HIPAA PRIVACY REGULATIONS

1
HIPAA PRIVACY REGULATIONS

• HIPAA WHAT A HIPPO!
• LEIGH RICHARDSON,
• SPHR
• Human Resource Consultant
• www.human-capital-mgmt.com
• Phone (817) 251-0968

2
Why Do We Have HIPAA?

• Increase efficiency of health care system
• Decrease cost electronic transfer of
  information
• Individual privacy
• Health and Human Services administers

3
Penalties For HIPAA Violations

• Non-compliance with requirements
• 100 per violation to a maximum of 25,000 /
  year / requirement
• Many requirements fines could be a multiple of
  25,000
• Wrongful disclosure of health information
• Simple disclosure - fines up to 50,000 and/or
  one year in prison
• Disclosure under false pretenses - fines up to
  100,000 and/or five years in prison
• Disclosure with intent to sell or use - fines up
  to 250,000 and/or ten years in prison

4
What Makes a Health Plan Small or Large?

• Small Plans with annual receipts of less than
  5 million
• Large Plans with annual receipts of 5 million
  or more
• Annual receipts
• total premiums paid (fully insured plan)
• total amount paid for health claims during the
  last full plan year (self-funded plan)

5
Purpose of HIPPA

• Protect sensitive health information
• Grant individuals the right to
• Access their own health information
• Request restriction on the use of their health
  information
• Accounting
• Request an amendment
• Confidential communications
• File a complaint with the plan and/or the
  Department of Health and Human Services

6
Does HIPAA Apply To All Medical?

• NO
• Employer wears two hats
• Health plan sponsor governed by HIPAA
• Employer not governed by HIPAA

7
No HIPAA Implications

• Pre employment physicals
• Fitness for duty exams
• Drug free workplace programs
• Doctors notes
• FMLA/ADA medical information
• Workers Compensation
• Disability Programs
• Life Insurance

8
How Do We Minimize The Impact of HIPAA?

• Restrict the access and use of Protected
• Health Information (PHI)
• to very limited circumstances
• Only access information that is absolutely
  necessary for intended purpose

9
What is PHI?

• Health information
• Individually identifiable
• From a covered entity
• Only PHI is governed by HIPAA

10
What Makes Data Individually Identifiable?

• Medical record number
• Health plan beneficiary number
• Account numbers
• Certificate/license numbers
• Vehicle identifiers and serial numbers, including
  license plate numbers
• Device identifiers and serial numbers
• Web Universal Resource Locators (URL)
• Internet Protocol (IP) addresses
• Biometric identifiers, including finger and voice
  prints
• Any other unique identifying number,
  characteristic or code

• Names
• Addresses
• Can use first 3 digits of a zip code
• Dates - (year only is ok)
• Birth date
• Admission date
• Date of death
• Telephone fax numbers
• E-mail addresses
• Full face photographic image and comparable
  images
• Social Security number

11
What Are Covered Entities?

• Health plans
• Only plans with less than 50 participants who are
  self-insured and self-administered are exempt
• Providers
• Doctors
• Hospitals
• Clearinghouses
• Process non-standard data elements into standard
  data elements

12
What Does This Mean??

• Know who your covered entities are
• Privacy notices have been distributed
• Procedures for right of access
• Procedure for responding to complaints
• Discuss HIPAA with service provider business
  associates
• Conduct training
• Procedures for tracking disclosures
• Stop sharing PHI information impermissible ways
• Determine applicable state laws