Health Insurance Portability and Accountability Act

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Health Insurance Portability and Accountability Act (HIPAA)
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.
HIPAA Privacy Rule Training
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA Administrative Simplification
Paul T. Smith Davis Wright Tremaine LLP
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Health Insurance Portability and Accountability Act
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA Security Standards Final Rule
Drew Hunt Network Security Analyst Valley Medical Center
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Presentation transcript:

Health Insurance Portability and Accountability Act Leanna Levin

What does HIPAA do? HIPAA requires every health plan, health care provider, and health care clearinghouse in the country to protect patient privacy.

Who is included? These include every hospital, doctor, nurse, home health care provider, nursing home, pharmacy, self-insurance company, health insurer and health-plan provider. Basically any party that handles protected health information is now required to take privacy measures.

What we are going to talk about today Duties for those under HIPAA Compliance Protection of client’s privacy Security of health information Psychotherapy documentation release of information

Standards. Transactions. and Code Sets The HIPAA ruling set forth on April 14, 2003 is an updated version of the HIPAA statutes of 1996. Because of new and improved technology, HIPAA’s Privacy Rule concentrates on electronically transmitted information.

The Administrative Simplification So what is electronic and what do you need to do to comply with HIPAA regulations? The provisions state that covered entities that maintain or transmit health information are required to “maintain reasonable and appropriate administration, physical, and technical safeguards to ensure the integrity and confidentiality of the information and to protect against any reasonable anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information.”  

Compliance A covered entity must comply with the “applicable standards implementation specifications, and requirements… with respect to electronic protected health information”

Privacy of Individually Identifiable Health Information Under the newly mandated privacy law: There must be a privacy officer to make sure there is compliance and handle patient concerns and complaints about privacy violations

Privacy of Individually Identifiable Health Information   There needs to be a repositioning of the computer screen so that someone walking by cant see private patients information The computer is also used to limit the personal information required on public sign in sheets

Privacy of Individually Identifiable Health Information   an evaluation of the positions that need access to each kind of information, medical records, doctor’s notes, personal information the decisions and the policies put in place need to be documented to keep medical documents limited to need-to-know viewing

Privacy of Individually Identifiable Health Information   a training program needs to be put into place so the employees are aware of the proper privacy standards for handling medical information document that training

Privacy of Individually Identifiable   Privacy of Individually Identifiable Health Information Patient’s Rights: waivers need to be signed for patients to allow parties not directly involved in patient care—such as insurance companies, financial institutions and employers—to see patient information

Privacy of Individually Identifiable Health Information   Patient’s Rights: forms need to be created that allow patients to inspect and copy their records, restrict who sees them, amend them and get a list of who has seen them

Privacy of Individually Identifiable Health Information Not Patient’s Rights: Professionals seeking advice on treating a patient can discuss the matter with other professionals without the authorization from the patient. Conflict with the Code of Ethics

Security of Health Information Administration Safeguards include a security management process, assigned security responsibility, workforce security, information access management, security awareness and training, security incident procedures, contingency plans, evaluations, and contracts

Security Management Process A Risk Analysis is conducted to assess the vulnerabilities and risks to the confidentiality, integrity and availability of electronic private health information. Appropriate sanctions are implemented for workforce members who fail to comply.

Assigned Security Responsibility An individual must be identified who is responsible for the development and implementation of security policies and procedures

Workforce Security   The policies and procedures need to be implemented to ensure that all assigned members of the workforce have appropriate access to electronic private health information and to prevent those who should not have access

Information Access Management Implement policies and procedures for establishing, authorizing, reviewing, documenting, and modifying a user’s right to access a workstation, transaction, program, process, or other means of accessing electronic private health information Who can access what?

Security Awareness and Training Implement a security awareness and training program for all members of the workforce, including management that includes training on protection from malicious software, log in monitoring, password management, and periodic security reminders.

Security Incident Procedures Incident response and reporting procedures are required to remove the potential harmful effects of the incident and provide documentation of the incident and outcome.

Contingency Plan   Implement policies and procedures for responding to emergencies or other occurrences that damage systems containing electronic privacy health information.

Evaluation   Perform a periodic technical and nontechnical evaluation based upon the initial standards and also after environmental and operational changes affecting electronic privacy health information.

Business Associate Contracts The employees not only need to attend the training programs, but they are also required to sign a contract stating they understand the policies and will abide by them. A chain of trust agreements through written contracts exists to ensure all members are abiding by the standards.

HIPAA and Psychotherapy Notes Compared to discussion of information amongst professionals, the release of psychotherapy notes is more complicated more protection disclosure of psychotherapy notes requires patient authorization--or specific permission--to release this sensitive information.

Psychotherapy Notes and Insurance Companies in the past, insurance companies have requested entire patient records--including psychotherapy notes--in making coverage decisions now health plans cannot refuse to provide reimbursement if a patient does not agree to release information covered under the psychotherapy notes provision

HIPPA and Psychotherapy Notes Cont. Patients do not have the right to obtain a copy of the notes under HIPAA—different than the allowance of medical documents. When a psychotherapist denies a patient access to these notes, the denial isn't subject to a review process.

HIPAA Definition of Psychotherapy Notes Psychotherapy notes are kept separate from medical records for this reason If a psychotherapist keeps this type of information in a patient's general chart, or if it's not distinguishable as separate from the rest of the record, access to the information doesn't require specific patient authorization.

When can a therapists notes be used? There are special protections for use of psychotherapy notes . disclosure of psychotherapy notes requires an authorization from the patient/client except:  

When can a psychotherapists’ notes be revealed under HIPAA? for the originator of the notes (i.e., the mental health practitioner), for treatment of the subject patient; for students, trainees or practitioners, for supervised training programs; to defend a legal action or other proceeding brought by the patient against the covered entity; for lawful health oversight activities or as otherwise required by law, for coroners or medical examiners (where the patient is deceased); or where, consistent with applicable law and the standards to ethical conduct, there is a good faith belief that the use or disclosure is necessary to prevent or lessen a serious threat to health or safety.

Conclusions As a rehabilitation counselor, what do you have to comply to? What does a patient has a right to and what not? What protections are there for psychotherapy notes?

Helpful websites and Resources www.hippa.org www.hhs.gov/ocr/hipaa/ www.hippadvisory.com www.cms.hhs.gov/hipaa www.apa.org www.counseling.org HIPAA at the University of Florida 273-5094 HIPAA Privacy Officer Susan Blair

Questions or comments??

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.