Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join.

Similar presentations

Presentation on theme: "CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join."— Presentation transcript:

1 CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join the meeting remotely: 1. Open a web browser and enter URL: Enter participant access code: 2. Phone in for the audio portion of the conference: 1-866-740-1260 - then enter the access code: 2093166 MEETING HANDOUTS:

2 CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM HIPAA GUIDELINES AND UPDATES Kara Kohn, RN, MBA MEETING HANDOUTS:

3 HIPAA 2013 Omnibus Rules and Updates

4 What is HIPAA? Health Insurance Portability and Accountability Act was enacted in1996 Protects health insurance coverage when there is a change or loss of jobs for workers and their families

5 What is HIPAA? Required national standards for electronic health care transactions Gave rights to individuals 12-18 for their own privacy (including from parents) Enacted privacy standards for PHI (Protected Health Information)

6 Key Terms and Definitions Privacy: Patient’s right over the use and disclosure of their own protected health information Security: Specific measures a Covered Entity (your practice) must take to secure protected health information from unauthorized breaches of privacy Protected Health Information (PHI): Any identifiable information which relates to an individuals past, present or future physical health or condition for which there is a reasonable cause to believe it can be used to identify that individual

7 Protected Health Information (PHI) Name Zip Code Birth Date Telephone Number Fax Number Account Number Email Address Social Security Number Medical Record Number Health Plan Numbers Certificate/license number Vehicle Identifiers and Serial Numbers Device Identifiers and Serial Numbers IP and URL address numbers Biometric Identifiers (finger or voice prints) Full Face Photos Images Any other unique identifying number, characteristic or code

8 What is New? Requests for electronic medical charts Request to not share information with health plans Immunization information allowed to be shared Restrictions for marketing, fundraising and sale of PHI Genetic information and insurance Business associates compliance New notices of Privacy Practices

9 Chart Requests Patients can ask for copies of their medical information in electronic format Patients can still ask for medical information via paper format 30 days to produce this information No more 30 day extensions

10 Request by Patients If all services are paid in full, in person, during a visit, a request can be made to not share information with their health plans This includes the treatments that were received during that specific visit

11 Immunization Records If a parent or guardian gives written permission, your office can provide immunization information to a school This is for schools that are required by law to have it This process is more streamlined, making it easier for both parents and practices

12 Marketing, Fundraising and Genetic Information Increased restrictions how patients information is used and disclosed to third parties for the use of marketing and fundraising Patients can not have their personal information sold to outside parties with out a written consent from them to do so Insurance companies cannot use genetic information for coverage and cost determinations

13 Business Associate All Business Associates must now adhere to all HIPAA rules and regulations when in possession of PHI A Business Associate is anyone that works in association with your practice and has access to patient information Does not include doctor-to-doctor business, healthcare providers, insurance companies or pharmacies

14 Who is a Business Associate Health Information Organizations E-prescribing Gateways Data Transmission Services (personal health record vendors) Labs Confirmation Services Collection Agencies Software Companies IT Techs Consultants Sales Reps After Hours Services

15 Business Associates cont. Any new Business Associates to your practice should have a signed agreement by September 23, 2013 Existing Business Associates have until September 23, 2014 to sign the new agreement You are not required to train your Business Associates If they have a subcontractor assisting them, the Business Associates will need to have their own contract in place with their subcontractor

16 Increased Privacy Protection It is now considered a breach if there is any disclosure of any PHI examples This can include inadvertent release of PHI Any suspected or known breach must be reported Risk assessment must be completed and documented any time that a breach is reported Fines of $50,000 for each violation, up to a limit of $1.5 million annually

17 Examples of a Breach Any posting of pictures or patient identification onto social websites (Facebook, Twitter, Instagram, etc.) Conversations in the waiting room disclosing PHI Loss of office laptop containing patient information Paperwork given to the wrong patient Verbal communication via phone to someone who is not the patient or their parent/guardian

18 Examples of a Breach cont. Permission is asked to share patient information with parents/guardians in room (age dependent) Faxing patient information to the wrong number Email communication sent to the wrong address or email group Computer screen with patient information that can be viewed by other patients/families Placing of PHI in a regular trash container

19 What Needs to Done in the Event of a Breach? No longer report only a “Significant Risk”. All presumed risks are considered a breach. Complete Breach Assessment Form Report via HHS Website Potentially contact patients with knowledge of suspected or confirmed breach

20 How to Prevent Any and all paperwork changing hands is verified that each and every page belongs to the patient it is handed to All patients are asked their permission to proceed speaking when there are visitors in the room that are not a parent/guardian/POA All conversations are held at a reasonable tone and appropriate venues in the patient care area. Do not discuss patient care in hallways, waiting rooms, or exam rooms with doors open

21 How to Prevent All fax numbers are verified before hitting send, and a fax cover sheet with a confidentiality statement is used at all times All charts are maintained securely away from public view All printouts with patient information are placed facedown when you step away from the desk Computer screens are locked when you step away, even momentarily Patient information is not thrown into a general trash can

22 Questions? Thank you

Download ppt "CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join."

Similar presentations

Ads by Google