HIPAA Privacy Rule Training

Slides:

Advertisements

Similar presentations

HIPAA Compliance: from an Employer’s Perspective Presented by VGM Mark J. Higley Vice President, Development.

Advertisements

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Confidentiality and HIPAA

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

HIPAA Health Insurance Portability and Accountability Act.

1 Student Health Director Briefing Frequently Asked Questions HIPAA May 23, 2012.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.

HIPAA Understanding Medical Privacy in the Work Place © Copyright 2005 The Nugent Law Firm, P.C. All Rights Reserved.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

NAU HIPAA Awareness Training

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

HIPAA Health Insurance Portability and Accountability Act.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA Health Insurance Portability & Accountability Act of 1996.

HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,

Copyright Fleisher & Associates A HIPAA PRIMER FOR PUBLIC HEALTH PEOPLE CPHA-N Conference 2003 January 30, 2003 Presented by: Steven M. Fleisher,

Health Insurance Portability and Accountability Act (HIPAA)

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

HIPAA & Public Schools New Federalism in a New Century The Challenges of Administering HIPAA in Public Schools ASTHO/NGA Center Joint Audioconference September.

HIPAA (health insurance portability and accountability act)

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

HIPAA Health Insurance Portability and Accountability Act.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.

HIPAA Privacy Rule Training

UNDERSTANDING WHAT HIPAA IS AND IS NOT

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

HIPAA CONFIDENTIALITY

HIPAA Administrative Simplification

Health Insurance Portability and Accountability Act

HIPAA Update J. T. Ash University of Hawaii System

Disability Services Agencies Briefing On HIPAA

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act

Presentation transcript:

HIPAA Privacy Rule Training •

Introduction The Employee Benefits Security Administration (EBSA) administers several health care laws under the Employee Retirement Income Security Act (ERISA). One of the health care laws is the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA includes provisions that regulate portability and continuity of health insurance, health information privacy, administration of health insurance, medical savings accounts and long-term care insurance. This sample presentation addresses only health information privacy. It is intended for presentation to supervisors. It is designed to be presented by an individual who is knowledgeable about the HIPAA privacy rule and the employer’s own policies and practices. This is a sample presentation that must be customized to match state laws and the employer’s own culture, policies and practices.

Objectives At the close of this session, you will be able to: Understand the HIPAA privacy rule Determine who enforces the HIPAA privacy rule Determine who must comply Understand employer roles and responsibilities Understand employee rights Understand the liability for HIPAA privacy violations

What Is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is a federal law that regulates portability and continuity of health insurance, health information privacy, administration of health insurance, medical savings accounts and long-term care insurance. This presentation only addresses health information privacy under the HIPAA privacy rule.

What Is the HIPAA Privacy Rule? The HIPAA privacy rule gives an individual rights over how their health information may be used or disclosed and protects the unauthorized disclosure of certain medical information known as protected health information (PHI). The HIPAA privacy rule requires covered entities to carefully handle PHI. It sets rules on who can view and receive your health information whether it is in in an electronic, written or oral form. The U.S. Department of Health and Human Services enforces the HIPAA privacy rule (http://www.hhs.gov).

What Is Protected Health Information (PHI)? Relates to the physical or mental health condition of an individual, at any time, past, present or future. Identifies or can be used to identify an individual (e.g. name, address, birth date, Social Security number, account number). Is in the possession of or has been created by covered entities.

What Is PHI? (cont.) PHI may be included in: Health care claims or encounter information. Health care payment and remittance advice. Coordination of benefits. Health care claim status. Enrollment or disenrollment in a health plan. Eligibility for a health plan. Health plan premium payments. Referral certification and authorization.

