1 / 104

HIPAA Privacy Training

HIPAA Privacy Training. Staff. HIPAA What?. What is HIPAA. H ealth I nsurance P ortability and A ccountability A ct. What is HIPAA. A Federal Law intended to Improve portability and continuity of health insurance coverage

keisha
Download Presentation

HIPAA Privacy Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HIPAA Privacy Training Staff SullyMed Informatics 2003

  2. HIPAA What? SullyMed Informatics 2003

  3. What is HIPAA • Health Insurance Portability and Accountability Act SullyMed Informatics 2003

  4. What is HIPAA • A Federal Law intended to • Improve portability and continuity of health insurance coverage • Combat waste, fraud and abuse in health insurance and health care delivery • Promote use of medical savings account • Improve access to long term care services • Simplify administration SullyMed Informatics 2003

  5. HIPAA • TITLE I--HEALTH CARE ACCESS, PORTABILITY, AND RENEWABILITY • TITLE II--PREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE SIMPLIFICATION; MEDICAL LIABILITY REFORM • TITLE III--TAX-RELATED HEALTH PROVISIONS • TITLE IV--APPLICATION AND ENFORCEMENT OF GROUP HEALTH PLAN REQUIREMENTS • TITLE V--REVENUE OFFSETS SullyMed Informatics 2003

  6. HIPAA • TITLE I--HEALTH CARE ACCESS, PORTABILITY, AND RENEWABILITY • TITLE II--PREVENTING HEALTH CARE FRAUD AND ABUSE;ADMINISTRATIVE SIMPLIFICATION;MEDICAL LIABILITY REFORM • TITLE III--TAX-RELATED HEALTH PROVISIONS • TITLE IV--APPLICATION AND ENFORCEMENT OF GROUP HEALTH PLAN REQUIREMENTS • TITLE V--REVENUE OFFSETS SullyMed Informatics 2003

  7. Immediate Impact • Transaction and Code Sets • Security Rule • Privacy Rule SullyMed Informatics 2003

  8. Focus Today • Transaction and Code Sets • Security Rule • Privacy Rule SullyMed Informatics 2003

  9. Scene I • Monday morning 10 A.M. • Waiting room full, phones ringing, conversations going on all over • Receptionist sitting at in window • Phone on shoulder on hold • Monitor in view of patient • “Good morning Mrs. Jones, you are here for your colonoscopy, did you bring the oncologists records?” SullyMed Informatics 2003

  10. Scene 2 • MA comes to get Mrs. Jones • Says hello to another patient she knows • Inquires about her daughter • How did husband’s lab test come back • Patient surprised he had any test • Brings Mrs. Jones back to exam room SullyMed Informatics 2003

  11. Scene 3 • Records room and clerks all working and talking • Filing labs and asks coworker if they saw the results on Mr. Smith • Notices duplicate copies of results and throws one in trash can SullyMed Informatics 2003

  12. Scene 4 • Billing rep on phone • Mrs. Jones we cannot send bill to a work address • You want to change the diagnosis in your chart? We cannot do that! SullyMed Informatics 2003

  13. Scene 5 • End of day • Charts all over countertops, desks etc. • Wastebaskets full of duplicate copies of reports, letters etc. • Filing cabinets open • Computer screens remain on open to practice management system SullyMed Informatics 2003

  14. Do We Need a Privacy Regulation • No Federal law or national standard • State laws inadequate and inconsistent • False sense of privacy with paper charts • Now the sharing of health information with millions is only a mouse click away SullyMed Informatics 2003

  15. Harm from Inappropriate Disclosure of PHI • Mental anguish • Personal Discrimination • Economic harm • Non-disclosure of important medical info is important to physicians • Core of health care today • Harms patient – physician relationship • Harms quality of care SullyMed Informatics 2003

  16. Who does it apply to? • Health Plans • Health Care Clearinghouses • Health Care Providers • No distinction between small office and large tertiary care hospital • Same rule apply, only implementation differs SullyMed Informatics 2003

  17. Definitions SullyMed Informatics 2003

  18. Health Information • Any information in any form which • Is created or received by the practice • Relates to past, present, future physical or mental health or condition of an individual • Relates to past, present, future payment for providing health care • Includes oral, written, electronic information SullyMed Informatics 2003

  19. I I H I • Individually Identifiable Health Information • Information that is a subset of health information collected from an individual and that • Is created or received by a provider • Relates to past, present, future physical or mental health of individ, payment for providing the health care or providing the health care • AND • Identifies the individual OR • There is a reasonable basis to believe it can be used to identify the individual SullyMed Informatics 2003

  20. Protected Health InformationPHI • Individually Identifiable Health Information that is transmitted or maintained in any form • Excludes IIHI in • Educational records • Family Educational Right and Privacy Act • 20 U.S.C. 1232g • Employment records held by the office in its role as employer SullyMed Informatics 2003

  21. T P O • Treatment • Payment • Operations • Health Care Operations SullyMed Informatics 2003

  22. Use and Disclosure • Use • Sharing, analysis, utilization or examination of IIHI within the office • Disclosure • Release, transfer, providing access to or divulging IIHI outside the office holding the information SullyMed Informatics 2003

