Presentation on theme: "Anne Arundel County Fire Department"— Presentation transcript:
1Anne Arundel County Fire Department HIPAA Annual TrainingAnne Arundel County Fire Department
2What is HIPAA??HIPAA = Health Insurance Portability and Accountability ActCreated by – United States Department of Health and Human Services (HHS)
3Still not clear??HIPAA is a common set of standards that protects certain health informationThere are several components – but, we are most concerned with the “Privacy Rule.”
4The Privacy RuleThe intent of the Privacy Rule is to provide basic rights regarding the use of “Protected Health Information” (PHI).It protects all “individually identifiable health information.”Electronic, paper, or oralApplies to “covered entities”
5AACo Fire Department falls under the Health Care Provider category Who is a Covered Entity?Three Categories:Health plansHealth care clearinghousesHealth care providers who transmit any health information electronicallyAACo Fire Department falls under the Health Care Provider category
6What’s Required? The Privacy Rule requires Covered Entities to: Protect PHIDesignate a Privacy OfficerLook for “leaks” in the policyConduct/document training for the ENTIRE departmentDevelop an Authorization Form for release of PHI
7More Requirements Develop a Notice of Privacy Practices When permitted, always disclose only the minimum necessary PHIUpdate policies and proceduresIdentify Business Associates and create contractsApply reasonable administrative, technical, and physical safeguards
8Privacy OfficerAn individual within the organization that is responsible for developing and implementing policies and procedures required by HIPAAAnne Arundel County Fire Department’s Privacy Officer is Battalion Chief Matthew Tobia
9Protected Health Information PHI is any information created or received by a health care provider which relates to:Past, present, or future physical or mental conditionsProvision of health carePast, present, or future payment for care
10Examples of PHI Name Address Date of Birth/Age Social Security Number Medical condition/Past medical historyFull face photos
11HIPAA should NEVER negatively impact the quality of patient care or impede the ability to provide care!!The appropriate communication of PHI with other health care providers directly involved in providing patient care does not constitute a violation of HIPAA.
12Safeguarding PHI PCR’s should be kept in a secure location Networks containing PCR’s should be password-protectedInclude confidentiality statements on s and faxes that contain PHI
13Use Caution… Beware of discussion of PHI, such as: Talking about current or prior incident while re-stocking ambo or writing reportDiscussing a call anywhere other than an official audit or reviewDiscussing “interesting” calls, famous patients, or neighborsSharing co-workers or fellow responders PHI
14Unsure About Discussing an Incident?? Ask yourself…Would a Judge agree that the disclosure benefited patient care AND was performed with the utmost discretion???If you were the patient, would you want an “embarrassing” injury or illness to be discussed?
15Notice of Privacy Practices (NPP) The department must make a Good Faith attempt to provide a NPP to each patientThe department must also make an effort to get a signed “Acknowledgement of Receipt”
16Anne Arundel County Fire Department’s NPP The department sends our NPP with the request for insurance information, including a signature form which acknowledges receipt and permission to bill insurance on the patient’s behalf.The NPP is also available on the internet at Every uniformed and civilian member of the Department must review and be familiar with this material.A copy can be viewed on the next two slides.
19NPP in Emergency Settings During the emergency treatment of a patient, the NPP must be given as soon as practical.The Anne Arundel County Fire Department provides the NPP and Acknowledgement through the mail.This ensures that the provision of this information does not interfere with patient care or become lost during the emergent phase of treatment.
20Permitted Disclosures Disclosure of PHI is acceptable in the following circumstances:TreatmentPaymentOperationsPublic Health RegulationsVictims of AbuseJudicial proceedingsLaw EnforcementBirths and DeathsResearchProtection of Public Safety
21Treatment, Payment, and Operations Treatment – giving PHI to other providers involved in patient care, such as the hospitalPayment – receiving PHI from other providers, as necessary for billingOperations – audits, quality assurance assessments
22Public Health Activities Disclosures to public health authorities, as authorized by State LawAlso allows for notification of communicable diseases to EMS providers involved in an exposure
23Victims of Abuse, Neglect, and Domestic Violence The law requires (and HIPAA allows):reporting an “endangered adult” believed to be a victim of battery, neglect, or exploitation to Adult Protective Services or law enforcementReporting a child that is believed to be a victim of abuse or neglect to the immediate supervisor, Child Protective Services, or law enforcement
24Judicial ProceedingsDisclosure must only be made when a Judge or Grand Jury orders disclosure through a subpoena or warrant.**A private attorney does not have the authority to order a Fire Department provider to discuss a case. If contacted by an attorney, always contact the county’s law office for advice before proceeding.**
25Law EnforcementDisclosure of PHI to Law Enforcement is permitted when:Required by lawOrdered by a courtOrdered by Administrative subpoena
26Law EnforcementWhen assisting the police to identify or locate a suspect, missing person, or witness, the provider may release:Name/addressDate/Place of birthSocial Security #Blood TypeDate/time of treatmentDistinguishing characteristics – height, weight, tattoos, scars, etc…
27Law Enforcement As patient care advocates, EMS providers should encourage law enforcement to gaininformation directly from the source, whenpossible.
28Civil PenaltiesThe U.S. Dept of Health and Human Services may impose civil penalties on a covered entity of $100 per failure to comply with a Privacy Rule requirement.
29Criminal PenaltiesA person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA faces a fine of $50,000 and up to one year imprisonment.Criminal sanctions are enforced by the Department of Justice.