Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.

Similar presentations

Presentation on theme: "Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010."— Presentation transcript:

1 Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010 rb

2 © 2010 APS Healthcare, Inc. 2 Disclaimer Information or education provided by the HCQU is not intended to replace medical advice from the individual’s personal care physician, existing facility policy or federal, state and local regulations/codes within the agency jurisdiction. The information provided is not all inclusive of the topic presented. Certificates for training hours will only be awarded to those who attend a training in its entirety. Attendees are responsible for submitting paperwork to their respective agencies.

3 © 2010 APS Healthcare, Inc. 3 Note of Clarification While mental retardation (ID/DD) is still recognized as a clinical diagnosis, in an effort to support the work of self-advocates, the APS SW PA HCQU will be using the terms intellectual and/or developmental disability (ID/DD) to replace mental retardation (ID/DD) when feasible.

4 © 2010 APS Healthcare, Inc. 4 Objectives  The Participant will be able to: –Define Protected Health Information (PHI) –Describe safeguards to protect PHI –List individual rights afforded by HIPAA –Describe how the Privacy Rule affects an individual with intellectual and developmental disabilities ID/DD

5 © 2010 APS Healthcare, Inc. 5 What Is HIPAA?  Health Insurance Portability and Accountability Act of 1996  Four Primary Purposes of this Act –Guarantee health insurance access, portability, and renewal –Reduce healthcare fraud and abuse –Enforce standards for health information –Guarantee security and privacy of health information  Privacy Rule –Controls the use and disclosure of protected health information (PHI)

6 © 2010 APS Healthcare, Inc. 6 HIPAA History  August, 1996 – Final HIPAA bill passed by Congress  December, 2000 – Privacy Rule was published  August, 2002 – Final version with modifications published  April 14, 2003 – Deadline for Compliance

7 © 2010 APS Healthcare, Inc. 7 Why is HIPAA Needed?  No uniform laws existed regarding –the privacy of health information –individual rights with regards to their health information  Rapid evolution of health information systems –Made health care information available to unauthorized persons

8 © 2010 APS Healthcare, Inc. 8 Why is HIPAA Needed?  Maximize the effectiveness of protections while not compromising availability or quality of medical care  Can promote higher quality care by assuring health information will be protected from inappropriate uses and disclosures

9 © 2010 APS Healthcare, Inc. 9 Who Must Comply?  Health Plans  Health Care Clearinghouses  Health Care Providers

10 © 2010 APS Healthcare, Inc. 10 Who Must Comply?  Business Associates –Contractors or Vendors who perform service for a covered entity –Attorneys –Accountants –Accreding bodies –Billing Companies –Answering Services –Collection Agencies –Laboratories

11 © 2010 APS Healthcare, Inc. 11 What is PHI?  Protected Health Information –Information that the provider receives or creates that relates to the past, present, or future physical or mental health of an individual, and identifies or is likely to identify the individual

12 © 2010 APS Healthcare, Inc. 12 PHI Includes  Paper Records  Electronic Records  Oral Communication

13 © 2010 APS Healthcare, Inc. 13 Necessary Safeguards  Administrative Safeguards  Technical Safeguards  Physical Safeguards

14 © 2010 APS Healthcare, Inc. 14 Disclosure of PHI  PHI may be used or disclosed without individual authorization for –Treatment –Payment –Operational Purposes

15 © 2010 APS Healthcare, Inc. 15 Disclosure of PHI  Public health activities  Child abuse reporting  Response to court order or legal process  Coroner pursuant to official duties

16 © 2010 APS Healthcare, Inc. 16 Valid Authorizations  Consents to use or disclose PHI that must include: –A description of the PHI to be disclosed –Name of releasing entity –Name of entity where PHI is to be sent –Description of the purpose for the release

17 © 2010 APS Healthcare, Inc. 17 Valid Authorizations  Expiration date for the authorization  Individual must sign and date  Individual has the right to revoke authorization  Statement regarding redisclosure  State that signing authorization will not be a condition of treatment

18 © 2010 APS Healthcare, Inc. 18 Personal Representatives  A person authorized by law to act on behalf of a individual to make healthcare decisions.  Health Care Power of Attorney  Legal Guardian

19 © 2010 APS Healthcare, Inc. 19  To receive a copy of the Privacy Notice  To make a complaint about privacy violations  To request restrictions on use of PHI  To make reasonable requests concerning how their PHI is communicated to them  To have access to their PHI  To request amendments to their PHI  To have an accounting of disclosures of their PHI Individual Rights

