1 / 16

HIPAA Privacy Keys to Success

HIPAA Privacy Keys to Success. Education for Nursing and all other Clinical Students Effective January 2010. What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II – Administrative Simplification It’s a federal law

lyn
Download Presentation

HIPAA Privacy Keys to Success

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA PrivacyKeys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education

  2. What is HIPAA? • Health Insurance Portability and Accountability Act of 1996 • Title II – Administrative Simplification • It’s a federal law • HIPAA is mandatory, penalties for failure to comply Purpose: • Protect health insurance coverage, improve access to healthcare • Reduce fraud and abuse • Improve quality of healthcare in general • Reduce healthcare administrative costs (electronic transactions) HIPAA and Its Purpose HIPAA Job Specific Education

  3. What is HITECH? • Health Information Technology for Economic and Clinical Health Act • Subtitle D of the American Recovery and Reinvestment Act of 2009 (ARRA) • It’s a federal law Purpose: • Makes massive changes to privacy and security laws • Applies to covered entities and business associates • Creates a nationwide electronic health record • Increases penalties for privacy and security violations HITECH and Its Purpose HIPAA Job Specific Education

  4. Breach Notification requirements • AOD for treatment, payment, and healthcare operations in electronic health record (EHR) environment • Business Associate Agreements • Restrictions • Right to access • Criminal provisions • Penalties • OCR Privacy Audits • Copy charges for providing copies from EHR • HIPAA preemption applies to new provisions • Private cause of action • Sharing of civil monetary penalties with harmed individuals Key HITECH Changes HIPAA Job Specific Education

  5. Civil Penalties for Non-compliance* *As of 2/17/10 HIPAA Job Specific Education

  6. For health plans, providers, clearinghouses and business associates that knowingly and improperly disclose information or obtain information under false pretenses. These penalties can apply to any “person”. • Penalties higher for actions designed to generate monetary gain • up to $50,000 and one year in prison for obtaining or disclosing protected health information • up to $100,000 and up to five years in prison for obtaining protected health information under "false pretenses" • up to $250,000 and up to 10 years in prison for obtaining or disclosing protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm Criminal Penalties for Non-compliance HIPAA Job Specific Education

  7. Your FPO is: Susan Armstrong, HIM Director • Responsible for: • Implementation of Privacy and Information Security Program • Privacy Rights of patients • Requests for Privacy Restrictions • Facilitating the training and education of workforce members Facility Privacy Official (FPO) HIPAA Job Specific Education

  8. HITECH: Health Information Technology for Economic and Clinical Health Act • HIPAA: Health Insurance Portability and Accountability Act • PHI: Protected Health Information • CE: Covered Entity (Hospital) • OHCA: Organized Health Care Arrangement (The hospital and medical staff will be considered an Organized Health Care Arrangement) • DRS: Designated Record Set (medical record and billing record) • Directory: Hospital census list used by volunteers and operators with name and room • TPO: Treatment, Payment and Healthcare Operations HIPAA Terminology HIPAA Job Specific Education

  9. Name • Address including street, city, county, zip code and equivalent geocodes • Names of relatives • Name of employers • Birth date • Telephone numbers • Fax Numbers • Electronic e-mail addresses • Social Security Number • Medical record number • Health plan beneficiary number • Account number • Certificate/license number • Any vehicle or other device serial number • Web Universal Resource Locator (URL) • Internet Protocol (IP) address number • Finger or voice prints • Photographic images • Any other unique identifying number, characteristic, code What is Protected by HIPAA (PHI)? HIPAA Job Specific Education

  10. Coversheets with confidential statement need to be used on all external faxes. • Patient charts will need to be placed in secure area • PHI will need to be placed in Cintas Shred containers for disposal • Unless specifically authorized by the patient, patient family members should only be told the basic condition and location • Patient information should only be accessed if there is a need to know • Never discuss patient care in front of visitors– politely ask the visitors to step out for a moment – if the patient states they can stay be sure to document this in the chart. How will HIPAA affect you? HIPAA Job Specific Education

  11. Do not write down any names or identifiable patient information in your student notes – if in doubt check with your instructor • Patient charts need to be placed in secure areas • PHI will need to be placed in Cintas Shred containers for disposal – NOT IN TRASH CANS • Patient information should only be accessed if there is a need to know • Patients have a right to a copy of their medical record but they must go to medical records and sign a release and only after the chart is completed after discharge How will HIPAA affect you? HIPAA Job Specific Education

  12. FPO must maintain complaint log in accordance with the complaint process • ALL privacycomplaints must be routed to the FPO • Responses cannot be accompanied by retaliatory actions by the hospital • Disposition of complaint must be consistent with the facility’s Sanctions for Privacy Violations Patient Privacy Complaints HIPAA Job Specific Education

  13. Patient will receive a Notice upon each registration • The Notice outlines patient’s privacy rights as: • Right to access your PHI • Right to amend (append or add to) your PHI – if you disagree with the information • Confidential Communication-alternative means or to an alternative location • Right to Privacy Restriction-use or disclosures of your PHI • Right to Opt out of Directory-no disclosure of patient’s name, location, condition of patient, or religious affiliation • Right to an accounting for disclosures – where your information went without your authorization Notice of Privacy Practices HIPAA Job Specific Education

  14. HITECH provisions require the following notifications when breaches (as defined in the regulations) occur: • To the patient • To the Department of Health and Human Services • To the media when the breach involves more than 500 individuals in the same state or jurisdiction Breach Notification HIPAA Job Specific Education

  15. Ensure users log off computer systems and medical devices when not in use. • PC’s should have screen savers whenever possible. • Computer screens should be positioned so information (PHI) is not readable by the public or other unauthorized viewers • Printers should be positioned in protected locations so that printed information is not accessible or viewable by an unauthorized person. • PHI must be properly disposed. Ensuring Security Compliance HIPAA Job Specific Education

  16. Discussions of patient information in public places such as hallways and cafeterias • Printed or electronic information left in public view (e.g., charts left on counters) • Discussing patient information on social networking sites (e.g., Facebook, Twitter) • PHI in regular trash • Records that are accessed without need to know in order to perform job duties • Unauthorized individuals hearing patient sensitive information such as diagnosis or treatment Common Exposures HIPAA Job Specific Education

More Related