Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Published byAlena Freshwater Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419."— Presentation transcript:

1 Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419

2 The Law HIPAA: Health Insurance Portability & Accountability Act HITECH: Health Information Technology Economic & Clinical Health Act

3 HIPAA is Eleven Parts And what were you doing on July 30, 2004?

4 Six Parts Are Set 1. T & C 2. Privacy 3. Standard Unique Identifier for Employers 4. Security 5. Standard Unique HC Provider Identifier (NPI) 6. Enforcement Rule

5 HIPAA Information HIPAA covers: Oral Written (and beyond the medical record) Electronic [key: can the individual be identified] You will hear the term PHI- patient health information

6 Keep in Mind Minimum Necessary [45CFR164.502(b)(1)] Emergency Situation [45CFR164.510(3)] ∙ Incidental Disclosure [45CFR164.502(a)(1)(iii)]

7 Are You HIPAA or Not? YES NO

8 Covered Entity Status Health Plan: individual or group plan that provides or pays the cost of medical care Healthcare Clearinghouse: public or private entity that does billing, repricing, community health management or information systems, etc. functions

9 Covered Entity Status Healthcare Provider: transmits any health information in electronic form in connection with a transaction covered by HIPAA

10 Sample HIPAA Transactions Health care claims or equivalent encounter information Health care payment and remittance advice Coordination of benefits Health care claims status

11 Who Do You Treat Students (and how are they defined; ie. LOA) Non-Students For organizations under FERPA, student records are under FERPA (loophole) even with transactions, but non student records are under HIPAA, so you are a covered entity. But most strict law generally takes precedent

12 You Are HIPAA If… You are one or more of the three covered entities You conduct one or more of the eleven transactions You treat non-students

13 College Assessment Also look at these areas: Student, Faculty, and Employee Training *Nursing *Pharmacy *Allied Health *Music Therapy *Business (I.T.)

14 College Assessment Health Services & Related Clinics Institutional Review Board; research Human Resources Athletics Vendors as business associates

15 Hybrid Entity A single legal entity whose business activities include both covered and non- covered functions (ie. education & healthcare provider or health plan

16 Creating a Culture of HIPAA Are the policies and procedures set? Are they enforced or do they ‘sit on the shelf”

17 Compliance Officer Role Privacy Officer [45CFR164.530(a)(1)(i)] Security Officer [45CFR164.308(a)(2)] The Federal Government mandates that covered entities have both a privacy officer and a security officer If the same person, generally titled, Compliance Officer

18 1. HIPAA Committee Representatives from records, information technology, student services and management.

19 2. Policies & Procedures For the six HIPAA Rules to date, develop policies from the law, not secondary sources Do not take from the Internet

20 3. Training & Awareness Live or on-line Staff meeting awareness Integrate awareness to daily activities

21 4. Documentation Establish a system, on- site or off-site. Documentation must be retained for six years

22 5. Risk Assessments & Audits Quarterly Authentication: most likely passwords Data integrity checks Act on the findings

23 6. Complaint Process Omsbudsman for confidentiality Post process to file complaints Complaints are only to be HIPAA related Act on the complaints

24 7. Sanction Process Sanction only for the HIPAA violation Internal investigation or OCR Civil and criminal penalties per Enforcement Rule & HITECH Follow-up on the sanction and charge

25 8. Web Site If the covered entity has a web site, the Notice of Health Information Privacy Practices must be prominently displayed on the web site. Keep the web site updated

26 9. Formage Develop forms from the laws. May or may not be able to use from other covered entities (ie. addressable Security Rule policies) Educate staff on the formage

27 10. Business Associate Agreements Assess all those external to the workforce who have access to the covered entity’s PHI Both the Privacy Rule and the Security Rule mandate BAA’s

28 11. Research Play an integral role with the covered entity’s Institutional Review Board Ensure minimum necessary standards for data used in research

29 Determination of HIPAA Research Status Does the research involve the collection, use, or dissemination of PHI? Is the PHI from a healthcare provider, clearinghouse, or healthcare plan? Does the healthcare provider, clearinghouse, or healthcare plan perform one of the eleven covered electronic transactions? If yes to these, then HIPAA

30 Privacy Rule Notice & Notice Verification Internet Notice Amend Records Authorization Accounting Information Destruction Business Associate Agreements

31 The Notice Tells the rights of the organization and the rights of the patient Document that is considered the guideline.

32 Security Rule Technical Security Administrative Security Physical Security Disaster Manual Access Controls Log-in Audit Warning Termination of Access

33 Faculty & Staff Access Have access to minimum necessary information to accomplish the intended purpose of the request given their role Must have an established need to know prior to requesting the information Ex. How long absent, but not the condition as it would not change the situation

34 Advising Faculty, Staff, & Students Is the condition directly academically related such as ADHD But must always only request what is minimum necessary Have the student only submit and talk on what is minimum necessary Ex. Operating room reports, procedures notes, consultation reports, prescriptions Ensure who student allows one to talk to

35 Summary Follow the Law Keep it simple Thank you

Download ppt "Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419."

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training

Similar presentations

Ads by Google