We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byNeil Matkins
Modified about 1 year ago
HIPAA Privacy Rule Training
©SHRM 20082 Introduction The Employee Benefits Security Administration (EBSA) administers several health care laws under the Employee Retirement Income Security Act (ERISA). One of the health care laws is the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA includes provisions that regulate portability and continuity of health insurance, health information privacy, administration of health insurance, medical savings accounts and long-term care insurance. This sample presentation addresses only health information privacy. It is intended for presentation to supervisors. It is designed to be presented by an individual who is knowledgeable about the HIPAA privacy rule and the employer’s own policies and practices. This is a sample presentation that must be customized to match state laws and the employer’s own culture, policies and practices.
©SHRM 20083 Objectives At the close of this session, you will be able to: Understand the HIPAA privacy rule Determine who enforces the HIPAA privacy rule Determine who must comply Understand employer roles and responsibilities Understand employee rights Understand the liability for HIPAA privacy violations
©SHRM 20084 What Is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is a federal law that regulates portability and continuity of health insurance, health information privacy, administration of health insurance, medical savings accounts and long-term care insurance. This presentation only addresses health information privacy under the HIPAA privacy rule.
©SHRM 20085 What Is the HIPAA Privacy Rule? The HIPAA privacy rule gives an individual rights over how their health information may be used or disclosed and protects the unauthorized disclosure of certain medical information known as protected health information (PHI). The HIPAA privacy rule requires covered entities to carefully handle PHI. It sets rules on who can view and receive your health information whether it is in in an electronic, written or oral form. The U.S. Department of Health and Human Services enforces the HIPAA privacy rule (http://www.hhs.gov).http://www.hhs.gov
©SHRM 2008 What Is Protected Health Information (PHI)? PHI: Relates to the physical or mental health condition of an individual, at any time, past, present or future. Identifies or can be used to identify an individual (e.g. name, address, birth date, Social Security number, account number). Is in the possession of or has been created by covered entities. 6
©SHRM 2008 What Is PHI? (cont.) PHI may be included in: Health care claims or encounter information. Health care payment and remittance advice. Coordination of benefits. Health care claim status. Enrollment or disenrollment in a health plan. Eligibility for a health plan. Health plan premium payments. Referral certification and authorization. 7
©SHRM 2008 Who Must Comply? Entities that must follow the HIPAA privacy rules are called covered entities. Covered entities include the following: Health Care Providers Those who transmit health information electronically either directly or through a business associate, including those who furnish, bill and are paid for health care services such as doctors, dentists, hospitals, nursing homes and pharmacies. Health Care Clearinghouses Health care management organizations that process nonstandard health information into a standard or vice versa such as billing services. Health Plans Health insurance companies, HMOs, Medicaid, Medicare and employer-sponsored health plans that have 50 or more participants or are administered by a third party (e.g. an insurance carrier) 8
©SHRM 2008 Who Must Comply? (cont.) An employer is not a covered entity based on being an employer alone. An employer must sponsor an Employment Retirement Income Security Act (ERISA) group health plan. > An ERISA group health plan is an employee welfare benefit plan that provides medical care to employees and/or their dependents/ spouse directly or through insurance, reimbursement or otherwise. The group health plan is the covered entity, but the employer may need to comply with the HIPAA privacy rules as the plan sponsor or administrator. An employer may be a covered entity if it operates in the capacity of a health care provider, health care clearinghouse or health plan (e.g., an employer may be a covered entity if it has an on-site health clinic for employees). 9
©SHRM 2008 Roles Think of the employer has having two different roles: Employer Plan Sponsor 10
©SHRM 2008 Employer Role Employers do not need to comply with the HIPAA privacy rule when acting in the employer role—for example: Employer requests a doctor’s note from an employee upon return from an absence consistent with the company’s policies or practices. Employer obtains medical information from employees to administer leave programs such as FMLA, requests for ADA accommodation, workers’ compensation, wellness programs and health insurance (e.g., employers may use health information that excludes PHI for amending plans or obtaining bids for health insurance). Employer includes employee names and injury information on OSHA logs. Employer obtains information from medical providers related to drug tests and fitness-for-duty-exams. 11
