HIPAA OBJECTIVES • Define HIPAA • Define PHI • Use of PHI • Your rights • Your responsibilities
HIPAA • HEALTH • INSURANCE • PORTABILITY and • ACCOUNTABILITY • ACT
Components of HIPAA • Insurance portability – Insures individuals moving from one health plan to another will have continuity of coverage and will not be denied coverage under pre-existing-condition clauses. • Fraud enforcement (accountability) – Significantly increases the federal government’s fraud enforcement authority in many different areas. • Administration simplification – the most significant part of the legislation
Easy to share. Easy to misuse.
Knowingly releasing patient information • 1 year jail sentence and $50,000 fine • Gaining access to health information under false pretences • five-year jail sentence and $100,000 fine • Releasing patient information with harmful intent or selling information • 10-year jail sentence and $250,000 fine
Confidential = Identifiable Information • Names • Addresses • Employers • Relatives’ names • Dates of birth • Telephone and fax numbers • E-mail addresses
Confidential = Identifiable Information Continued • Social Security numbers • Medical record numbers • Member or account numbers • Certificate numbers • Voice prints • Finger prints • Photos • Codes • Any other characteristic, such as occupation, which may identify individual CONFIDENTIAL!
PHI • Protected • Health • Information PASSWORD
Ways to Protect Patient Privacy • Do I need to know this to do my job? • Do not pass it on.
Ways to Protect Patient Privacy • Close patient room doors to discuss treatments & administer procedures. • Close curtains & speak softly in semi-private rooms when discussing treatment & administering procedures. • Avoid discussions about patients in elevators & cafeteria lines. • Do not leave messages regarding conditions or test results on answering machines or with anyone other than patient. • Avoid paging patients using information that could reveal their health issues.
Rules for Use • Treatment • Payment • Healthcare Operation • Authorization from individual patient • Disclose information to patient • Incidental disclosures are permitted
Reasons to Release PHI Without Authorization • State health agencies require providers to report to them when patients have certain communicable diseases, even if patient doesn’t want it reported • The FDA requires providers to report certain information about medical devices that break or malfunction • Some states require physicians and other caregivers who suspect child abuse or domestic violence to report it to police
Reasons Continued • Police have the right to request certain info about patients to determine whether they are suspects in criminal investigation or to assist in locating a missing person, material witness or suspect • Courts have the right to order providers to release patient information • Providers must report cases of suspicious deaths or suspected crime victims
Privacy Rules Provide You As A Client New Rights • Notice of privacy • Right to restrict use & disclosure of PHI • Right to have PHI communicated by alternate means • Right to amend PHI • Accounting of disclosures of PHI • Right to access PHI
Your Responsibilities • Understand PHI • Know rules • Know how to implement in your department • Reporting violations