Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Annual Training Anne Arundel County Fire Department.

Similar presentations


Presentation on theme: "HIPAA Annual Training Anne Arundel County Fire Department."— Presentation transcript:

1 HIPAA Annual Training Anne Arundel County Fire Department

2 What is HIPAA?? HIPAA = Health Insurance Portability and Accountability Act HIPAA = Health Insurance Portability and Accountability Act Created by – United States Department of Health and Human Services (HHS) Created by – United States Department of Health and Human Services (HHS)

3 Still not clear?? HIPAA is a common set of standards that protects certain health information HIPAA is a common set of standards that protects certain health information There are several components – but, we are most concerned with the “Privacy Rule.” There are several components – but, we are most concerned with the “Privacy Rule.”

4 The Privacy Rule The intent of the Privacy Rule is to provide basic rights regarding the use of “Protected Health Information” (PHI). The intent of the Privacy Rule is to provide basic rights regarding the use of “Protected Health Information” (PHI). It protects all “individually identifiable health information.” It protects all “individually identifiable health information.” Electronic, paper, or oral Electronic, paper, or oral Applies to “covered entities” Applies to “covered entities”

5 Who is a Covered Entity? Three Categories: Health plans Health plans Health care clearinghouses Health care clearinghouses Health care providers who transmit any health information electronically Health care providers who transmit any health information electronically AACo Fire Department falls under the Health Care Provider category

6 What’s Required? The Privacy Rule requires Covered Entities to: Protect PHI Protect PHI Designate a Privacy Officer Designate a Privacy Officer Look for “leaks” in the policy Look for “leaks” in the policy Conduct/document training for the ENTIRE department Conduct/document training for the ENTIRE department Develop an Authorization Form for release of PHI Develop an Authorization Form for release of PHI

7 More Requirements Develop a Notice of Privacy Practices Develop a Notice of Privacy Practices When permitted, always disclose only the minimum necessary PHI When permitted, always disclose only the minimum necessary PHI Update policies and procedures Update policies and procedures Identify Business Associates and create contracts Identify Business Associates and create contracts Apply reasonable administrative, technical, and physical safeguards Apply reasonable administrative, technical, and physical safeguards

8 Privacy Officer An individual within the organization that is responsible for developing and implementing policies and procedures required by HIPAA An individual within the organization that is responsible for developing and implementing policies and procedures required by HIPAA Anne Arundel County Fire Department’s Privacy Officer is Battalion Chief Matthew Tobia Anne Arundel County Fire Department’s Privacy Officer is Battalion Chief Matthew Tobia

9 Protected Health Information PHI is any information created or received by a health care provider which relates to: PHI is any information created or received by a health care provider which relates to: Past, present, or future physical or mental conditions Past, present, or future physical or mental conditions Provision of health care Provision of health care Past, present, or future payment for care Past, present, or future payment for care

10 Examples of PHI Examples of PHI Name Name Address Address Date of Birth/Age Date of Birth/Age Social Security Number Social Security Number Medical condition/Past medical history Medical condition/Past medical history Full face photos Full face photos

11 HIPAA should NEVER negatively impact the quality of patient care or impede the ability to provide care!! HIPAA should NEVER negatively impact the quality of patient care or impede the ability to provide care!! The appropriate communication of PHI with other health care providers directly involved in providing patient care does not constitute a violation of HIPAA. The appropriate communication of PHI with other health care providers directly involved in providing patient care does not constitute a violation of HIPAA.

12 Safeguarding PHI PCR’s should be kept in a secure location PCR’s should be kept in a secure location Networks containing PCR’s should be password-protected Networks containing PCR’s should be password-protected Include confidentiality statements on s and faxes that contain PHI Include confidentiality statements on s and faxes that contain PHI

13 Use Caution… Beware of discussion of PHI, such as: Talking about current or prior incident while re-stocking ambo or writing report Talking about current or prior incident while re-stocking ambo or writing report Discussing a call anywhere other than an official audit or review Discussing a call anywhere other than an official audit or review Discussing “interesting” calls, famous patients, or neighbors Discussing “interesting” calls, famous patients, or neighbors Sharing co-workers or fellow responders PHI

14 Unsure About Discussing an Incident?? Ask yourself… Would a Judge agree that the disclosure benefited patient care AND was performed with the utmost discretion??? Would a Judge agree that the disclosure benefited patient care AND was performed with the utmost discretion??? If you were the patient, would you want an “embarrassing” injury or illness to be discussed? If you were the patient, would you want an “embarrassing” injury or illness to be discussed?

