Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Health Insurance Portability & Accountability Act.

Similar presentations


Presentation on theme: "HIPAA Health Insurance Portability & Accountability Act."— Presentation transcript:

1 HIPAA Health Insurance Portability & Accountability Act

2 Program Objectives: Define HIPAA Who is covered by HIPAA? Goals of HIPAA How does HIPAA affect you? Why comply? Definitions Protected Health Information (PHI), “Use”, and “Disclosure” What are “Security Rules”

3 What is HIPAA? HIPAA-Health Insurance Portability and Accountability Act of 1996 Original intent was to ensure portability of Insurance when employment changes Administrative Simplification Standardization of formats, codes and identifiers Increased security of electronic health data Increased protection of protected health information Simplify health care administration

4 Definitions: PHI=Individually identifiable health information in any form or media. Only authorized people will look at or use it for treatment, payment or health care operations (TPO) Privacy=Right of individual to keep certain personal information to themselves with confidence that only authorized people will look at or use it. Security=Protection of PHI, data and systems from accidental or intentional access by unauthorized users.

5 Definitions Use=How information is used in an institution Disclosure=How information is given out to other institutions for use TPO=Treatment, Payment, and Operations Minimum Necessary=Minimum amount of information you “need to know to do your job”

6 Who is covered by HIPAA? Health care providers Health Plans Health care clearinghouses

7 Goals of HIPAA For Patients Control over their information (PHI) Right to see their records and correct mistakes Right to know who has seen their PHI For Institutions Protect patient PHI Limit use of PHI Penalize those who misuse PHI

8 What is protected health information? Information that identifies a person, living or deceased Past, present, or future health information Electronic, paper, verbal form Give examples?

9 What are Identifiers? NameNames of relatives AddressVoice, finger, retinal prints Phone or fax numberDate of Birth addressEmployer Social security or medical record numbers Insurance account numbers PhotosFacility name/Room no.

10 Who can access this information? HIPAA privacy rules limit both “Use” and “Disclosure” Patients typically give permission for use or disclosure of their information by signing a written form. Some disclosures are required by law, such as reporting of gunshot wounds, child abuse, infectious diseases and do not require patient permission.

11 Internal use of PHI Non routine access will be limited by policies and procedures of each institution Routine access will be limited by job function “Need to know”, or minimum necessary needed for each task Example EKG: technicians only need the information relating to the EKG. They would not need to see patient progress notes or insurance information

12 Disclosing information to those outside the institution

13 Security Rules Protect Information itself from unauthorized use and misuse by those allowed to view the PHI Protect the systems that store PHI – The hardware and software Systems must be protected so that unauthorized people cannot get the information.

14 Privacy and Security Rules Patients have the right to control their information Institutions will limit the use and disclosure of information Institutions will protect information on the computer

15 What makes HIPAA new? The Government has decided what the basic requirements are for protection of patient information Institutions are being held accountable Increased health care consumer confidence

16 Why Privacy? A Tampa Florida man stole a list of patient names New York congressional candidate’s suicide attempt made public Employee of large Insurance plan company views PHI of friend’s ex-wife

17 How does HIPAA affect you? Faculty and Students are held to the same obligations and accountability as employees. You may find yourself in situations involving patient information.

18 Protecting Verbal PHI You just made it through the long cafeteria line and sit down to eat. As you eat your lunch you can hear two co-workers discussing a patient. What do you do?

19 Protect confidentiality DO NOT DISCUSS PATIENT INFORMATION IN PUBLIC AREAS

20 Response Respect privacy. This does not mean you have to ignore someone you know. Just do not ask for personal health information. Do not repeat information to others. Remember: “Need to know” Do not ask for information even if you know the person.

21 What do you do? You entered a patient’s room to explain a procedure. The patient has several visitors in the room who may or may not be family.

22 ASK PERMISSION FROM THE PATIENT

23 What do you do? You are walking down the hallway in the health care facility where you work. You are stopped by a visitor who asks for directions.

