Health Insurance Portability and Accountability Act (HIPAA) oPrivacy – covers certain health information in any form. Written, spoken, electronic or any other form. oSecurity – covers information that is stored or transmitted electronically. Internet, computer networks.
What is HIPAA? oLaw created to improve access to health insurance, protect the privacy of health information and promote standardization of electronic health- care related records to improve and safeguard their use. oNot: Hospitals In Pain, Aguish, and Agony
Patient privacy is everyone’s concern. It’s a basic part of patient care.
What can happen if you don’t follow the Privacy Rule? oThere may be a fine for each violation of the rule. Total fines can go up to $1.5 million per year. oA person can be fined or sent to prison. o“Fifteen fired, eight disciplined for looking at medical records of octuplet mother.” FoxNews.com March 2009 o“CVS Pays $2.25 Million to Settle HIPAA Privacy Case” HHS.gov Feb 2009 o“Staff nurse faces jail time for copying medical record with intent to do malicious harm. Possible 10 years in prison, fine of $250,000. The nursing board is seeking to revoke her license.” Renal and Urology News Oct. 2008
A Closer look at PHI oPay attention to information that gives details about who a person is: oName oSocial Security Number, Account Number, MRN oAll or part of an address oPhone or fax number oDrivers License number, license plate oDate of Birth oAdmission or discharge date oTattoo's When combined with health information these could be considered PHI. Health Information is protected if it could be used to identify somebody.
Examples of PHI: oMedical record oPrescription label oAn x-ray oDoctor’s notes about a patient oA letter giving patient test results oFacesheet oWaste material that contains personal information- patient label oInformation sent from one place to another- computer, fax, phone or mail. oComputer monitors that can be seen by the public oInformation that you say ALOUD. oFacebook, pictures of patients. To name a few!!!
HIPAA Rule: Minimum Necessary oOnly access PHI you need to do your job. oAny time you share PHI with others provide only the information the other person or organization needs.
General rules for disclosing and using PHI oYou may disclose or use PHI for health-care purposes. Treat a patient Get payment for health-care services Continuity of Care Quality Assessment Fraud and Compliance programs Competency activities –accreditation Federal/State Agencies Suspected abuse or neglect Organ donation
Permitted disclosures oT-Treatment oP-Payment oO-Health care operations In all instances, strict regulations apply.
Incidental disclosures of PHI oWhen PHI is seen or heard by someone who does not need to know. oEven though UTMC has taken appropriate steps to limit the information shared or keep the information private. Example-nurses stations or two patients in the same room
Getting authorization to disclose information oAuthorization to disclose PHI must be obtained when oProvided to insurer or other business for marketing oInformation is communicated to an employer (pre-employment physical)
Some Do’s and Don’ts when talking about patients DO’s oSpeak quietly when possible oAvoid using patient names in hallways and public areas oShare information needed to treat the patient oUse a private space to discuss patient information DON’Ts oShare PHI with people who don’t need to know it to do their job oShare PHI you are not authorized to disclose oLet privacy issues keep you from treating the patient properly
Safeguard guidelines oShut and lock doors when leaving oPHI should be not visible or audible oComputer monitors should be turned away from the direction of public view oCopy only the minimum necessary oSecurely dispose of all PHI oHome offices subject as well oRecord storage areas must be secure
Safeguard guidelines cont. oPrinters and Fax Machines must be secure oUnauthorized personnel may not be left alone without supervision oPolicies apply to any Portable Device or LAPTOP oVisitors must be accompanied oEVERYONE is responsible for PHI oDO NOT SHARE YOUR LOG-IN OR PASSWORDS!
Protect printed PHI oWhere is printed PHI? oPatient chart oWrist tag oPrescription bottle oLab report oX-ray oLog sheets/patient lists oPatient mailing list oFaxes oALWAYS use a shred bin for printed PHI!
Patient rights oThey have them oThey know them oRespect them
Your responsibility oKnow policies and practice appropriate procedures within your unit oIf unsure, ASK
FERPA oThe Family Educational Rights and Privacy Act of 1974 oProtects students educational/treatm ent records.
Public records oThe University of Toledo’s operational functions are considered public records. oEmails oReports oContracts
President Obama legislative changes to HIPAA oHealth Care Reform oAmerican Recovery & Reinvestment Act of 2009 (ARRA) oNew requirements will include: oNotification of HIPAA breaches oApplication of HIPAA to BA’s oRestrictions requested by patients oElectronic Health Records oIncreased penalties and enforcement oHITECH Act
How do I report…. oReport concerns in these steps: oFirst to your professor oAdvisor or Dean of College oStudent Academic Affairs oCompliance/Privacy Officer, x 6933
What are my rights…. oNon-retaliation policy oQui tam provisions (“whistleblower” )
Quiz questions oWho’s the Compliance/Privacy Officer? oName 3 safeguards for PHI? oWhat does HIPAA stand for? oName 3 examples of PHI. oCan you be held personally responsible for a HIPAA violation? oWhat is minimum necessary? oIf you are unsure, what should you do? oPHI used for TPO are permitted disclosures, what does TPO stand for?