hipaa n.
Skip this Video
Loading SlideShow in 5 Seconds..
HIPAA PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 50

HIPAA - PowerPoint PPT Presentation

  • Uploaded on

HIPAA. Health Insurance Portability & Accountability Act. Program Objectives: . Define HIPAA Who is covered by HIPAA? Goals of HIPAA How does HIPAA affect you? Why comply? Definitions Protected Health Information (PHI), “Use”, and “Disclosure” What are “Security Rules”.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    • Health
    • Insurance
    • Portability &
    • Accountability
    • Act
    program objectives
    Program Objectives:
    • Define HIPAA
    • Who is covered by HIPAA?
    • Goals of HIPAA
    • How does HIPAA affect you?
    • Why comply?
    • Definitions

    Protected Health Information (PHI), “Use”, and “Disclosure”

    What are “Security Rules”

    what is hipaa
    HIPAA-Health Insurance Portability and Accountability Act of 1996

    Original intent was to ensure portability of Insurance when employment changes

    Administrative Simplification

    Standardization of formats, codes and identifiers

    Increased security of electronic health data

    Increased protection of protected health information

    Simplify health care administration

    What is HIPAA?
    • PHI=Individually identifiable health information in any form or media. Only authorized people will look at or use it for treatment, payment or health care operations (TPO)
    • Privacy=Right of individual to keep certain personal information to themselves with confidence that only authorized people will look at or use it.
    • Security=Protection of PHI, data and systems from accidental or intentional access by unauthorized users.
    • Use=How information is used in an institution
    • Disclosure=How information is given out to other institutions for use
    • TPO=Treatment, Payment, and Operations
    • Minimum Necessary=Minimum amount of information you “need to know to do your job”
    who is covered by hipaa
    Who is covered by HIPAA?
    • Health care providers
    • Health Plans
    • Health care clearinghouses
    goals of hipaa
    For Patients

    Control over their information (PHI)

    Right to see their records and correct mistakes

    Right to know who has seen their PHI

    For Institutions

    Protect patient PHI

    Limit use of PHI

    Penalize those who misuse PHI

    Goals of HIPAA
    what is protected health information
    What is protected health information?
    • Information that identifies a person, living or deceased
    • Past, present, or future health information
    • Electronic, paper, verbal form
    • Give examples?
    who can access this information
    Who can access this information?
    • HIPAA privacy rules limit both “Use” and “Disclosure”
    • Patients typically give permission for use or disclosure of their information by signing a written form. Some disclosures are required by law, such as reporting of gunshot wounds, child abuse, infectious diseases and do not require patient permission.
    internal use of phi
    Internal use of PHI
    • Non routine access will be limited by policies and procedures of each institution
    • Routine access will be limited by job function
      • “Need to know”, or minimum necessary needed for each task
      • Example EKG: technicians only need the information relating to the EKG. They would not need to see patient progress notes or insurance information
    security rules
    Security Rules
    • Protect Information itself from unauthorized use and misuse by those allowed to view the PHI
    • Protect the systems that store PHI – The hardware and software
      • Systems must be protected so that unauthorized people cannot get the information.
    privacy and security rules
    Privacy and Security Rules
    • Patients have the right to control their information
    • Institutions will limit the use and disclosure of information
    • Institutions will protect information on the computer
    what makes hipaa new
    What makes HIPAA new?
    • The Government has decided what the basic requirements are for protection of patient information
    • Institutions are being held accountable
    • Increased health care consumer confidence
    why privacy
    Why Privacy?
    • A Tampa Florida man stole a list of patient names
    • New York congressional candidate’s suicide attempt made public
    • Employee of large Insurance plan company views PHI of friend’s ex-wife
    how does hipaa affect you
    How does HIPAA affect you?
    • Faculty and Students are held to the same obligations and accountability as employees.
    • You may find yourself in situations involving patient information.
    protecting verbal phi
    Protecting Verbal PHI
    • You just made it through the long cafeteria line and sit down to eat. As you eat your lunch you can hear two co-workers discussing a patient. What do you do?
    protect confidentiality
    Protect confidentiality
    • Respect privacy. This does not mean you have to ignore someone you know. Just do not ask for personal health information.

    Do not repeat information to others.

