Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA The Health Insurance Portability And Accountability Act of 1996.

Similar presentations


Presentation on theme: "HIPAA The Health Insurance Portability And Accountability Act of 1996."— Presentation transcript:

1 HIPAA The Health Insurance Portability And Accountability Act of 1996

2 HIPAA History and Objectives Improve the efficiency of the health care system. Improve the efficiency of the health care system. Reduce the overall cost of health care and therefore the federal government’s future liability. Reduce the overall cost of health care and therefore the federal government’s future liability. Protect the Privacy and Security of Individual’s health care information by setting “Standards” and “requirements”. Protect the Privacy and Security of Individual’s health care information by setting “Standards” and “requirements”. Standardize and automate – increased enabling of fraud and abuse monitoring and enforcement. Standardize and automate – increased enabling of fraud and abuse monitoring and enforcement. Eliminate pervasive Medicare fraud and abuse. Eliminate pervasive Medicare fraud and abuse.

3 HIPAA Major Rules 1. Transaction Code Sets Standard code sets are required for selected data elements in more than one of the electronic transaction standards. Electronic transaction include transactions using ANY media, even when information is physically moved from one location to another using diskette, tape or CD media. Standard code sets are required for selected data elements in more than one of the electronic transaction standards. Electronic transaction include transactions using ANY media, even when information is physically moved from one location to another using diskette, tape or CD media. 2. Privacy Rule Defines who is authorized to access information. It is the right of individuals to keep information about themselves from being disclosed. Defines who is authorized to access information. It is the right of individuals to keep information about themselves from being disclosed. 3. Security Rule The ability to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss. This is the implementation of the Privacy Rules. The ability to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss. This is the implementation of the Privacy Rules.

4 Protected Health Information PHI Any information that identifies individual or gives a reasonable basis in identifying the individual must be protected. Any information that identifies individual or gives a reasonable basis in identifying the individual must be protected. Covers all forms of information. Covers all forms of information. Covers names, telephone numbers, fax numbers, addresses, social security numbers, photographs, geographical identifier smaller than state and any date element such as birth date or service discharge date. Covers names, telephone numbers, fax numbers, addresses, social security numbers, photographs, geographical identifier smaller than state and any date element such as birth date or service discharge date.

5 The Individual’s Rights Right to access, inspect and get a copy of their own information. Right to access, inspect and get a copy of their own information. Right to request amendment or correction of information. Right to request amendment or correction of information. Right to have written notice of information practices and receive accounting of disclosures. Right to have written notice of information practices and receive accounting of disclosures.

6 HIPAA Rule’s and Guidelines Transaction and Code Sets Transaction and Code Sets Fully effective October 16, Fully effective October 16, Privacy Standards for Individually Identifiable health Information Privacy Standards for Individually Identifiable health Information Fully effective April 14, 2003 Fully effective April 14, 2003 Security Standards Security Standards Fully effective date for compliance enforcement Fall 2004 Fully effective date for compliance enforcement Fall 2004

7 Who must comply with HIPAA? All direct and indirect providers of health care services and supplies; All direct and indirect providers of health care services and supplies; direct providers like hospitals indirect providers like laboratories vendors any entity transmitting health information in electronic form.

8 Who is not required to follow HIPPA Rules? Life Insurance Programs Life Insurance Programs Worker Compensation Programs Worker Compensation Programs Property & casualty insurance programs Property & casualty insurance programs Disability insurance programs Disability insurance programs Other non-health insurance programs Other non-health insurance programs

9 Federal Civil & Criminal Penalties for Violation of Patient’s Right to Privacy. Civil Monetary Penalties – non-criminal violations, including disclosures made in error- not intent to violate. Civil Monetary Penalties – non-criminal violations, including disclosures made in error- not intent to violate. $100 per violation up to $25,000 per year/standard/individual. Criminal Penalties – “knowingly” violating. Criminal Penalties – “knowingly” violating. Up to $50,000 & 1 year imprisonment for obtaining or disclosing PHI. Up to $100,000 & up to 5 years imprisonment for obtaining or disclosing PHI under “false pretenses”. Up to $250,000 & 10 years imprisonment for obtaining PHI with the intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm.