Who Must Comply? Entities that must follow the HIPAA privacy rules are called covered entities. Covered entities include the following: Health Care Providers Those who transmit health information electronically either directly or through a business associate, including those who furnish, bill and are paid for health care services such as doctors, dentists, hospitals, nursing homes and pharmacies. Health Care Clearinghouses Health care management organizations that process nonstandard health information into a standard or vice versa such as billing services. Health Plans Health insurance companies, HMOs, Medicaid, Medicare and employer-sponsored health plans that have 50 or more participants or are administered by a third party (e.g. an insurance carrier)

Who Must Comply? (cont.) An employer is not a covered entity based on being an employer alone. An employer must sponsor an Employment Retirement Income Security Act (ERISA) group health plan. An ERISA group health plan is an employee welfare benefit plan that provides medical care to employees and/or their dependents/ spouse directly or through insurance, reimbursement or otherwise. The group health plan is the covered entity, but the employer may need to comply with the HIPAA privacy rules as the plan sponsor or administrator. An employer may be a covered entity if it operates in the capacity of a health care provider, health care clearinghouse or health plan (e.g., an employer may be a covered entity if it has an on-site health clinic for employees).

Roles Think of the employer has having two different roles: Employer Plan Sponsor

Employer Role Employers do not need to comply with the HIPAA privacy rule when acting in the employer role—for example: Employer requests a doctor’s note from an employee upon return from an absence consistent with the company’s policies or practices. Employer obtains medical information from employees to administer leave programs such as FMLA, requests for ADA accommodation, workers’ compensation, wellness programs and health insurance (e.g., employers may use health information that excludes PHI for amending plans or obtaining bids for health insurance). Employer includes employee names and injury information on OSHA logs. Employer obtains information from medical providers related to drug tests and fitness-for-duty-exams.

Employer Role (cont.) More examples of employer role: Employer corresponds with workers’ compensation carriers and health care providers in the administration of a workers’ compensation claim. Employer shares summarized health information for purposes of amending plan benefits as long as all identifying information such as names, birth dates and Social Security numbers is removed. Employer discloses information related to the birth of a child or health condition of an employee if the information comes from an employee and not from a group health plan.

Plan Sponsor Role When the covered entity is the group health plan, an employer may be obligated to comply with the HIPAA privacy rule in its role as the plan sponsor. Employers may be covered by the HIPAA privacy rule when they: Participate in the administration of a group health plan. Are active in the decision-making process of a group health plan. Participate in the operation or control of the provisions of a group health plan.

Plan Sponsor Responsibilities Employers acting in a plan sponsor role may need to: Have written PHI procedures. Limit uses and disclosures of PHI to the minimum necessary to accomplish the intended purpose. Designate a privacy officer. Require business associates to ensure confidentiality of PHI through written contracts or agreements. Establish administrative, technical and physical safeguards to protect the privacy of PHI.

Plan Sponsor Responsibilities (cont.) Employers acting in a plan sponsor role may need to: Train employees on the HIPAA privacy rule. Provide a process for filing complaints. Ensure that PHI is not used for making employment or benefits decisions, marketing or fundraising.

Employees’ Rights Employers acting in a plan sponsor role for a group health plan (covered entity) may not share employee PHI without written authorization unless it is shared: With the individual who is the subject of the PHI. For treatment and care coordination. To pay for employee health care services. With individuals who are designated by employees and who are involved with the employee’s health care or paying for health care bills. In public health situations.

Employees’ Rights (cont.) Employers acting in a plan sponsor role for a group health plan (covered entity) may not share employee PHI without written authorization unless it is shared: For court and agency proceedings (e.g., workers’ compensation). Based on agency requirements (e.g., OSHA audit). Based on law enforcement requests or compliance. In emergencies. In identification of deceased individuals. In national security-related situations.

Employees’ Rights (cont.) Employees have a right to: A copy of their medical records (a reasonable fee for copying and mailing records may be assessed). Restrict who can obtain their PHI. Change incorrect information in their medical records. A report of when and why PHI was used. Choose communication methods. File complaints.

HIPAA Privacy Violations Violations of the HIPAA privacy rule may result in Civil penalties of $100 per violation. Maximum civil penalties of $25,000 per year, per person, per standard. Criminal penalties for willful offenses of $50,000 to $250,000 and imprisonment. Additional penalties under state law. Lawsuits.

Summary Medical information maintained by employers is not always considered PHI. An employer must determine where the information was obtained and whether the information is maintained under the role of employer or plan sponsor of a group health plan, thereby making an employer a covered entity. Regardless of the role, employers should carefully handle all employee medical information.

Questions? Comments?

Course Evaluation Please be sure to complete and leave the evaluation sheet you received with your handouts Thank you for your attention and interest!