2Learning ObjectivesArticulate the basic rules governing privacy of medical information and records.Identify the client’s rights under HIPAA.Demonstrate the ability to respond appropriately when faced with situations involving confidentiality.
3The importance of confidentiality Find a partner. Discuss your experiences with confidentiality.
4The Health Insurance Portability and Accountability Act - HIPAA This act is about privacy regulations – it requires that providers protect the privacy and security of their consumers health information in new ways.Allows consumers additional rights to access, amend and protect their own health care information.
5What is Protected Health Information? PHI is information that contains identifiers.PHI replaces the phrase “confidential medical information”What are basic identifiers that we use?
6Protected Health Information PHI includes the following:Treatment PlansMedical RecordsIncident ReportsOutcomes DatabasesData Collection SheetsTreatment Team Meeting Notes
7Protected Health Information PHI also includes:Treatment informationHealth information (physical or mental)Payment informationIt includes past, present or future infoIt includes information that is verbal, electronic or on paper
8Informing ClientsA Privacy Notice is given to each client upon entry into mental health servicesEach person must sign that he/she has received this Privacy Notice
9Authorization of Disclosure Releasing of PHI requires authorization from the consumer, except under very specific circumstances.The request must state the type and amount of information the consumer is willing to disclose.HIPAA authorization forms must be signed and updated annually.
10Basic guidelinesBe conscientious about “need to know” in all situationsOutside the team, disclosure should be guided byAuthorizationStaying within the parameters of the specific information requiredDuring emergencies, the safety and health of the consumer permits disclosure of necessary PHILet’s look at some examples:
11Permitted Disclosures To the consumer, subject to certain restrictions.For treatment, payment or healthcare operations (I.e., Quality, Risk Management) within the agency.Child abuse, elder abuse, Tarasoff warningsSecret ServiceTo Guardians of adultsTo parents/family member of minors
12Permitted Disclosures, cont. With a valid authorization:for any reason to a third partyTo family members or other persons involved with the individual’s care.
13Disclosures Usually Permitted To Public Health Authorities – reports of death or diseaseIn response to a court order or as permitted by law with regard to litigationTo avert a serious threat to health or safety to the individual or others.
14Substance Abuse Records Substance abuse records are highly protected – the client must make a specific authorization to disclose this informationThere are three exceptions to the rule requiring client authorization of substance abuse recordsChild Abuse ReportingCrime committed at/or threatened at the treatment facilityMedical emergency
15Confidentiality and Teams HIPAA, California law and W&I Code permit sharing of healthcare and mental health information, without authorization, for treatment purposes.If a new team is developing, including non-medical partners such as probation officers, law enforcement, teachers or social workers, it is easiest to get an authorization signed at the outset.
16Sharing substance abuse information HOWEVER, authorization is required when sharing substance abuse treatment program information with providers who are “outside of the program.”
17The Designated Record Set All of the client’s information is contained in the Designated Record SetDRS replaces the term “medical record”A DRS is a group or records maintained by a provider or for a provider that is the medical and billing records; case or medical management records; or information used in whole or in part to make healthcare decisions about the individual.
18The DRSThe information within the DRS is what the HIPAA regulations protect.Consumers have specific rights under HIPAA with regard to their DRS.
19Consumer Rights Under HIPAA Right to access DRSRight to amend DRSRight to restrict sharing of PHIRight to accounting of uses and disclosures of PHIRight to file complaints concerning a providers Privacy Practices
20Accountability Under HIPAA Civil penalties$100/violation up to $25,000 per calendar year (Office of Civil Rights)
21Accountability Under HIPAA Criminal penalties (enforced by the Dept. of Justice)Up to $50,000 and 1 year of imprisonment for knowingly obtaining and disclosing PHIUp to $100,000 and 5 years imprisonment if committed under false pretenses.Up to $250,000 and 10 years imprisonment if committed with intent to sell, transfer, or use for commercial advantage, personal gain or malicious harm.
22Accountability Under HIPAA The provider can be sued by consumers for improper disclosures of PHIDisciplinary actions against employees for failure to follow policies and procedures regarding consumer privacy.
23Protecting the Security of PHI Each healthcare site must have appropriate administrative, technical and physical safeguards to protect the privacy of protected health information.
24Protecting the Security of PHI Agencies must put into place reasonable safeguards to prevent intentional or unintentional use or disclosure.