Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations


Presentation on theme: "HIPAA Privacy Rule Compliance Training for YSU April 9, 2014."— Presentation transcript:

1 HIPAA Privacy Rule Compliance Training for YSU April 9, 2014

2 What is HIPAA?  Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996  Federal law designed to give patients control over all Protected Health Information (PHI) that might be shared between health care providers and other covered entities  Ensure confidentiality of PHI

3 What is PHI? (Protected Health Information)  “Individually identifiable health information” in any form - paper, electronic, or oral  Relates to the physical or mental health condition of an individual  Identifies or can be used to identify an individual (e.g., name, address, birth date, Social Security number, account number)  Is in the possession of or has been created by covered entities

4 Examples of PHI  Health care claims  Health care payment and remittance advice  Coordination of benefits  Health care claim status  Enrollment or disenrollment in a health plan  Eligibility for a health plan  Health plan premium payments  Referral certification and authorization

5 What is the HIPAA Privacy Rule?  Provides federal protection for PHI held by covered entities and Business Associates  Gives patients rights over determining who can look at and receive their health information  Applies to all forms of protected health information – electronic, written, or oral

6 Who Must Comply? Health Plans  Health insurance companies - HMOs, Medicaid, Medicare, and employer-sponsored health plans Health Care Providers  Doctors, clinics, hospitals, pharmacies, dentists  Electronic billing to insurance Health Care Clearinghouses  Process nonstandard health information (e.g., billing services)

7 What is the HIPAA Security Rule?  Specifies a series of administrative, physical and technical safeguards to use to assure confidentiality, integrity, and availability of electronic PHI

8 Employer has 2 Roles If the Employer is the Plan Sponsor of a self-insured plan it has two different roles:  Employer  Plan Sponsor

9 Employer Role HIPAA Privacy Rule does not apply when:  Doctor’s information is needed for determining FMLA or an ADA Accommodation  Doctor’s release to return to work  Workers Compensation injury  OHSA logs  Wellness programs  Health insurance

10 Plan Sponsor Role HIPAA Privacy Rules does apply when:  Employer participates in the administration of a group health plan  Is involved in the decision-making process

11 Plan Sponsor Responsibilities  Designate a privacy officer  Provide written PHI procedures  Limit use and disclosures of PHI to the “minimum necessary” to accomplish the intended purpose  Require business associates to ensure confidentiality with written contracts/agreements