Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.

Published byDana Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection."— Presentation transcript:

1 The Health Information Protection Act

2 What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection of personal health information…

3 WHO WHO does HIPA apply to? HIPA applies to all designated Trustees under the Act Trustees must have custody or control over personal health information…

4 WHAT WHAT does HIPA apply to? It’s all about Personal Health Information (PHI) such as: –Information about a health service provided –Information collected during the provision of service –Organ and/or tissue donation including samples collected –Registration information

5 PHI includes documentation too! paper records microfilm x-ray film electronic records

6 Where do you see PHI?

7 HIPA protects the rights of the individual & guides the professional… Collection Use Consent Access Disclosure

8 Collection KEY WORD: Collection What is collection?

9 Collection cannot be random… It must relate to a program, activity, or service that benefits the patient You should always try to obtain consent HIPA s25 Manner of Collection

10 How does this apply to me? You must know why you are collecting the information! Follow the policies, standards, laws If you are ever unsure about collection, consult with the Ministry of Health privacy officer or the Ministry of Justice and Attorney General.

11 Consent KEY WORD: Consent It’s more than just asking permission…

12 What is consent? Where ever possible the collection of PHI should stem from the consent of the individual to whom it relates (Preamble) Individuals have the right to consent to the use and disclosure of their PHI as well as to revoke that consent. HIPA s5-7

13 Consent has three very similar faces… Express (or “expressed”) Implied Deemed

14 Informed is important! How do you ensure that your client/patient is fully informed? HIPA s9&10

15 How do you meet your obligations? Understand why consent is required and what the law mandates… Speak with the person/client directly Call us if you need more information!

16 KEY WORD: ACCESS Disclosure is not access…

17 What is Access? Individuals: Have the right to access PHI about himself/herself in the custody and control of a trustee. (HIPA s12) Can request access to their personal health information. HIPA s32 to 34

18 Access cont’d… Trustees: Trustees can “access” PHI within the organization When Trustees external to the organization need to access PHI it becomes a disclosure

19 Trustees have obligations… You have a ‘duty to assist’ Meet the 30 day timeline for written requests or request an extension Inform the person of their right to review HIPA s 35 to 40

20 KEY WORD: DISCLOSURE Access within the circle of care is appropriate…

21 What is Disclosure? Disclosure can generally manifest itself as: –Disclosure of PHI for treatment, program, or evaluation purposes –Disclosure of registration information –Disclosure of PHI for research purposes HIPA s27, s28, s29

22 Disclosure Without Consent

23 Privacy vs. Confidentiality… Quite a Difference!

24 The Protection of Privacy Protect the integrity, accuracy and confidentiality of the information; Protect against any reasonably anticipated threat or hazard; Protect against loss of the information; or Unauthorized access to or use, disclosure or modification of the information.

25 How do you currently protect personal health information?

26 Breach KEY WORD: Breach

27 What do you do when you become aware of a potential breach? Report Document Investigate Follow-up

28 Failure to Comply with HIPA… Individuals: –Fines up to $50,000 and/or up to one year in jail per offence Corporations: –Fines up to $500,000 per offence –Officers and directors of a corporation can be fined up to $50,000 and/or receive up to one year in jail per offence

29 Good faith clause protects trustees and employees … HIPA s61(a)

30 General Duties of Trustee Trustee must establish policies to: Protect integrity, accuracy & confidentiality Protect against reasonably anticipated threat or hazard to security, loss or unauthorized access Ensure compliance with HIPA by employees s.16 Duty to Protect

31 General Duties (continued) Must store info. in format retrievable, readable and useable for full retention period (s. 17(2)(a)) Destroy info. in a manner that protects privacy (s. 17(2)(b)) Must ensure information management service provider meets same confidentiality standards (s. 18)

32 Right to Appeal: The Office of the Information and Privacy Commissioner

33 Right to Appeal If access is refused; If a person is not satisfied with the decision of a Trustee pursuant to Section 36; The person requests an amendment to their information and it is not done; The person believes that there has been a contravention of the Act.

34 The Office of the Information and Privacy Commissioner Independent Third Party Powers to investigate, review decisions, and make recommendations Conduct public education programs

35 Questions?

36 Additional Information Saskatchewan Ministry of Health: www.health.gov.sk.ca www.health.gov.sk.ca Saskatchewan Information and Privacy Commissioner: www.oipc.sk.cawww.oipc.sk.ca PIPEDA: www.strategis.ic.gc.ca/privacy/health www.strategis.ic.gc.ca/privacy/health Privacy Commissioner of Canada: www.privcom.gc.ca www.privcom.gc.ca

Download ppt "The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection."

Similar presentations

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.

1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.
Information & Compliance UL University of Limerick & UL employees obliged to comply with certain legislation, including: Freedom of Information.

Information & Compliance UL University of Limerick & UL employees obliged to comply with certain legislation, including: Freedom of Information.
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
Kathy O’Brien NEON and NORrad – Current PHI Sharing and How Best to Comply with PHIPA August 26, 2004.

Kathy O’Brien NEON and NORrad – Current PHI Sharing and How Best to Comply with PHIPA August 26, 2004.
Www.ipc.on.ca Building Privacy into Health Information Technology Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Information Technology.

Building Privacy into Health Information Technology Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Information Technology.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
© Information and Privacy Commissioner of Ontario, 2006 Circle of Care Ontario University & College Health Association - May 24, 2013 - Manuela Di Re Associate.

© Information and Privacy Commissioner of Ontario, 2006 Circle of Care Ontario University & College Health Association - May 24, Manuela Di Re Associate.
Bev White, Manager, Research Ethics Research Services, IWK Health Centre.

Bev White, Manager, Research Ethics Research Services, IWK Health Centre.
Presentation by Mark Grady Vancouver Island University June 13, 2012.

Presentation by Mark Grady Vancouver Island University June 13, 2012.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Similar presentations

Ads by Google