Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1.

Similar presentations


Presentation on theme: "Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1."— Presentation transcript:

1 Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1

2 Objectives Discuss the components of the HIPAA legislation as it applies to EMS Providers Outline examples of patient information that falls under the umbrella of HIPAA protection. Describe the penalties for breaching confidentiality through HIPAA legislation Using a variety of scenarios, demonstrate good decision making regarding HIPAA guidelines. 2

3 3 Introduction HIPAA ( Health Insurance Portability and Accountability Act) was passed in HIPAA ( Health Insurance Portability and Accountability Act) was passed in Department of Health & Human Services (DHHS) issued the final Privacy rule in April Department of Health & Human Services (DHHS) issued the final Privacy rule in April Regulation required compliance by: April 14, 2003 Regulation required compliance by: April 14, 2003

4 4 Purpose of HIPAA Protect patients rights by giving them access to their health information and control over how it will be used Protect patients rights by giving them access to their health information and control over how it will be used Improve the quality of care by restoring trust in the health care system Improve the quality of care by restoring trust in the health care system Protect the security & privacy of all medical records that is used or shared in any form Protect the security & privacy of all medical records that is used or shared in any form

5 5 HIPAA Privacy vs. Security Standards Privacy Standards - deal with patients expectations of providers in terms of the way health information is used. Privacy Standards - deal with patients expectations of providers in terms of the way health information is used. Example - Limiting who has access to their records Example - Limiting who has access to their records Security Standards - deal with measures that covered entities can take to keep their information safe Security Standards - deal with measures that covered entities can take to keep their information safe Example - Encrypting information before it is sent over the Internet. Example - Encrypting information before it is sent over the Internet.

6 6 Why do we need a Privacy Rule? HIPAA came about as the result of concerns from patients regarding: HIPAA came about as the result of concerns from patients regarding: Breeches in Confidentiality Breeches in Confidentiality Particularly regarding electronic records and transport of information Particularly regarding electronic records and transport of information

7 Three cases in point Accidentally, hospital in Michigan posted thousands of patient medical records on the Internet Accidentally, hospital in Michigan posted thousands of patient medical records on the Internet Employee from a Florida health department took home a disk containing names of 4,000 patients w/ positive HIV tests. Employee from a Florida health department took home a disk containing names of 4,000 patients w/ positive HIV tests. Congressional Candidate stated that her campaign was derailed when the media published her psychiatric treatment after a suicide attempt. Congressional Candidate stated that her campaign was derailed when the media published her psychiatric treatment after a suicide attempt. 7

8 8 Creating a Culture of Confidentiality Facts: Facts: One out of every five Americans believes their health information is used inappropriately. One out of every five Americans believes their health information is used inappropriately. One in six report that they have provided inaccurate information to their health care provider because they don’t feel it will be kept confidential. One in six report that they have provided inaccurate information to their health care provider because they don’t feel it will be kept confidential.

9 9 What happens if patients don’t trust us? Quality care is compromised – Quality care is compromised – Conditions may go undetected or untreated Conditions may go undetected or untreated Health information may not be complete and accurate Health information may not be complete and accurate

10 10 Who is Included? Health Care Providers Health Care Providers Physicians Physicians Hospitals Hospitals Social workers Social workers Pharmacists Pharmacists Nursing Homes Nursing Homes Licensed health care Providers Licensed health care Providers Outpatient Physical Therapy Outpatient Physical Therapy Certified Nurse-midwife services Certified Nurse-midwife services Home Health agencies Home Health agencies Emergency Medical Services Providers Emergency Medical Services Providers

11 11 Cont…... Anyone!!!! Anyone!!!! In a healthcare facility who uses or may see confidential patient information is included.

12 12 Insurance Providers Employees working for Health Plans Employees working for Health Plans HMO’s HMO’s Insurance companies Insurance companies Medicare Medicare Medicaid Medicaid Employee benefit plans Employee benefit plans

13 13 Cont….. Business Associates Business Associates Persons or entities that provide services to or on behalf a covered entity but are not members of the entity’s workforce such as members of an EMS System

14 14 What is Protected Health Information (PHI)? Health information created or received by a covered entity, regardless of form that could be used directly or indirectly to identify an individual. Health information created or received by a covered entity, regardless of form that could be used directly or indirectly to identify an individual. Name Address City Name Address City County Zip Code Fingerprints County Zip Code Fingerprints Name of relative or employer DOB Name of relative or employer DOB Telephone # SS # Fax # Telephone # SS # Fax # Photos Medical Record or Account # Photos Medical Record or Account # License # License #

15 15 HIPAA Penalties HIPAA is serious about patient privacy HIPAA is serious about patient privacy Failure to comply: Each violation is $100, with the maximum penalty not to exceed $25,000 for each identical violation Failure to comply: Each violation is $100, with the maximum penalty not to exceed $25,000 for each identical violation Wrongful disclosure of information: $50,000 and / or one year of prison. Wrongful disclosure of information: $50,000 and / or one year of prison. Obtaining information under false pretense: $100,000 and / or prison for up to 5 years Obtaining information under false pretense: $100,000 and / or prison for up to 5 years Intent to sell: $250,000 and / or up to 10 years in jail Intent to sell: $250,000 and / or up to 10 years in jail

16 16 Patient Rights Keeping the patient informed Keeping the patient informed Notice of Privacy Practices Notice of Privacy Practices Authorization Authorization Access/control over patient’s health information Access/control over patient’s health information Access Access Amendment Amendment Culture of confidentiality Culture of confidentiality Restrictions Restrictions Minimum necessary Minimum necessary

17 17 Patients Rights Keeping the patient informed Notice of Privacy Practices Notice of Privacy Practices Patients must have access to a written explanation of how your facility may use and disclose their health information. Patients must have access to a written explanation of how your facility may use and disclose their health information. Authorization Authorization Patient must grant permission for the release of medical information for non-routine disclosures and most non-health care purposes. Patient must grant permission for the release of medical information for non-routine disclosures and most non-health care purposes.

