disclosure

The Board may rely on a request for disclosure as the minimum necessary for the stated purpose when:

  • Making permitted disclosures to public officials, if the public official represents that the information is theminimum necessary for the stated purpose(s).

  • The information is requested by another covered entity.

  • The information is requested by a professional who is a member of The Board’s workforce or is a business associate of Board for the purpose of providing professional services to The Board if the professional represents that the information requested is the minimum necessary for the stated purpose(s).

  • The information is requested for research purposes and the person requesting the information has provided documentation or representations to The Boardverifying such intended purpose.


Using and disclosing phi without consent l.jpg

When a disclosure is required by federal, state, or local law, judicial or administrative proceedings, or law enforcement.

Disclosure without your consent can occur in certain emergency treatment situations.

To avoid harm.

For specific government functions.

For workers' compensation purposes.

Appointment reminders and health-related benefits or services.

For fundraising activities, public health activities, organ donations, and for research purposes.

Using and Disclosing PHIWithout Consent


Verification l.jpg
Verification law, judicial or administrative proceedings, or law enforcement.

In certain instances, as permitted or required by law, The Board can or must disclose an individual’s PHI, even where there is no specific consent or authorization from the individual to do so.

No PHI will be disclosed without precautions being made to assure that the identity of the person requesting PHI information is verified and that they have the authority to have access to the information requested.


Verification of identity l.jpg
Verification of Identity law, judicial or administrative proceedings, or law enforcement.

When the identity of the person seeking disclosure of an individual’s PHI is not known to The Board, verification of the person’s identity is as follows:

  • If the request is made in person, presentation of an agency identification badge, other official credentials, or other proof of government status.

  • If the request is in writing, the request is on the appropriate government letterhead

  • or other accepted proof of identity is documented.

  • If the disclosure is to a person acting on behalf of a public official, a written statement on appropriate government letterhead that the person is acting under the governments’ authority or other evidence or documentation of agency, such as a contract for services, memorandum of understanding, or purchase order, that establishes that the person is acting on behalf of the public official.


Verification of authority l.jpg
Verification of Authority law, judicial or administrative proceedings, or law enforcement.

To verify the authority of a public official, The Board may rely on any of the following:

  • A written statement of the legal authority under which the information is requested or,

  • 2. if a written statement is impracticable, an oral statement of such legal authority,

  • 3. If a request is made pursuant to legal process, a warrant, subpoena, order, or other legal process issued by a grand jury or a judicial or administrative tribunal will be presumed to constitute legal authority.


Privacy notice l.jpg
Privacy Notice law, judicial or administrative proceedings, or law enforcement.

  • Every client is provided with a Notice of Privacy Practices upon enrollment at a contract agency The Notice describes”

    • How the MHRB can use and share protected health information, and

    • Every client’s privacy rights

  • The privacy notice is also published on the MHRB’s web page.

  • Copies of the Notice of Privacy are available from the Privacy Officer or Secretary.


Clients phi rights l.jpg
Clients’ PHI Rights law, judicial or administrative proceedings, or law enforcement.

One of the purposes of the new HIPAA rule is to give clients more control over their PHI. Such as:

  • The right to request limits on uses and disclosures of their PHI.

  • The right to choose how the agency sends PHI to them.

  • The right to view and obtain copies of their PHI.

  • The right to correct or update their PHI.


How do clients exercise these rights l.jpg
How do clients law, judicial or administrative proceedings, or law enforcement.exercise these rights?

  • Special forms to request changes, corrections, copies, etc. are available from the Privacy Officer.


What client information must be protected l.jpg
What client information law, judicial or administrative proceedings, or law enforcement.must be protected?

  • We must protect a client’s personal and health information that:

    • Is created, kept, filed, used or shared

    • Is written, spoken, electronic or digital

  • As already stated HIPAA defines client personal and health information as Protected Health Information or “PHI” for short.


When do we start l.jpg
When do we start? law, judicial or administrative proceedings, or law enforcement.

NOW!


How will hipaa affect your duties l.jpg
How will HIPAA law, judicial or administrative proceedings, or law enforcement.affect your duties?

  • If you currently see, use, share and/or create a person’s protected health information as part of your job or duties, HIPAA will change the way you work.

  • You must protect the privacy of the client and MHRB’s workforce protected health information.


When can you use phi l.jpg
When can you use PHI law, judicial or administrative proceedings, or law enforcement.?

  • ONLY to do your job or duties!

  • At all other times, protect a client’s information as if it were your own information!


How can you use phi l.jpg
How can you use PHI law, judicial or administrative proceedings, or law enforcement.?

  • You may look at a person’s

    PHI only if you need it to do

    your job or duties.

  • You may use a person’s PHI

    only if you need it to do your job or duties.

  • You may give a person’s PHI to

    others when it is necessary for them to do their jobs.

  • You may talk to others about a person’s PHI only if it is necessary to do your job or duties.


Why is hipaa important l.jpg
Why is HIPAA important law, judicial or administrative proceedings, or law enforcement.?

Protecting privacy is important!

  • We all want our PHI to be private

  • Our clients want their PHI to be private

  • It’s the right thing to do

  • It’s the law


What can happen if we don t follow hipaa l.jpg
What can happen if we law, judicial or administrative proceedings, or law enforcement.don’t follow HIPAA?

  • Someone who does not protect a person’s personal and/or health care privacy could:

    • Lose his/her job

    • Pay fines

    • Go to jail


Fines l.jpg
Fines? law, judicial or administrative proceedings, or law enforcement.

Fines range

from $50,000 to

$250,000 per

incident


Slide42 l.jpg
Jail? law, judicial or administrative proceedings, or law enforcement.

Jail terms

can be up to

10 years

per incident


Did you know l.jpg
Did you know….? law, judicial or administrative proceedings, or law enforcement.

  • The Board must protect your personal health information with as much diligence and security as we protect clients’ PHI.


Slide44 l.jpg

When do we have law, judicial or administrative proceedings, or law enforcement.

to protect PHI?

NOW!


Hipaa stories l.jpg
HIPAA Stories law, judicial or administrative proceedings, or law enforcement.

Please read the following two HIPAA stories carefully as you will be asked to discuss them

on the quiz.


Hipaa story 1 annie l.jpg
HIPAA Story #1: Annie law, judicial or administrative proceedings, or law enforcement.

After serving on the client’s rights appeal committee, I ran into the customer Annie, who filed the appeal at the grocery store. She came up to me and started talking about her appeal, the medications she was placed on and how she was not feeling any better. I told her I could not discuss her appeal that it was confidential, and that it takes time for some medications to work.

Did I do the right thing?


Hipaa story 2 barry l.jpg
HIPAA Story #2: Barry law, judicial or administrative proceedings, or law enforcement.

I happened to be using the copier in the MHRB office when a fax arrived. I did not read any of the details but recognized the client name on the incident report. I did not do anything with the information and kept it to myself.

Did I do the right thing?


Where to find out more about hipaa l.jpg
Where to Find Out law, judicial or administrative proceedings, or law enforcement.More About HIPAA

  • The Privacy Notice is on the agency’s Internet Website: www.whmhrb.org

  • Contact Kim Tapie, Compliance and Privacy Officer with questions and/or concerns

  • Review HIPAA materials in the Board’s Operations Manual


The end l.jpg
The End! law, judicial or administrative proceedings, or law enforcement.

Congratulations! You have completed

The HIPAA Privacy Training

.


ad