10 Who Police’s HIPAA ? Office of Civil Rights of the Department of Health & Human Services. Office of Civil Rights of the Department of Health & Human Services. Covered Entities provide records and compliance reports. Covered Entities provide records and compliance reports. Any person may file a complaint with the Department of Health & Human Services. Any person may file a complaint with the Department of Health & Human Services. Whistleblower provisions. Whistleblower provisions.

11 WHO ARE THE HIPAA WHISTLEBLOWERS?

12 Your Patient Relations Patients are your whistle blowers Patients are your whistle blowers

13 Provide Notice of Policies & Procedures in Patient Privacy To anyone who asks for it To anyone who asks for it Read or pickup at office Read or pickup at office Accessible on Web sites Accessible on Web sites Health plans provide notice at enrollment or notice of availability Health plans provide notice at enrollment or notice of availability First Treatment Service with individuals written acknowledgement of receipt First Treatment Service with individuals written acknowledgement of receipt Consent and acknowledgement on one form Consent and acknowledgement on one form notice of Policy and Procedures notice of Policy and Procedures

14 Reasonable Safeguards Speak quietly Speak quietly Avoid using patient names in public hallways and elevators and posting signs to remind employees to protect patient Avoid using patient names in public hallways and elevators and posting signs to remind employees to protect patient Lock or isolate patient records in file cabinets or records rooms Lock or isolate patient records in file cabinets or records rooms Passwords on computer systems Passwords on computer systems

15 Concerns of HIPAA Investigators “Incidental disclosures” “Incidental disclosures” Handling in office records or computer screens Handling in office records or computer screens Faxing of records Faxing of records –Loss of control Transfer of records via / computer encription Transfer of records via / computer encription Covered Entitiy ignoring HIPAA compliance standards Covered Entitiy ignoring HIPAA compliance standards

16 Release of Information ROI Within the patient – provider relationship, health professionals have a legal, ethical and moral obligation to protect confidential information Within the patient – provider relationship, health professionals have a legal, ethical and moral obligation to protect confidential information

17 What is Confidential? Is there a professional patient –provider relationship? Is there a professional patient –provider relationship? Was the information exchanged within this relationship? Was the information exchanged within this relationship? Is the information needed to diagnose or treat the patient? Is the information needed to diagnose or treat the patient?

18 What is Not Confidential? Patient name Patient name Address Address DOB DOB Insurer Insurer Next of Kin Next of Kin Not confidential but private! Not confidential but private!

19 Need to Know Users may be authorized to see the record Users may be authorized to see the record Should have a clear “need to know” to have access Should have a clear “need to know” to have access

20 Record Ownership Provider owns the record – whatever physical form it’s kept in Provider owns the record – whatever physical form it’s kept in – Record is maintained for benefit of patient – Documents service and standard of care Patient owns the information – has right to control it’s flow Patient owns the information – has right to control it’s flow Those who violate this right may be held liable to the patient Those who violate this right may be held liable to the patient

21 Personal and Impersonal Use Confidentiality belongs to the person – not to the information Confidentiality belongs to the person – not to the information Personal – Uses which depend on individual identity, such as patient care, insurance claims and legal action Personal – Uses which depend on individual identity, such as patient care, insurance claims and legal action Impersonal – uses which are independent to personal identity; program evaluation, statistical report and/or research Impersonal – uses which are independent to personal identity; program evaluation, statistical report and/or research

22 Valid Authorization Requests in writing Requests in writing Addressed to provider Addressed to provider Specific name, address and DOB Specific name, address and DOB Specifies information requested Specifies information requested Specific dates of service Specific dates of service Indicates reason information is needed Indicates reason information is needed Date event or condition of expiration Date event or condition of expiration Signed by patient or legal representative & relationship Signed by patient or legal representative & relationship WHEN IN DOUBT< DON’T GIVE IT OUT, seek advice WHEN IN DOUBT< DON’T GIVE IT OUT, seek advice

23 Valid Release Process Locate documents/chart Locate documents/chart Match the signature for validation Match the signature for validation Calculate charges Calculate charges Make copy Make copy Add cover letter, stress confidentiality/ Return receipt if necessary Add cover letter, stress confidentiality/ Return receipt if necessary Mail and log it Mail and log it

24 Telephone and Fax (ROI) Discouraged but may be necessary Discouraged but may be necessary Caller name and number Caller name and number Reason information is needed Reason information is needed Information requested Information requested Special authorizations Special authorizations

