Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA & YOU A practical guide to privacy and security for MTs. 1 Theresa Leppert, RHIT.

Similar presentations

Presentation on theme: "HIPAA & YOU A practical guide to privacy and security for MTs. 1 Theresa Leppert, RHIT."— Presentation transcript:

1 HIPAA & YOU A practical guide to privacy and security for MTs. 1 Theresa Leppert, RHIT

2 Theresa Leppert, RHIT, LMT Who is Theresa Leppert, RHIT, LMT and why is she presenting on the topic of HIPAA? 2

3 Vocabulary/abbreviations HIPAA – Health Insurance Portability & Accountability Act. PHI – Protected Health Information CE – Covered Entity BA – Business Associate ARRA – American Recovery and Reinvestment Act HITECH – Health Information Technology for Economic & Clinical Health 3

4 I know what HIPAA is already, okay…. but what the heck is ARRA and/or HITECH? American Recovery and Reinvestment Act (The Stimulus Plan) Health Information Technology for Economic and Clinical Health Act HIPAA, ARRA, HITECH 4

5 ARRA/HITECH Under HITECH, physicians can qualify for up to $44,000 in Medicare bonus incentives, and/or $65,000 in Medicaid bonus incentives if they demonstrate “meaningful use” of an Electronic Health Record. What is meaningful use? So how does ARRA and/or HITECH affect me? As a patient, that means in the near future (if not now), your medical providers will have an electronic record on you. As an MT…… Well, I am sure you have already seen changes in our industry. 5

6 Medicare HITECH timeline Year of Use 201120122013201420152016Totals $$ Incentive $18,000$12,000$8,000$4,000$2,000$44,000 $18,000$12,000$8,000$4,000$2,000$44,000 $15,000$12,000$8,000$4,000$39,000 $15,000$8,000 $31,000 6 ARRA/HITECH FAQs

7 Medicaid HITECH Timeline Year 2011$25,000 2012$10,000$25,000 2013$10,000 $25,000 2014$10,000 $25,000 2015$10,000 $25,0001% 2016$10,000 $25,0002% 2017$10,000 3% 2018$10,000 2019$10,000 2020$10,000 Totals$65,000 7 ARRA/HITECH FAQs

8 Who is eligible for HITECH Incentives? Hospitals Skilled nursing facilities Nursing facilities Home health entities Long term care facilities Health care clinics Community mental health centers Renal dialysis Facilities Blood Centers Ambulatory Surgery Centers Emergency medical svc providers Federally qualified health centers Group practices Pharmacies Laboratories Physicians (MD, DO, DDS, DDM, DPM, OD, DC) Practitioners (PA, NP, CNS, CRNA, CNM, CSW, Psy, RD) Indian Health Svc Providers Rural Health Clinics Therapists 8 ARRA/HITECH FAQs

9 Who is NOT eligible for HITECH incentives? Free clinics that do not bill Medicare or Medicaid Physical therapists Hospital-based physicians Acupuncturists and other holistic providers Any practice not eligible for Medicare or Medicaid payments 9

10 MTSO Owners I am the owner of an MTSO, what do I need to focus on? Well, best practices dictate: Confidentiality Agreement Secure work area Destruction of PHI Email encryption Voice files/Demog systems – passwords! 10

11 MTSO Owners – cont’d The MTSO should require assurance (contractually!) of the following for offsite computer security purposes: Work computer ONLY, password protected Firewalls Antivirus, Malware, and Operating System UTD No gaming/music file-sharing programs Repairs – remove PHI! Contract terminations – Destruction Certification 11

12 At-Home MTs I work at home, what do I need to focus on? Secure location Screen facing away Password protected Screen saver/Auto Logoff Consider privacy screen Shredder 12 WEDI-SNIP Security and Privacy Workgroup

13 At-Home MTs – cont’d Be ALERT to potential risks! The following can mitigate those risks…. Shred anything that has PHI Never leave PHI unattended De-identify reports (i.e. sample rpts, QA rpts) Encrypt Emails! Don’t hold PHI any longer than needed Restrict others from using your work PC 13

14 To Fax or not to Fax? Does anyone still fax? YES! How can I mitigate my risk? Only fax if absolutely necessary Use a coversheet – and have a disclosure statement on coversheet! Double- and triple-check fax numbers (Preprogram if possible!) Retain coversheet and fax confirmation for 1 year 14

15 What is considered a BREACH? Unintentional breach Deliberate unauthorized access without PHI disclosure Deliberate unauthorized disclosure or deliberate tampering without personal gain Deliberate unauthorized disclosure for personal gain 15 HIPAA Compliance for MTs

16 Possible Penalties 16

17 We had a breach – now what? Depends on the level of the breach! Unintentional Contact recipient, ask to destroy the PHI Document situation/said destruction Notify privacy officer (if you have one.) Deliberate – all of the above, plus: Institute disciplinary process, possible immediate termination 17

18 How to make HIPAA fun (Yes, I said FUN!) This website has some HIPAA Games that are great training tools – I highly recommend these! (Choose Security and Privacy Challenge) security-training-games security-training-games 18

19 So why is all this so important? Medical Identity Theft! In 2013, medical-related identity theft accounted for 43% of all ID thefts in the United States. The US Dept. of HHS says since 2009, between 27.8 million and 67.7 million medical records have been breached. 19

20 Motives for MID theft Illegal or bogus treatment – fraudulent claims Theft of medical services, from simple ER visits to complex surgeries To obtain prescription drugs 20

21 The price of M.I.D. Theft Ruined Credit Loss of Healthcare Coverage Inaccurate records that are difficult to correct. Legal troubles 21

22 Signs of M.I.D. Theft A bill for medical services you didn’t receive A call from a debt collector about a medical debt you don’t owe Medical collection notices on your credit report A notice from your health plan about reaching benefit limit Denial of insurance because your records show a condition you do not have 22

23 QUESTIONS??? 23

24 Sources ARRA/HITECH FAQs - _HITECH _HITECH MT’s Checklist by WEDI-SNIP Security and Privacy Workgroup. HIPAA Compliance for MTs - HIPAA Privacy and Security – AHDI online resources. dSecurity/tabid/272/Default.aspx dSecurity/tabid/272/Default.aspx Economic Stimulus Act Expands HIPAA, funds Health Information Technology. a1031986bcf4/Presentation/PublicationAttachment/84c34466-763f-4c83-b8de- a1dcea0d7041/Healthcare_Alert_Economic_Stimulus_Act_Expands_HIPAA_Fu nds_Health_Information_Technology_022009.pdf a1031986bcf4/Presentation/PublicationAttachment/84c34466-763f-4c83-b8de- a1dcea0d7041/Healthcare_Alert_Economic_Stimulus_Act_Expands_HIPAA_Fu nds_Health_Information_Technology_022009.pdf “Safeguarding PHI: Focus Points for Offsite Transcriptionists” Diane Hatch and Renee M. Priest, CMT. 24

25 Sources – Cont’d “HIPAA for MTs” Version 1.0 from Select Medical Frequently Asked Questions 2014-2015 Select Medical HIPAA Awareness – Non-Workforce Edition Security Training Games - training-games training-games “Medical Identity Theft” Consumer Information from FTC. “The Rise of Medical Identity Theft In Healthcare” by Michael Ollove. indentity-theft.aspx indentity-theft.aspx “Medical Identity Theft” by Coalition Against Insurance Fraud. 25

Download ppt "HIPAA & YOU A practical guide to privacy and security for MTs. 1 Theresa Leppert, RHIT."

Similar presentations

Ads by Google