  23. Confidentiality • Carried out or revealed in the expectation that anything done or revealed will be kept private • Entrusted with somebody’s personal or private matters SullyMed Informatics 2003

  24. Privacy • Freedom from observation, intrusion or attention of others • The state of being kept secret • About controlling access to information SullyMed Informatics 2003

  25. So far…….. • What HIPAA is • Who it applies to • Some important definitions SullyMed Informatics 2003

  26. Now…….. • How does it apply to us • What we can and cannot do • Office’s privacy practices • Patient Rights • When do we have to do all this • What are the penalties if we don’t do this SullyMed Informatics 2003

  27. Privacy Rule Intent • To protect IIHI from being wrongfully used or disclosed • To protect IIHI from being used or disclosed without an individual’s knowledge SullyMed Informatics 2003

  28. Uses and Disclosures • Required • Permitted • Minimum Necessary • Special Circumstances SullyMed Informatics 2003

  29. Required Disclosures • To the individual when they request access to their information or they request an accounting of disclosures • When requested by the Secretary to investigate compliance with the Privacy Rule SullyMed Informatics 2003

  30. Permitted Uses-Disclosures • To the individual • For TPO • Incident to another permitted use-discl • Pursuant to a valid authorization • As permitted under special circumstances SullyMed Informatics 2003

  31. Minimum Necessary Standard SullyMed Informatics 2003

  32. Minimum Necessary • Must make reasonable effort to limit PHI to the minimum necessary to accomplish the intended purpose of the use or disclosure SullyMed Informatics 2003

  33. Minimum Necessary • Must use, disclose and request only the smallest amount of PHI needed to accomplish the purpose • Access only needed information • Follow office policies and procedures for disclosures • Be careful about disclosing entire medical records SullyMed Informatics 2003

  34. Treatment Provider requests PHI for treatment purposes Individual Disclosures made to the individual Authorization Pursuant to a valid authorization Secretary When requests Law When required Compliance When required for compliance with these requirements When Minimum Necessary Does not apply SullyMed Informatics 2003

  35. Special Circumstances Need to take additional steps SullyMed Informatics 2003

  36. Personal representatives Deceased individuals Whistleblowers Victims of a crime Special CircumstancesUse and Disclosure PHI SullyMed Informatics 2003

  37. Personal Representatives • Must treat a personal representative as the individual except • Unemancipated minor • Abuse or neglect SullyMed Informatics 2003

  38. Adults and Emancipated Minor • If a person has authority to act on behalf of adult or emancipated minor in making decisions related to health care, must treat that person as the individual with respect to PHI • Durable Power of Attorney • Adult with Dementia SullyMed Informatics 2003

  39. Unemancipated Minors • If parent or guardian has authority to act on behalf of unemancipated minor in making decisions about health care, must treat that person as the individual SullyMed Informatics 2003

  40. Unemancipated Minors • May be able to act as individual when: • Consents to health care and no law requires other consent and has not requested the person to act as a personal rep • The personal rep agrees to confidentiality between minor and provider • Minor may lawfully obtain health care services and consents e.g. birth control, STD SullyMed Informatics 2003

  41. Deceased Individuals • Must comply with all requirements regarding PHI of a deceased individual • Same rules apply to uses and disclosures • Personal Representatives become important SullyMed Informatics 2003

  42. Deceased Individuals • If an executor, administrator, or person has the authority to act on behalf of a deceased individual, must treat that person as the personal representative of the deceased individual. SullyMed Informatics 2003

  43. Abuse – Neglect - Endangerment • May elect not to treat a person as a personal representative if you believe • Individual is or may be subject to domestic violence, abuse or neglect by the person OR • Treating the person as a personal rep would endanger the individual AND • Exercising professional judgment, decides it is not in the best interest of the individual to treat the person as the personal rep SullyMed Informatics 2003

  44. Whistleblowers • The organization is not in violation if a member of its workforce or discloses PHI provided that: • The person or believes the organization is in violation of the rule AND • Disclosure is to either • Health oversight agency or public health authority OR • An attorney SullyMed Informatics 2003

  45. Victims of a Crime • Organization is not in violation if a member of it’s workforce who is the victim of a crime discloses PHI to a law enforcement official provided that: • PHI is about the suspected perpetrator AND • PHI disclosed is limited to • Name, address, DOB, SSN, blood type • Date and time of treatment or death • Description of identifying characteristics • Ht, wt, gender, race, color eyes/hair, scars, tattoos SullyMed Informatics 2003

  46. Authorizations SullyMed Informatics 2003

  47. Authorization • Must obtain from the individual for any use/disclosure of PHI other than the following: • TPO • When required by law • As listed in the Privacy Notice SullyMed Informatics 2003

  48. Valid Authorization • Must include specific elements • Core elements • Required statements • Use the office Authorization Form • Previously used authorization forms will not be valid under new rules as they lack the necessary specific elements SullyMed Informatics 2003

  49. Authorizations • Have right to revoke at any time • In writing using office revocation form • Must document and retain signed authorization forms • Must give copy of signed authorization form to individual SullyMed Informatics 2003

  50. Allowed uses and disclosures outside of TPO Without authorization SullyMed Informatics 2003

More Related