18 18 Patient’s Rights Access/control over patients health information Request for Access Request for Access Right of access to inspect and obtain a copy o his/her medical record. Right of access to inspect and obtain a copy o his/her medical record. Request for Amendment Request for Amendment Right to request a change to his/her medical record. Right to request a change to his/her medical record. Restrictions Restrictions Provide patients with an opportunity to request a restriction on the use or disclosure of his/her health information. Provide patients with an opportunity to request a restriction on the use or disclosure of his/her health information.

19 19 Patients Rights Accurate Documentation Medical Records Medical Records Accurate Accurate Complete Complete Legible Legible

20 20 Patient’s Rights Culture of Confidentiality Minimum Necessary Minimum Necessary Access will be limited to the “minimum necessary ” t o achieve the intended purpose of the use or disclosure. Access will be limited to the “minimum necessary ” t o achieve the intended purpose of the use or disclosure. Not all health providers need all the information on the patient. Only the information that is needed to provide care. Not all health providers need all the information on the patient. Only the information that is needed to provide care.

21 Can Any Healthcare Information be used for other purposes? Information can be used for improving the delivery of care: Information can be used for improving the delivery of care: Quality Assurance Review Quality Assurance Review Continuing Education /Case Review Continuing Education /Case Review Critical Incident Stress Debriefing Critical Incident Stress Debriefing 21

22 If any information is used Protected Health Information (PHI) identifiers removed as much as possible to protect the identity of the patient. Protected Health Information (PHI) identifiers removed as much as possible to protect the identity of the patient. Names are never used. Names are never used. 22

23 23 HIPAA is the law As a health care provider, it is your responsibility to honor these patient rights and to make sure that personal information is protected. As a health care provider, it is your responsibility to honor these patient rights and to make sure that personal information is protected.

24 Review Consider the following questions as a group. Consider the following questions as a group. IDPH site code: Use site code assigned to your agency for IDPH site code: Use site code assigned to your agency for If doing this CE individually, please your answers to: If doing this CE individually, please your answers to: Use “HIPAA 2014 CE” in subject box. Use “HIPAA 2014 CE” in subject box. IDPH site code: E-1214W IDPH site code: E-1214W You will receive an confirmation. Print this confirmation for your records and document in your PREMSS CE record book. You will receive an confirmation. Print this confirmation for your records and document in your PREMSS CE record book.

25 25 HIPAA Scenario One You and your partner respond for a neighbor who suffers from depression. You discover during your assessment that the patient has had suicidal thoughts. After the call, you are concerned that other First Responders in your community need to know the extent of the patient’s illness so they can watch for warning signs should the depression deepen. Can you share what you have learned with you fellow First Responders?

26 26 ? HIPAA Scenario Two There is a call in your town. It involves the treatment of an entrapped farmer who subsequently dies from his injuries. You are concerned that a Critical Incident Stress Debriefing might lead to a violation of HIPAA. Should you be concerned?

27 27 HIPAA Scenario Three You are in charge of presenting a CE session for the monthly meeting of First Responders. You want to share some of the details of a recent call, but you are concerned you will be in violation of HIPAA because the patient is a resident in your town. Can you do case review as education? If so, what precautions should you take to protect the patient’

28 28 HIPAA Scenario Four The First Responders in your fire department routinely use a break room in the station to fill out their paperwork. The room is not secure. How can you ensure that confidentiality is not compromised? Can you work on paperwork while non-FRs are in the room?

29 29 HIPAA Scenario 5 You have just assisted with your first field delivery of a newborn. You are so excited you post it on Facebook with pictures from your cell phone. Can you do this and still comply with HIPAA? You have just assisted with your first field delivery of a newborn. You are so excited you post it on Facebook with pictures from your cell phone. Can you do this and still comply with HIPAA?

30 30 Answers 1. No, this is a breech of confidentiality 2. No, a Critical Incident Stress Debriefing is held with only those providers involved in the call. The rules of CISD is that everything said at the debriefing is confidential. 3. You can use the details of the call as education as long as you do not give out identifying information such as name, address.

31 Answers 4. If you are working on EMS First Responder paperwork, you need to be sure to put everything away when you are done. Do not leave call reports with confidential information on the table where anyone can pick it up. You can work on paperwork with non EMS personnel in the room, but do not share the information with them. 31

32 Answers 5. No. Putting information about EMS calls on Facebook is a breech of confidentiality. Even if you use no names it would be very easy in a small community for people to figure out who the mother and child are. 32

33 33


Download ppt "Overview of HIPAA regulations Privacy policies Presence Regional EMS System 2014 HIPAA: Health Insurance Portability and Accountability Act 1."

Similar presentations


Ads by Google