15 Notice of Privacy Practices (NPP) The department must make a Good Faith attempt to provide a NPP to each patient The department must make a Good Faith attempt to provide a NPP to each patient The department must also make an effort to get a signed “Acknowledgement of Receipt” The department must also make an effort to get a signed “Acknowledgement of Receipt”

16 Anne Arundel County Fire Department’s NPP The department sends our NPP with the request for insurance information, including a signature form which acknowledges receipt and permission to bill insurance on the patient’s behalf. The department sends our NPP with the request for insurance information, including a signature form which acknowledges receipt and permission to bill insurance on the patient’s behalf. The NPP is also available on the internet at Every uniformed and civilian member of the Department must review and be familiar with this material. The NPP is also available on the internet at Every uniformed and civilian member of the Department must review and be familiar with this material. A copy can be viewed on the next two slides. A copy can be viewed on the next two slides.

17

18

19 NPP in Emergency Settings During the emergency treatment of a patient, the NPP must be given as soon as practical. During the emergency treatment of a patient, the NPP must be given as soon as practical. The Anne Arundel County Fire Department provides the NPP and Acknowledgement through the mail. The Anne Arundel County Fire Department provides the NPP and Acknowledgement through the mail. This ensures that the provision of this information does not interfere with patient care or become lost during the emergent phase of treatment. This ensures that the provision of this information does not interfere with patient care or become lost during the emergent phase of treatment.

20 Permitted Disclosures Disclosure of PHI is acceptable in the following circumstances: Disclosure of PHI is acceptable in the following circumstances: Treatment Treatment Payment Payment Operations Operations Public Health Regulations Public Health Regulations Victims of Abuse Victims of Abuse Judicial proceedings Judicial proceedings Law Enforcement Law Enforcement Births and Deaths Births and Deaths Research Research Protection of Public Safety Protection of Public Safety

21 Treatment, Payment, and Operations Treatment – giving PHI to other providers involved in patient care, such as the hospital Treatment – giving PHI to other providers involved in patient care, such as the hospital Payment – receiving PHI from other providers, as necessary for billing Payment – receiving PHI from other providers, as necessary for billing Operations – audits, quality assurance assessments Operations – audits, quality assurance assessments

22 Public Health Activities Disclosures to public health authorities, as authorized by State Law Disclosures to public health authorities, as authorized by State Law Also allows for notification of communicable diseases to EMS providers involved in an exposure Also allows for notification of communicable diseases to EMS providers involved in an exposure

23 Victims of Abuse, Neglect, and Domestic Violence The law requires (and HIPAA allows): reporting an “endangered adult” believed to be a victim of battery, neglect, or exploitation to Adult Protective Services or law enforcement reporting an “endangered adult” believed to be a victim of battery, neglect, or exploitation to Adult Protective Services or law enforcement Reporting a child that is believed to be a victim of abuse or neglect to the immediate supervisor, Child Protective Services, or law enforcement Reporting a child that is believed to be a victim of abuse or neglect to the immediate supervisor, Child Protective Services, or law enforcement

24 Judicial Proceedings Disclosure must only be made when a Judge or Grand Jury orders disclosure through a subpoena or warrant. **A private attorney does not have the authority to order a Fire Department provider to discuss a case. If contacted by an attorney, always contact the county’s law office for advice before proceeding.**

25 Law Enforcement Disclosure of PHI to Law Enforcement is permitted when: Disclosure of PHI to Law Enforcement is permitted when: Required by law Required by law Ordered by a court Ordered by a court Ordered by Administrative subpoena Ordered by Administrative subpoena

26 Law Enforcement When assisting the police to identify or locate a suspect, missing person, or witness, the provider may release: When assisting the police to identify or locate a suspect, missing person, or witness, the provider may release: Name/address Name/address Date/Place of birth Date/Place of birth Social Security # Social Security # Blood Type Blood Type Date/time of treatment Date/time of treatment Distinguishing characteristics – height, weight, tattoos, scars, etc… Distinguishing characteristics – height, weight, tattoos, scars, etc…

27 Law Enforcement As patient care advocates, EMS providers should encourage law enforcement to gain information directly from the source, when possible.

28 Civil Penalties The U.S. Dept of Health and Human Services may impose civil penalties on a covered entity of $100 per failure to comply with a Privacy Rule requirement. The U.S. Dept of Health and Human Services may impose civil penalties on a covered entity of $100 per failure to comply with a Privacy Rule requirement.

29 Criminal Penalties A person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA faces a fine of $50,000 and up to one year imprisonment. A person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA faces a fine of $50,000 and up to one year imprisonment. Criminal sanctions are enforced by the Department of Justice. Criminal sanctions are enforced by the Department of Justice.

30 Resources

31 NEXT STEP Complete the Quiz Complete the Quiz Submit a Training Report – Use Training Course Code- HIPA11 Submit a Training Report – Use Training Course Code- HIPA11

32


Download ppt "HIPAA Annual Training Anne Arundel County Fire Department."

Similar presentations


Ads by Google