©SHRM 2008 Employer Role (cont.) More examples of employer role: Employer corresponds with workers’ compensation carriers and health care providers in the administration of a workers’ compensation claim. Employer shares summarized health information for purposes of amending plan benefits as long as all identifying information such as names, birth dates and Social Security numbers is removed. Employer discloses information related to the birth of a child or health condition of an employee if the information comes from an employee and not from a group health plan. 12
©SHRM 2008 Plan Sponsor Role When the covered entity is the group health plan, an employer may be obligated to comply with the HIPAA privacy rule in its role as the plan sponsor. Employers may be covered by the HIPAA privacy rule when they: Participate in the administration of a group health plan. Are active in the decision-making process of a group health plan. Participate in the operation or control of the provisions of a group health plan. 13
©SHRM 2008 Plan Sponsor Responsibilities Employers acting in a plan sponsor role may need to: Have written PHI procedures. Limit uses and disclosures of PHI to the minimum necessary to accomplish the intended purpose. Designate a privacy officer. Require business associates to ensure confidentiality of PHI through written contracts or agreements. Establish administrative, technical and physical safeguards to protect the privacy of PHI. 14
©SHRM 2008 Plan Sponsor Responsibilities (cont.) Employers acting in a plan sponsor role may need to: Train employees on the HIPAA privacy rule. Provide a process for filing complaints. Ensure that PHI is not used for making employment or benefits decisions, marketing or fundraising. 15
©SHRM 2008 Employees’ Rights Employers acting in a plan sponsor role for a group health plan (covered entity) may not share employee PHI without written authorization unless it is shared: With the individual who is the subject of the PHI. For treatment and care coordination. To pay for employee health care services. With individuals who are designated by employees and who are involved with the employee’s health care or paying for health care bills. In public health situations. 16
©SHRM 2008 Employees’ Rights (cont.) Employers acting in a plan sponsor role for a group health plan (covered entity) may not share employee PHI without written authorization unless it is shared: For court and agency proceedings (e.g., workers’ compensation). Based on agency requirements (e.g., OSHA audit). Based on law enforcement requests or compliance. In emergencies. In identification of deceased individuals. In national security-related situations. 17
©SHRM 2008 Employees’ Rights (cont.) Employees have a right to: A copy of their medical records (a reasonable fee for copying and mailing records may be assessed). Restrict who can obtain their PHI. Change incorrect information in their medical records. A report of when and why PHI was used. Choose communication methods. File complaints. 18
©SHRM 200819 HIPAA Privacy Violations Violations of the HIPAA privacy rule may result in Civil penalties of $100 per violation. Maximum civil penalties of $25,000 per year, per person, per standard. Criminal penalties for willful offenses of $50,000 to $250,000 and imprisonment. Additional penalties under state law. Lawsuits.
©SHRM 200820 Summary Medical information maintained by employers is not always considered PHI. An employer must determine where the information was obtained and whether the information is maintained under the role of employer or plan sponsor of a group health plan, thereby making an employer a covered entity. Regardless of the role, employers should carefully handle all employee medical information.
©SHRM 200821 Questions? Comments?
©SHRM 200822 Course Evaluation Please be sure to complete and leave the evaluation sheet you received with your handouts Thank you for your attention and interest!
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
The Health Insurance Portability and Accountability Act of Federal Law designed to protect sensitive information. HIPAA violations are enforced.
Health Insurance Portability and Accountability Act (HIPAA)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
HIPAA Health Insurance Portability and Accountability Act.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
V. 05/15/ Welcome to HIPAA What is HIPAA? HIPAA is the Healthcare Insurance Portability and Accountability Act. HIPAA is federal law managed and.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA PRIVACY AND SECURITY AWARENESS. Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Welcome! NAU HIPAA Awareness Training. What is HIPAA? A federal law dealing with the privacy and security of health information HIPAA stands for Health.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
1 Student Health Director Briefing Frequently Asked Questions HIPAA May 23, 2012.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
HIPAA Compliance: from an Employer’s Perspective Presented by VGM Mark J. Higley Vice President, Development.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
Confidentiality and HIPAA. Learning Objectives Articulate the basic rules governing privacy of medical information and records. Identify the client’s.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
HIPAA – Developing an Understanding Robert C. Bergin Ohio Department of Job and Family Services.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
HIPAA (health insurance portability and accountability act)
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
© 2017 SlidePlayer.com Inc. All rights reserved.