A GENERAL INTRODUCTION TO HIPAA AND THE PRIVACY REGULATIONS FOR UMB PERSONNEL

1
A GENERALINTRODUCTION TOHIPAA AND THEPRIVACY
REGULATIONSFOR UMB PERSONNEL
03/20/03
2
HIPAA PRIVACY - Overview

• This presentation provides a brief summary about
  new federal rules governing the privacy of health
  information
• It defines basic terms and lists basic principles
  that all UMB Personnel must follow

3
Objectives

• You will learn
• What HIPAA is
• The basics of the Privacy rule
• How HIPAA Privacy affects each of us
• The consequences of non-compliance with HIPAA
  Privacy rules
• Where to go with questions

4
WHAT IS HIPAA?

• Health Insurance Portability Accountability Act
  of 1996
• HIPAA is a Federal law
• HIPAA establishes uniform rules for protecting
  Health Information and privacy
• Maryland law that is stricter than HIPAA and is
  more protective of health information privacy
  than HIPAA still applies

5
Basics of the HIPAA Privacy Rule

• UMB personnel cannot see or use Protected Health
  Information unless it is required for the job.
• UMB personnel can only see or use the minimum
  amount of Protected Health Information that is
  necessary for a task
• UMB personnel who see or use Protected Health
  Information in violation of HIPAA have violated
  federal law. Penalties include fines, jail, and
  UMB disciplinary action which may include
  termination or expulsion

6
HIPAA Penalties

• 100 fine per day for each standard violation.
  (Up to 25,000 per person, per year, per
  standard.)
• 50,000 fine up to one year in prison for
  improperly obtaining or disclosing health
  information.
• 100,000 fine up to five years in prison for
  obtaining or disclosing health information under
  false pretenses.
• 250,000 fine up to ten years in prison for
  obtaining health information with the intent to
  sell, transfer or use for commercial advantage,
  personal gain or harm.
• Penalties under University policy, which can
  include termination or expulsion.

7
Who Must Comply with the Privacy Rules?

• All UMB personnel including faculty, staff,
  students, residents, fellows, and volunteers who
  see or use Protected Health Information,
  including information from
• University of Maryland School of Medicine
• University of Maryland Dental School
• University of Maryland Medical Center
• University Physicians, Inc.
• Affiliated University of Maryland faculty
  practice associations

8
What is Protected Health Information?

• Comes from a health care provider or a health
  plan
• Identifies an individual or
• Could be used to identify an individual
• Describes the health care, condition, or payments
  of an individual
• or describes the demographics of an individual

9
Examples of Demographics

• Name
• Zip code
• Address
• Name of employer
• Birth date
• Telephone number
• Fax number
• E-mail address
• Social security number
• Medical record number

• Health plan beneficiary number
• Account number
• Drivers license number
• Vehicle serial number
• URL
• IP address
• Biometric identifiers
• Full-face photo
• Any other unique identifying characteristic

10
Protected Health Information Describes Health
Condition

• Information from a health care provider or health
  plan
• about an Individuals Physical or Mental
  condition, including
• Past history of a condition
• Present condition
• Plans or predictions about the future of a
  condition

11
Protected Health Information Describes Health
Care

• Information from a health care provider or health
  plan
• about an Individuals Health Care, including
• Who provided care
• What type of care was given
• Where care was given
• When care was given
• Why care was given

12
Protected Health Information Describes Health
Care Payments

• Information from a health care provider or health
  plan
• about an Individuals Health Care Payments,
  including
• Who was paid
• What services were covered by the payment
• Where payment was made
• When payment was made
• How payment was made

13
Protected Health Information must be secured in
all forms

• Written information (reports, charts, x-rays,
  letters, messages, etc.)
• Oral communication (phone calls, meetings,
  informal conversations, etc.)
• E-mail, computerized and electronic information
  (computer records, faxes, voicemail, PDA entries,
  etc.)

14
When Can UMB Personnel Use Protected Health
Information?

• When authorized by the School of Medicine, the
  Dental School, University Physicians, Inc., the
  Affiliated University professional associations,
  or the University of Maryland Medical Center, or
• When the individual has signed a valid
  authorization form, or
• As specifically permitted or required by law.
• In all cases, use reasonable security measures to
  safeguard Protected Health Information

15
Reasonable Security Measures for Protected Health
Information

• Use and do not share computer passwords
• Lock doors, lock file cabinets, and limit access
  to workspace where health information is used or
  stored
• Limit access to printers and faxes where health
  information is printed
• Limit access to health information to only those
  who need it for a specific task
• Redact or use de-identified health information
  whenever possible
• Shred or otherwise properly dispose of health
  information trash
• Use and keep only the minimum health information
  necessary for a specific task
• Follow privacy policies and procedures

16
Privacy - In Summary

• Keep Protected Health Information private and
  secure at all times
• Make sure only UMB Personnel who need to use
  Protected Health Information see it or use it
• Use only the minimum amount of Protected Health
  Information necessary to accomplish the task
• Read and understand UMB Privacy policies and
  procedures
• Know your Privacy Official
• Consult your Privacy Official with any questions
  you have about privacy or Protected Health
  Information

17
Test Your Understanding of the Privacy Rules (1
of 4)

• True or False
• HIPAA has replaced all Maryland State laws about
  privacy of health information.

18
Test Your Understanding of the Privacy Rules (1
of 4)

• Answer False
• Follow Maryland State law in cases where Maryland
  law is stricter and more protective of privacy
  than HIPAA.

19
Test Your Understanding of the Privacy Rules (2
of 4)

• When are UMB personnel authorized to use
  Protected Health Information?
• Any time is it provided directly by someone who
  is a UMB employee
• When it is stored in the files of a persons
  school or department
• Only when it is required for a specific job.

20
Test Your Understanding of the Privacy Rules (2
of 4)

• Answer C UMB personnel may only see or use
  Protected Health Information when it is required
  for a specific job.

21
Test Your Understanding of the Privacy Rules (3
of 4)

• Violation of HIPAA privacy rules can result in
  the following penalty
• A fine
• A jail sentence
• UMB discipline, including termination or
  expulsion
• All of the above

22
Test Your Understanding of the Privacy Rules (3
of 4)

• Answer D All of the above. Violation of HIPAA
  privacy rules can result in a fine, a jail
  sentence, and UMB discipline, including
  termination or expulsion.

23
Test Your Understanding of the Privacy Rules (4
of 4)

• Protected Health Information comes from a
  health care provider or a health plan and
  includes
• Information about an individuals condition
• Information about an individuals payment for
  health care
• An individuals demographic information
• All of the above

24
Test Your Understanding of the Privacy Rules (4
of 4)

• Answer D All of the above. Protected Health
  Information comes from a health care provider or
  a health plan and includes all of the items
  listed, including
• Information about an individuals condition
• Information about an individuals payment for
  health care
• An individuals demographic information

25
Privacy Rules -Next Steps

• Some UMB personnel will receive additional
  training about privacy that is designed to
  address a specific job or activity.
• Questions can be addressed to the Privacy
  Official in your school or administrative
  division or to the
• UMB Privacy Official
• Dr. Peter Murray
• pmurray_at_umaryland.edu