HIPAA - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

HIPAA

Description:

HIPAA The Health Insurance Portability And Accountability Act of 1996 ... non-criminal violations, including disclosures made in error- not intent to violate. – PowerPoint PPT presentation

Number of Views:1049
Avg rating:3.0/5.0
Slides: 41
Provided by: Comput344
Category:

less

Transcript and Presenter's Notes

Title: HIPAA


1
HIPAA
  • The Health Insurance Portability And
    Accountability Act of 1996

2
HIPAA History and Objectives
  • Improve the efficiency of the health care system.
  • Reduce the overall cost of health care and
    therefore the federal governments future
    liability.
  • Protect the Privacy and Security of Individuals
    health care information by setting Standards
    and requirements.
  • Standardize and automate increased enabling of
    fraud and abuse monitoring and enforcement.
  • Eliminate pervasive Medicare fraud and abuse.

3
HIPAA Major Rules
  • Transaction Code Sets
  • Standard code sets are required for selected
    data elements in more than one of the electronic
    transaction standards. Electronic transaction
    include transactions using ANY media, even when
    information is physically moved from one location
    to another using diskette, tape or CD media.
  • 2. Privacy Rule
  • Defines who is authorized to access
    information. It is the right of individuals to
    keep information about themselves from being
    disclosed.
  • Security Rule
  • The ability to control access and protect
    information from accidental or intentional
    disclosure to unauthorized persons and from
    alteration, destruction or loss. This is the
    implementation of the Privacy Rules.

4
Protected Health InformationPHI
  • Any information that identifies individual or
    gives a reasonable basis in identifying the
    individual must be protected.
  • Covers all forms of information.
  • Covers names, telephone numbers, fax numbers,
    e-mail addresses, social security numbers,
    photographs, geographical identifier smaller than
    state and any date element such as birth date or
    service discharge date.

5
The Individuals Rights
  • Right to access, inspect and get a copy of their
    own information.
  • Right to request amendment or correction of
    information.
  • Right to have written notice of information
    practices and receive accounting of disclosures.

6
HIPAA Rules and Guidelines
  • Transaction and Code Sets
  • Fully effective October 16, 2003.
  • Privacy Standards for Individually Identifiable
    health Information
  • Fully effective April 14, 2003
  • Security Standards
  • Fully effective date for compliance
    enforcement Fall 2004

7
Who must comply with HIPAA?
  • All direct and indirect providers of health care
    services and supplies
  • direct providers like hospitals
  • indirect providers like laboratories
  • vendors
  • any entity transmitting health information
    in electronic form.

8
Who is not required to follow HIPPA Rules?
  • Life Insurance Programs
  • Worker Compensation Programs
  • Property casualty insurance programs
  • Disability insurance programs
  • Other non-health insurance programs

9
Federal Civil Criminal Penalties for Violation
of Patients Right to Privacy.
  • Civil Monetary Penalties non-criminal
    violations, including disclosures made in error-
    not intent to violate.
  • 100 per violation up to 25,000 per
    year/standard/individual.
  • Criminal Penalties knowingly violating.
  • Up to 50,000 1 year imprisonment for
    obtaining or disclosing PHI.
  • Up to 100,000 up to 5 years imprisonment for
    obtaining or disclosing PHI under false
    pretenses.
  • Up to 250,000 10 years imprisonment for
    obtaining PHI with the intent to sell, transfer,
    or use for commercial advantage, personal gain,
    or malicious harm.

10
Who Polices HIPAA ?
  • Office of Civil Rights of the Department of
    Health Human Services.
  • Covered Entities provide records and compliance
    reports.
  • Any person may file a complaint with the
    Department of Health Human Services.
  • Whistleblower provisions.

11
WHO ARE THE HIPAA WHISTLEBLOWERS?
12
Your Patient Relations
  • Patients are your whistle blowers

13
Provide Notice of Policies Procedures in
Patient Privacy
  • To anyone who asks for it
  • Read or pickup at office
  • Accessible on Web sites
  • Health plans provide notice at enrollment or
    notice of availability
  • First Treatment Service with individuals written
    acknowledgement of receipt
  • Consent and acknowledgement on one form
  • Email notice of Policy and Procedures

14
Reasonable Safeguards
  • Speak quietly
  • Avoid using patient names in public hallways and
    elevators and posting signs to remind employees
    to protect patient
  • Lock or isolate patient records in file cabinets
    or records rooms
  • Passwords on computer systems

15
Concerns of HIPAA Investigators
  • Incidental disclosures
  • Handling in office records or computer screens
  • Faxing of records
  • Loss of control
  • Transfer of records via email / computer
    encription
  • Covered Entitiy ignoring HIPAA compliance
    standards

16
Release of Information ROI
  • Within the patient provider relationship,
    health professionals have a legal, ethical and
    moral obligation to protect confidential
    information

17
What is Confidential?
  • Is there a professional patient provider
    relationship?
  • Was the information exchanged within this
    relationship?
  • Is the information needed to diagnose or treat
    the patient?

