1 / 32

HIPAA

duena
Download Presentation

HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. HIPAA

    3. What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

    4. Why Do We Need HIPAA? The purpose of HIPAA is to protect confidential health care information through improved security and privacy standards.

    5. Who Must Comply With HIPAA? Every employee of a health care facility or provider that handles protected patient health information will have to comply with HIPAA regulations.

    6. What Must Be Kept Confidential? What must be kept confidential? The HIPAA privacy rule defines the type of information that must be kept private by categorizing it as “Protected Health Information,” or PHI for short. Healthcare organizations must have policies in place that maintain the privacy of PHI. What is PHI? (next slide)What must be kept confidential? The HIPAA privacy rule defines the type of information that must be kept private by categorizing it as “Protected Health Information,” or PHI for short. Healthcare organizations must have policies in place that maintain the privacy of PHI. What is PHI? (next slide)

    7. What is PHI?

    8. PHI (Protected Health Information) Health information is any information, (verbal, electronic, or written) that relates to a person’s physical or mental health, or payment information.

    9. Examples of Personally Identifiable Information Name SSN Driver’s license Address Telephone number Marital status Financial information Parental status Gender Race Religion Medical Condition Test Results Income

    10. Minimum Necessary What can I access? Only information you “need to know”to do your job Accessing, using, or disclosing PHI on a need to know basis to get your job done is an important concept under HIPAA known as “minimum necessary.” Working in a healthcare organization does not entitle a person to access any and all patient records in the organization. You can access only the information you need to know to get your job done. Accessing, using, or disclosing PHI on a need to know basis to get your job done is an important concept under HIPAA known as “minimum necessary.” Working in a healthcare organization does not entitle a person to access any and all patient records in the organization. You can access only the information you need to know to get your job done. Does the minimum necessary standard apply in every situation? No – the minimum necessary standard does not apply when accessing, using, or disclosing PHI for treatment of the individual. It also does not apply to the patient – they can have access to their protected health information.Accessing, using, or disclosing PHI on a need to know basis to get your job done is an important concept under HIPAA known as “minimum necessary.” Working in a healthcare organization does not entitle a person to access any and all patient records in the organization. You can access only the information you need to know to get your job done. Does the minimum necessary standard apply in every situation? No – the minimum necessary standard does not apply when accessing, using, or disclosing PHI for treatment of the individual. It also does not apply to the patient – they can have access to their protected health information.

    11. Incidental Disclosure The Privacy Rule does not say that health information will not be accidentally over heard. But everyone should make every effort to prevent this from happening.

    12. Examples of Incidental Disclosure Calling a patient’s name in a waiting room A sign-in sheet is ok as long as it does not list a reason for the visit

    13. Examples of Verbal Risk Discussing personal health information with a patient in a waiting room when there is risk of others overhearing the conversation.

    14. Examples of Verbal Risk Personal health information should not be discussed in public areas such as elevators, hallways, parking lots, or bathrooms.

    15. Examples of Verbal Risk You should never discuss a patient’s personal health information with friends, family, or neighbors.

    16. Examples of Visual Risks Leaving documents that you know contain PHI in the open, unprotected and easily accessible by anyone

    17. How Do I Know...

    18. Internal Security Violations Taking advantage of computer glitches that mistakenly allow access to a patient’s medical record Deliberately gaining access to patient data Sharing pass codes Leaving documents with patient information visible in an open area

    19. How Do I Handle… …An individual asking for access to their record? Individuals have a right of access Route requests to appropriate department or staff Do not attempt to provide or get this information yourself HIPAA gives individuals an array of privacy rights and more control over how their confidential information is used and disclosed. Let’s look at a couple of scenarios you may encounter and discuss how they are handled. How would you handle a situation where an individual requests access to their medical record? HIPAA allows an individual access to their protected health information although there are exceptions. Refer the individual to the appropriate person or department to access their records. (Note to presenter – you may wish to further outline your facility policy/procedures on access to PHI at this time)HIPAA gives individuals an array of privacy rights and more control over how their confidential information is used and disclosed. Let’s look at a couple of scenarios you may encounter and discuss how they are handled. How would you handle a situation where an individual requests access to their medical record? HIPAA allows an individual access to their protected health information although there are exceptions. Refer the individual to the appropriate person or department to access their records. (Note to presenter – you may wish to further outline your facility policy/procedures on access to PHI at this time)