    Remember: “Need to know”

    Do not ask for information even if you know the person.

    what do you do
    What do you do?
    • You entered a patient’s room to explain a procedure. The patient has several visitors in the room who may or may not be family.
    what do you do1
    What do you do?
    • You are walking down the hallway in the health care facility where you work. You are stopped by a visitor who asks for directions.
    protecting spoken information
    Protecting Spoken Information
    • Around Patient Rooms
      • Knock first and ask permission to enter
      • Close doors or curtains
      • Speak softly in semi-private rooms
    • In Public Areas
      • Do not talk about patients
      • Direct visitors to the information desk
      • Do not leave messages containing PHI on answering machines
    what do you do2
    What do you do?
    • Suppose you work in an area where several people share a fax machine in a lounge. While you are in the lounge a fax including PHI arrives but no one comes to get it. Later that afternoon you notice the fax is still there.
    do not leave medical information unattended

    Tell your supervisor about the Fax.

    what do you do3
    What do you do?
    • You enter a conference room and find papers with patient information left on the table.
    protecting written information
    Protecting Written Information
    • Find the owner of “lost” papers
    • Shred information no longer needed
    • Do not leave papers unattended
    • Keep information away form public view
    protecting electronic information
    Protecting Electronic Information
    • Keep computer screens pointed away from the public
    • Never leave patient information in public areas unattended
    • Log off workstations when leaving the area
    • Do not share your password verbally, in writing, or by e-mail with anyone
    • Report any misuse of or problems with your password
    you are responsible
    You are responsible
    • Any activity on the computer that is made with your user name is your responsibility
    • Prevent loss or theft of handheld and laptop computers
    • Use passwords to protect information
    • Close programs when not in use
    why comply
    Why Comply?
    • It is the right thing to do
    • You will face disciplinary action
    • There may be penalties
    consequences for noncompliance
    Wrongful disclosures

    Gaining access by false pretenses

    Intent to sell, transfer or use

    Up to $50,000 + 1year in prison

    Up to $100,000 + up to 5 years in prison

    Up to $250,000 + up to 10 years in prison

    Consequences for Noncompliance
    enforcement of hipaa
    Enforcement of HIPAA
    • The Office for Civil Rights has been charged with enforcing HIPAA privacy regulation
    questions about privacy
    Questions About Privacy?

    Some situations are not clear

    HIPAA was not meant to interfere with patient care

    When in doubt ask!

    a parting thought

    A parting thought

    If your loved one was a patient wouldn’t you want your family’s privacy to be protected by the people caring for him or her?

    • Federal Register February 20th., 2003 Notice http://www/hipaapro.com/news/hipss downloads.cfm
    • HHS Office of Civil Rights – HIPAA Page www.hhs.gov/ocr/hipaa/
    • Federal Register August 14, 2002 Notice

    http://www.hipaapro.com/news/hipaa downloads.cfm


    What is the official

    legal citation that

    refers to what is

    commonly known as




    What is the official legal citation that refers to health care information use and disclosure in Washington State?

    RCW 70.02


    According to RCW 70.02.020, when can health care providers disclose a pt’s PHI without his/her authorization?

    Only as authorized in RCW 70.02.050.


    Pt. Jacob D. signed the hospital’s Health Care Information Use and Disclosure form and wrote very specific directions regarding who may receive his PHI while at the facility. He directly excluded his ex-wife from receiving any of his PHI.

    Someone at the hospital provided his ex-wife with an update on Jacob when she called the nurses station. What RCW was breached?


    RCW 70.02.020: “A disclosure made under a patient’s written authorization must conform to the authorization.”


    Bob has lived with Kate for 14 years, but they are not married. Kate goes to the hospital with an acute episode of appendicitis. She did not specifically identify Bob as someone the hospital could disclose her PHI to.

    According to the RCWs, can / may the hospital disclose information to Bob about Kate’s condition?


    Maybe. RCW 70.02.050(1): A health care provider/facility may disclose HCI about a pt. w/o the pt’s authorization to the extent a recipient needs to know the information, if the disclosure is:


    (e) To immediate family members of the patient, including a patient's state registered domestic partner, or any other individual with whom the patient is known to have a close personal relationship…


    (e) …if made in accordance with good medical or other professional practice, unless the patient has instructed the health care provider or health care facility in writing not to make the disclosure.


    Mercy hospital is on the cutting edge of research and development of new treatment modalities, especially regarding rare diseases.

    Pt. Mundy is in Mercy hospital being treated for a rare disorder of the mesentery.

    Can Mercy hospital use Pt. Mundy’s PHI for research w/o his authorization?


    Maybe. RCW 70.02.050(1): A health care provider/facility may disclose HCI about a pt. w/o the pt’s authorization to the extent a recipient needs to know the information, if the disclosure is:


    (g) For use in a research project that an institutional review board has determined:

    (i) is of sufficient importance to outweigh the intrusion into the privacy of the pt. that would result from the disclosure.