18
What is Not Confidential?
  • Patient name
  • Address
  • DOB
  • Insurer
  • Next of Kin
  • Not confidential but private!

19
Need to Know
  • Users may be authorized to see the record
  • Should have a clear need to know to have access

20
Record Ownership
  • Provider owns the record whatever physical form
    its kept in
  • Record is maintained for benefit of patient
  • Documents service and standard of care
  • Patient owns the information has right to
    control its flow
  • Those who violate this right may be held liable
    to the patient

21
Personal and Impersonal Use
  • Confidentiality belongs to the person not to
    the information
  • Personal Uses which depend on individual
    identity, such as patient care, insurance claims
    and legal action
  • Impersonal uses which are independent to
    personal identity program evaluation ,
    statistical report and/or research

22
Valid Authorization
  • Requests in writing
  • Addressed to provider
  • Specific name, address and DOB
  • Specifies information requested
  • Specific dates of service
  • Indicates reason information is needed
  • Date event or condition of expiration
  • Signed by patient or legal representative
    relationship
  • WHEN IN DOUBTlt DONT GIVE IT OUT, seek advice

23
Valid Release Process
  • Locate documents/chart
  • Match the signature for validation
  • Calculate charges
  • Make copy
  • Add cover letter, stress confidentiality/ Return
    receipt if necessary
  • Mail and log it

24
Telephone and Fax (ROI)
  • Discouraged but may be necessary
  • Caller name and number
  • Reason information is needed
  • Information requested
  • Special authorizations

25
Telephone and Fax (ROI)
  • Call backs
  • Fax with cover sheet with confidentiality
    statement
  • Call and confirm that fax is attended
  • Document request and release in log and patient
    chart

26
Releases
  • Patient
  • Attorney
  • Failure to release may result in legal action
  • Subpoena

27
Caution
  • Be alert!
  • Information may be released in unanticipated ways
  • Be cautious who can see computer screens ,
    schedules , copiers, fax machines and who may
    over hear your conversations

28
What DO You Think?
  • One patient overhearing patient health
    information laden conversation in an adjoining
    room between doctor and patient.

29
Answer
  • we dont need to rebuild our offices only to
    create a private , soundproof room, reports the
    Department of Health and Human Services Office
    of Civil Rights (December 2003)
  • Figure out in your office what reasonable
    safeguards
  • Keep Your Staff AWARE!!

30
Scenario
  • A patient overhears the receptionist and
    technician making unkind comments about the waist
    measurement of another patient

31
Answer
  • This is not incidental disclosure. Even if
    individuals were making kind or flattering
    comments about a patients waistline, it would
    still be inappropriate disclosure
  • Gwen Hughes, Care Communications, Chicago Ill.

32
Scenario
  • A bartender overhears an office assistant telling
    another assistant about the famous actor that she
    had as a patient

33
Answer
  • This is an inappropriate disclosure. Personal
    discussions of patients should not take place in
    or especially out of the office.
  • Gwen Hughes, Care Communications, Chicago Ill.

34
5 Step CHECK LIST
  • Notice of Privacy Policies and Procedures
    available
  • Make sure patients can assert their privacy
    rights
  • Keep staff trained (Part time and Full time and
    NEW STAFF)
  • Encourage ongoing awareness and possible
    Incidental Disclosure events
  • Protect the handling of your records

35
True Professionals Are And Should Be Held
Accountable For Their Actions C. Bruce
36
Ten Commandments of HIPAA
  1. Thou shalt accurately capture, code and bill for
    services.
  2. Thou shalt honor the Privacy Security of all
    patient information that is ethically, morally,
    and legally required of every workforce member as
    a part of their job description as a condition
    of employment/service.

37
Ten Commandments of HIPAA
  • Thou shalt treat all patient information, in any
    form, as PHI.
  • Thou shalt access use patient information on a
    need to know basis only idle curiosity is a
    sin and illegal.
  • Thou shalt not discuss patients unless it is
    necessary for treatment, payment, or the
    operation of the organization otherwise it is
    gossip and wrong.

38
Ten Commandments of HIPAA
  1. Thou shalt not disclose individually identifiable
    patient information as it is is a crime,
    punishable by civil and criminal penalties.
  2. Thou shalt discuss patient information only in a
    private setting.
  3. Thou shalt not share user IDs, passwords,
    combinations, etc.

39
Ten Commandments of HIPAA
  1. Thou shalt keep paper patient records out of
    sight of unauthorized persons, including
    workforce members.
  2. Thou shalt report something or someones actions
    that look questionable, as if it seems wrong it
    probably is. Most compliance is common sense.

40
What does this mean to me as a Vision Care
Technology Student at SCC?
  • All patient information is private and not to be
    discussed outside of a classroom situation.
  • Disposal of surgery schedules will follow my
    clinical guidelines for disposal.
  • Transferring any patient information will not be
    done.
Write a Comment
User Comments (0)
About PowerShow.com