25 Telephone and Fax (ROI) Call backs Call backs Fax with cover sheet with confidentiality statement Fax with cover sheet with confidentiality statement Call and confirm that fax is attended Call and confirm that fax is attended Document request and release in log and patient chart Document request and release in log and patient chart

26 Releases Patient Patient Attorney Attorney Failure to release may result in legal action Failure to release may result in legal action Subpoena Subpoena

27 Caution Be alert! Be alert! Information may be released in unanticipated ways Information may be released in unanticipated ways Be cautious who can see computer screens, schedules, copiers, fax machines and who may over hear your conversations Be cautious who can see computer screens, schedules, copiers, fax machines and who may over hear your conversations

28 What DO You Think? One patient overhearing patient health information laden conversation in an adjoining room between doctor and patient. One patient overhearing patient health information laden conversation in an adjoining room between doctor and patient.

29 Answer “we don’t need to rebuild our offices only to create a private, soundproof room,” reports the Department of Health and Human Services’ Office of Civil Rights (December 2003) “we don’t need to rebuild our offices only to create a private, soundproof room,” reports the Department of Health and Human Services’ Office of Civil Rights (December 2003) Figure out in your office what “reasonable safeguards Figure out in your office what “reasonable safeguards Keep Your Staff AWARE!! Keep Your Staff AWARE!!

30 Scenario A patient overhears the receptionist and technician making unkind comments about the waist measurement of another patient A patient overhears the receptionist and technician making unkind comments about the waist measurement of another patient

31 Answer This is not incidental disclosure. Even if individuals were making kind or flattering comments about a patient’s waistline, it would still be inappropriate disclosure… This is not incidental disclosure. Even if individuals were making kind or flattering comments about a patient’s waistline, it would still be inappropriate disclosure…  Gwen Hughes, Care Communications, Chicago Ill.

32 Scenario A bartender overhears an office assistant telling another assistant about the famous actor that she had as a patient A bartender overhears an office assistant telling another assistant about the famous actor that she had as a patient

33 Answer This is an inappropriate disclosure. Personal discussions of patients should not take place in or especially out of the office. This is an inappropriate disclosure. Personal discussions of patients should not take place in or especially out of the office.  Gwen Hughes, Care Communications, Chicago Ill.

34 5 Step CHECK LIST Notice of Privacy Policies and Procedures available Notice of Privacy Policies and Procedures available Make sure patients can assert their privacy rights Make sure patients can assert their privacy rights Keep staff trained (Part time and Full time and NEW STAFF) Keep staff trained (Part time and Full time and NEW STAFF) Encourage ongoing awareness and possible Incidental Disclosure events Encourage ongoing awareness and possible Incidental Disclosure events Protect the handling of your records Protect the handling of your records

35 “ True Professionals Are And Should Be Held Accountable For Their Actions ” C. Bruce

36 Ten Commandments of HIPAA 1. Thou shalt accurately capture, code and bill for services. 2. Thou shalt honor the Privacy & Security of all patient information that is ethically, morally, and legally required of every workforce member as a part of their job description & as a condition of employment/service.

37 Ten Commandments of HIPAA 3. Thou shalt treat all patient information, in any form, as “PHI”. 4. Thou shalt access & use patient information on a “need to know” basis only – idle curiosity is a sin and illegal. 5. Thou shalt not discuss patients unless it is necessary for treatment, payment, or the operation of the organization – otherwise it is gossip and wrong.

38 Ten Commandments of HIPAA 6. Thou shalt not disclose individually identifiable patient information as it is is a crime, punishable by civil and criminal penalties. 7. Thou shalt discuss patient information only in a private setting. 8. Thou shalt not share user ID’s, passwords, combinations, etc.

39 Ten Commandments of HIPAA 9. Thou shalt keep paper patient records out of sight of unauthorized persons, including workforce members. 10. Thou shalt report something or someone’s actions that look questionable, as if it seems wrong it probably is. Most compliance is common sense.

40 What does this mean to me as a Vision Care Technology Student at SCC? All patient information is private and not to be discussed outside of a classroom situation. All patient information is private and not to be discussed outside of a classroom situation. Disposal of surgery schedules will follow my clinical guidelines for disposal. Disposal of surgery schedules will follow my clinical guidelines for disposal. Transferring any patient information will not be done. Transferring any patient information will not be done.


Download ppt "HIPAA The Health Insurance Portability And Accountability Act of 1996."

Similar presentations


Ads by Google