20 © 2010 APS Healthcare, Inc. 20 Privacy Notices  Individuals –have the right to receive written notice of a covered entity’s privacy notice –should acknowledge that they have received the notice

21 © 2010 APS Healthcare, Inc. 21 Complaint Process  Individuals –Have the right to make complaints regarding privacy violations without fear of intimidation or retaliation –May file a complaint directly with the entity or with the Secretary of Health and Human Services

22 © 2010 APS Healthcare, Inc. 22 Request Restrictions  An individual has the right to request restrictions on the use of PHI

23 © 2010 APS Healthcare, Inc. 23 Confidential Communications  Individuals –Have the right to make reasonable requests concerning how PHI is communicated to them  Providers –Must permit individuals to place the request –Must accommodate reasonable requests –May not ask individual to explain reason for request –May ask that request be put in writing –May require payment information and method of contact

24 © 2010 APS Healthcare, Inc. 24 Access to PHI  Individuals have a right to have access to their PHI  If written request is required, it must be stated in the Privacy Notice  Requests must be acted on within 30 days of receipt of request  Extra 30 days granted if individual is informed

25 © 2010 APS Healthcare, Inc. 25 Denial of Access  An individual may be denied access to PHI  Denial without review rights may be given if specific circumstances exist –Individual participating in a research study –Information was obtained from someone other than a provider

26 © 2010 APS Healthcare, Inc. 26 Denial of Access  Denial of access with review rights required may occur –Access is likely to be harmful to the individual –Often tied to instances where PHI refers to abuse  If individual requests a review of a denial –Provider must designate a reviewing official who is a licensed health care provider –This person must not have participated in decision to deny access

27 © 2010 APS Healthcare, Inc. 27 Amendment Requests  Individuals have the right to request amendments to their PHI  Individual must be informed if the provider accepts or denies the amendment

28 © 2010 APS Healthcare, Inc. 28 Accounting of Disclosures  Individuals have a right to an accounting of disclosures made of their PHI  Providers do not have to account for disclosures made for treatment, payment, or operations to individuals for their own PHI, or for any disclosures made with a valid authorization

29 © 2010 APS Healthcare, Inc. 29 Penalties  Civil penalties are imposed whenever there is a violation of the Privacy Rule without intent  Civil penalties are imposed whenever there is a violation of the Privacy Rule without intent.

30 © 2010 APS Healthcare, Inc. 30 HIPAA Compliance  Records must be retained for a period of 6 years –Due diligence records –On-going documentation

31 © 2010 APS Healthcare, Inc. 31 What Can You Do?  Look at your space and secure it  Look at your habits and make necessary changes

32 © 2010 APS Healthcare, Inc. 32 What Can You Do?  Disclose PHI only when authorized  Help each other to maintain individual privacy  Make certain you are familiar with The Privacy Rule

33 © 2010 APS Healthcare, Inc. 33 HIPAA and People with ID/DD  It gives them new rights regarding the use and disclosure of PHI.  It decreases their vulnerability for misuse of their PHI.  It adds to the concept of self-determination.  It gives them added privacy protection.

34 © 2010 APS Healthcare, Inc. 34 HIPAA Outcomes  Compliance –78% Providers compliant/18% non-compliant –90% Payers compliant/6% non-compliant  Privacy Breaches –60% Providers –66% Payers  Complaints –10,785 (thru Jan. 31, 2005) –62% resolved

35 © 2010 APS Healthcare, Inc. 35 HIPAA Outcomes  Caused a short term increase in costs to the covered entities  Improved consumer privacy  More informed employees and individuals


37 © 2010 APS Healthcare, Inc. 37 Conclusion  HIPAA is on-going process –Education / Reeducation –Monitoring –Identification of problems –Changes

38 © 2010 APS Healthcare, Inc. 38 References  Health Information Privacy. Retrieved September 27, 2010 from  Annual Report to Congress on the Implementation of the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act. Retrieved September 27, 2010 from

39 © 2010 APS Healthcare, Inc. 39 To register for future trainings, or for more information on this or any other physical or behavioral health topic, please visit our website at

40 © 2010 APS Healthcare, Inc. 40

41 Evaluation Please take a few moments to complete the evaluation form found in the back of your packets. Thank You!

42 Test Review There will be a test review after all tests have been completed and turned in to the Instructor.

Download ppt "Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010."

Similar presentations

Ads by Google