24 Be courteous and Direct Visitors to the Information Desk

25 Protecting Spoken Information Around Patient Rooms Knock first and ask permission to enter Close doors or curtains Speak softly in semi-private rooms In Public Areas Do not talk about patients Direct visitors to the information desk Do not leave messages containing PHI on answering machines

26 What do you do? Suppose you work in an area where several people share a fax machine in a lounge. While you are in the lounge a fax including PHI arrives but no one comes to get it. Later that afternoon you notice the fax is still there.

27 DO NOT LEAVE MEDICAL INFORMATION UNATTENDED Tell your supervisor about the Fax.

28 What do you do? You enter a conference room and find papers with patient information left on the table.

29 Protecting Written Information Find the owner of “lost” papers Shred information no longer needed Do not leave papers unattended Keep information away form public view

30 Protecting Electronic Information Keep computer screens pointed away from the public Never leave patient information in public areas unattended Log off workstations when leaving the area Do not share your password verbally, in writing, or by with anyone Report any misuse of or problems with your password

31 You are responsible Any activity on the computer that is made with your user name is your responsibility Prevent loss or theft of handheld and laptop computers Use passwords to protect information Close programs when not in use

32 Why Comply? It is the right thing to do You will face disciplinary action There may be penalties

33 Consequences for Noncompliance Wrongful disclosures Gaining access by false pretenses Intent to sell, transfer or use Up to $50, year in prison Up to $100,000 + up to 5 years in prison Up to $250,000 + up to 10 years in prison

34 Enforcement of HIPAA The Office for Civil Rights has been charged with enforcing HIPAA privacy regulation

35 Questions About Privacy? Some situations are not clear HIPAA was not meant to interfere with patient care When in doubt ask!

36 A parting thought If your loved one was a patient wouldn’t you want your family’s privacy to be protected by the people caring for him or her?

37 Resources Federal Register February 20 th., 2003 Notice downloads.cfm HHS Office of Civil Rights – HIPAA Page Federal Register August 14, 2002 Notice downloads.cfm

38 Review handout “HIPAA and Washington State Law”

39 What is the official legal citation that refers to what is commonly known as HIPAA? 45CFR164

40 What is the official legal citation that refers to health care information use and disclosure in Washington State? RCW 70.02

41 According to RCW , when can health care providers disclose a pt’s PHI without his/her authorization? Only as authorized in RCW

42 Pt. Jacob D. signed the hospital’s Health Care Information Use and Disclosure form and wrote very specific directions regarding who may receive his PHI while at the facility. He directly excluded his ex-wife from receiving any of his PHI. Someone at the hospital provided his ex-wife with an update on Jacob when she called the nurses station. What RCW was breached?

43 RCW : “A disclosure made under a patient’s written authorization must conform to the authorization.”

44 Bob has lived with Kate for 14 years, but they are not married. Kate goes to the hospital with an acute episode of appendicitis. She did not specifically identify Bob as someone the hospital could disclose her PHI to. According to the RCWs, can / may the hospital disclose information to Bob about Kate’s condition?

45 Maybe. RCW (1): A health care provider/facility may disclose HCI about a pt. w/o the pt’s authorization to the extent a recipient needs to know the information, if the disclosure is:

46 (e) To immediate family members of the patient, including a patient's state registered domestic partner, or any other individual with whom the patient is known to have a close personal relationship…

47 (e) …if made in accordance with good medical or other professional practice, unless the patient has instructed the health care provider or health care facility in writing not to make the disclosure.

48 Mercy hospital is on the cutting edge of research and development of new treatment modalities, especially regarding rare diseases. Pt. Mundy is in Mercy hospital being treated for a rare disorder of the mesentery. Can Mercy hospital use Pt. Mundy’s PHI for research w/o his authorization?

49 Maybe. RCW (1): A health care provider/facility may disclose HCI about a pt. w/o the pt’s authorization to the extent a recipient needs to know the information, if the disclosure is:

50 (g) For use in a research project that an institutional review board has determined: (i) is of sufficient importance to outweigh the intrusion into the privacy of the pt. that would result from the disclosure.


Download ppt "HIPAA Health Insurance Portability & Accountability Act."

Similar presentations


Ads by Google