    20. How Do I Handle… …An individual’s request to change their medical record? Individuals have the right to amend or correct their record Route requests to appropriate department or staff Do not attempt to handle yourself What would you do if an individual requests a change to their medical record after they read it? They have a right to request a correction or amendment to their health information, however, the request will be reviewed or investigated to make sure it is appropriate. When an individual requests an amendment to their PHI, always route the request to the appropriate department or staff. (Note to presenter – you may wish to further outline your facility policy and procedures on amendment and correction at this time) What would you do if an individual requests a change to their medical record after they read it? They have a right to request a correction or amendment to their health information, however, the request will be reviewed or investigated to make sure it is appropriate. When an individual requests an amendment to their PHI, always route the request to the appropriate department or staff. (Note to presenter – you may wish to further outline your facility policy and procedures on amendment and correction at this time)

    21. How Do I Handle… Tell them to call Directory information Do not attempt to answer yourself How would you handle a family member or close friend asking about a patient? If an individual is asked for by name and they have approved it, directory information can be disclosed. Directory information includes the individual’s name, location in the facility, or condition in general terms (good, fair, poor, critical). (Note to presenter – you may wish to further outline your facility policy and procedures on disclosures at this time) What if a family member or close friend is asking for clinical or billing information? First, you should try to obtain permission from the individual if they are present and competent to give permission. If they are not, staff may use their professional judgment to determine if information should be disclosed and how much. To make this decision, consider who the person is and their relationship to the individual and disclose only the information that is pertinent to that relationship. For example, if the relative has financial Power of Attorney and is requesting information related to payment of the bill, it would be appropriate to disclose information for payment purposes.How would you handle a family member or close friend asking about a patient? If an individual is asked for by name and they have approved it, directory information can be disclosed. Directory information includes the individual’s name, location in the facility, or condition in general terms (good, fair, poor, critical). (Note to presenter – you may wish to further outline your facility policy and procedures on disclosures at this time) What if a family member or close friend is asking for clinical or billing information? First, you should try to obtain permission from the individual if they are present and competent to give permission. If they are not, staff may use their professional judgment to determine if information should be disclosed and how much. To make this decision, consider who the person is and their relationship to the individual and disclose only the information that is pertinent to that relationship. For example, if the relative has financial Power of Attorney and is requesting information related to payment of the bill, it would be appropriate to disclose information for payment purposes.

    22. How Do I Handle… …Co-workers asking about a patient’s condition or treatment? Route request to appropriate department or staff Do not attempt to provide or get this information yourself You may encounter a situation where another member of the workforce asks you about a patient’s condition or treatment. Can you disclose the confidential information? First, consider the reason—are they part of the professional team treating the individual or providing advice or consultation? If yes, they may have access to all PHI. Are they a billing clerk asking for information to do their job? If yes, you can disclose information needed for their job. If the information is not needed for the person to do their job or for treatment purposes, the confidential information should not be disclosed to them without a compelling reason. (Note to presenter – you may wish to ask the audience for scenarios related to disclosures to other staff or outside parties) You may encounter a situation where another member of the workforce asks you about a patient’s condition or treatment. Can you disclose the confidential information? First, consider the reason—are they part of the professional team treating the individual or providing advice or consultation? If yes, they may have access to all PHI. Are they a billing clerk asking for information to do their job? If yes, you can disclose information needed for their job. If the information is not needed for the person to do their job or for treatment purposes, the confidential information should not be disclosed to them without a compelling reason. (Note to presenter – you may wish to ask the audience for scenarios related to disclosures to other staff or outside parties)

    23. Penalties If you break the rules, you can face civil and criminal penalties If found guilty you can be fined and/or sentenced to jail

    24. Civil Penalties $100 per wrong act up to $25,000 per person, per year for each rule broken

    25. Criminal Penalties $50,000 & 1 year in jail if found guilty of telling protected health information $100,000 & 5 years in jail if found guilty of obtaining or disclosing protected health information under false pretenses $250,000 & 10 years in jail if found guilty of obtaining and disclosing PHI with intent to sell, transfer, or use for cash, personal gain, or malicious harm

    26. “Privacy-friendly” Practices

    27. “Privacy-friendly” Practices

    33. MCG Compliance/ Privacy Officers Please report any violations to the MCG Privacy Officer at 721-2661, or call MCG’s Legal Office at 721-4018

More Related