Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Published byAlaina Whitelock Modified over 9 years ago

Similar presentations

Presentation on theme: "The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information."— Presentation transcript:

1 The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information security and privacy standards to support the increased use of electronic patient information. (Public Law 104-191)Signed August 21, 1996 WHAT IS HIPAA?

2 Who must comply with HIPAA? All health plans, all health care clearing houses, and health care providers that transmit standard transactions in electronic formats. These organizations are known as ‘covered entities’. (Standard transactions are: health care claim; health care eligibility/benefit inquiry; health care eligibility/benefit information; health care services review information; health claim status inquiry; health claim status response; benefit enrollment and maintenance; claim payment and remittance advice; premium payments; first report of injury; health claim attachments)

3 Is SHFC a Covered Entity? Does Shepherd’s Hand bill or receive payment for health care? NO Shepherd’s Hand is not a Covered entity. YES If YES the provider is considered a covered entity. Are any covered transactions sent electronically?

4 Legal Requirements for SHFC Although Shepherd’s Hand is under no legal requirement to be HIPAA compliant out of respect for our patients privacy and an obligation to secure patients health information all volunteers and staff will be responsible for knowing and understanding the Privacy and Security Policies of the clinic as guided by the HIPAA Privacy and Security Rule. Although Shepherd’s Hand is under no legal requirement to be HIPAA compliant out of respect for our patients privacy and an obligation to secure patients health information all volunteers and staff will be responsible for knowing and understanding the Privacy and Security Policies of the clinic as guided by the HIPAA Privacy and Security Rule. All volunteers will be required to sign a confidentiality agreement and an agreement to comply with SHFC policies. All volunteers will be required to sign a confidentiality agreement and an agreement to comply with SHFC policies.

5 The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. The HIPAA Privacy Rule

6 Protected Health Information (PHI) The privacy rule protects health information that is individually identifiable to an individual (i.e. name; address; phone numbers; SSN; DOB; etc) The privacy rule protects health information that is individually identifiable to an individual (i.e. name; address; phone numbers; SSN; DOB; etc) PHI is health information that relates to past, present, or future physical or mental health condition. PHI is health information that relates to past, present, or future physical or mental health condition.

7 SHFC Privacy Policy SHFC volunteers will operate under the ‘minimum necessary standard’ which expects people to use only the information they need to perform their role at the clinic. This includes face to face interaction as well as information contained in the individual’s medical record. SHFC volunteers will operate under the ‘minimum necessary standard’ which expects people to use only the information they need to perform their role at the clinic. This includes face to face interaction as well as information contained in the individual’s medical record. All face to face conversation with an individual that addresses PHI needs to happen in a private area. All face to face conversation with an individual that addresses PHI needs to happen in a private area. The hallway outside of the exam rooms and the area around the pharmacist and coordinator need to be clear of people waiting. The hallway outside of the exam rooms and the area around the pharmacist and coordinator need to be clear of people waiting.

8 SHFC Privacy Policy cont. Medical records need to be protected in the public clinic area by being placed face down – other people should never have access to someone’s medical record or our nightly logs. Medical records need to be protected in the public clinic area by being placed face down – other people should never have access to someone’s medical record or our nightly logs. All medical records will be stored in a locked area. All medical records will be stored in a locked area. All garbage with PHI will be shredded. All garbage with PHI will be shredded. PHI should not be disclosed over the phone unless talking to the individual or with permission to leave a message documented in the medical record. PHI should not be disclosed over the phone unless talking to the individual or with permission to leave a message documented in the medical record.

9 When can SHFC disclose PHI SHFC may use PHI for the purposes of treatment and health care operations. SHFC may use PHI for the purposes of treatment and health care operations. Treatment means the provision, coordination, or management of health care by one or more health care providers, including consultation between providers and patient referrals. Treatment means the provision, coordination, or management of health care by one or more health care providers, including consultation between providers and patient referrals. Health Care Operations are administrative, financial, legal and quality improvement activities Health Care Operations are administrative, financial, legal and quality improvement activities

10 When does SHFC need authorization from the patient? An authorization is a detailed document that gives SHFC permission to use PHI for specified purposes which are general other than treatment or health care operations or to disclose PHI to a third party specified by the individual. An authorization is a detailed document that gives SHFC permission to use PHI for specified purposes which are general other than treatment or health care operations or to disclose PHI to a third party specified by the individual.

11 What about friends and family? SHFC will release PHI to friends and family members only with the individuals verbal permission if asking the individual in person or in writing if the individual is not present. SHFC will release PHI to friends and family members only with the individuals verbal permission if asking the individual in person or in writing if the individual is not present. Any release of PHI to friends and family should be documented in the individuals health record. Any release of PHI to friends and family should be documented in the individuals health record.

12 Notice of Privacy Practices SHFC is not required by law to provide every patient with a notice of our privacy practices. SHFC is not required by law to provide every patient with a notice of our privacy practices. If a patient requests a copy of our privacy policy this should be provided. If a patient requests a copy of our privacy policy this should be provided.

13 The HIPAA Security Rule The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

14 SHFC Security Policy For SHFC the only electronic PHI is in the form of faxes, and links to hospitals electronic records accessed for laboratory and radiology results. For SHFC the only electronic PHI is in the form of faxes, and links to hospitals electronic records accessed for laboratory and radiology results. Only authorized people with personal passwords will be allowed to log on to North Valley Hospital and Kalispell Regional Medical Center sites to retrieve results Only authorized people with personal passwords will be allowed to log on to North Valley Hospital and Kalispell Regional Medical Center sites to retrieve results

15 SHFC Security Policy cont. All PHI information that is transmitted by FAX will include a cover sheet with the following statement: This transmission contains confidential information belonging to the sender that is legally privileged and confidential. This information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the documents is strictly prohibited. If you received this transmission in error please notify the sender immediately. All PHI information that is transmitted by FAX will include a cover sheet with the following statement: This transmission contains confidential information belonging to the sender that is legally privileged and confidential. This information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the documents is strictly prohibited. If you received this transmission in error please notify the sender immediately. Received FAXs will be removed in a prompt manner and placed in a secure area. Received FAXs will be removed in a prompt manner and placed in a secure area.

16 CONFIDENTIALITY As a volunteer of SHFC you will be expected to sign a confidentiality agreement and that you understand and agree to comply with our Security and Privacy Policies. The agreement is available for you to print out on the volunteer page of the website or you can get a copy at the clinic. We ask that you turn in your signed agreement so that we can keep it on file. This will be an annual process. Please contact Meg with questions or concerns.

Download ppt "The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information."

Similar presentations

Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.

Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
The Health Insurance Portability and Accountability Act - HIPAA

The Health Insurance Portability and Accountability Act - HIPAA
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The HIPAA Privacy Training Video for EMS Field Providers

The HIPAA Privacy Training Video for EMS Field Providers
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.

HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.

Similar presentations

Ads by Google