Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

Published byDavid Gaines Modified over 7 years ago

Similar presentations

Presentation on theme: "HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc."— Presentation transcript:

1 HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

2 Today’s Topics  Individual Rights –To receive adequate notice of how the provider uses and discloses protected information: Notice of Privacy Practices –Right to request restriction on the uses and disclosures of protected health information –Right of access to inspect and obtain a copy of protected health information –Right to request an amendment to protected health information –Right to have an accounting of disclosures made about them: Disclosure History

3 Notice of Privacy Practices  Contents –(A) A description and example of permitted uses and disclosures for treatment, payment, and health care operations. – (B) A description of each of the other purposes for which the covered entity is permitted or required to use or disclose PHI without the individual’s written consent or authorization. – (C) Descriptions must represent the most stringent law. – (D) The description must include sufficient detail to place the individual on notice of the uses and disclosures that are permitted or required by HIPAA and/or other applicable law.

4 Notice of Privacy Practices  Contents (continued) –(E) A statement that other uses and disclosures will be made only with the individual’s written authorization and that the individual may revoke such authorization. –Separate Statements (A) The covered entity may contact the individual to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to the individual; (B) The covered entity may contact the individual to raise funds for the covered entity

5 Notice of Privacy Practices  A description of Individual Rights  Covered Entities Duties –(A) A statement that the covered entity is required by law to maintain the privacy of protected health information and to provide individuals with notice of its legal duties and privacy practices with respect to protected health information; – (B) A statement that the covered entity is required to abide by the terms of the notice currently in effect; and – (C) For the covered entity to apply a change in a privacy practice; a statement that it reserves the right to change the terms of its notice and how it will provide individuals with a revised notice.

6 Notice of Privacy Practices  Complaints. –A statement that individuals may complain to the covered entity and to the Secretary if they believe their privacy rights have been violated, a brief description of how the individual may file a complaint with the covered entity, and a statement that the individual will not be retaliated against for filing a complaint.

7 Notice of Privacy Practices  Contact. –The notice must contain the name, or title, and telephone number of a person or office to contact for further information.  Effective date. –The notice must contain the date on which the notice is first in effect, which may not be earlier than the date on which the notice is printed or otherwise published.

8 Right to Request Restrictions on Uses and Disclosures.  Right to Restrict Uses and Disclosures –Covered Entity must permit requests for greater restrictions on use or disclosure of PHI –Covered Entity need not agree, but will be bound by agreements –Does not apply to emergencies or releases for specified government purposes –Termination – may be initiated by the individual or the CE. (orally or in writing).

9 Right to Request Restrictions on Uses and Disclosures.  Restrictions on Use and Disclosures - Procedures –Require and accept written request –Written response to request (agreement or denial) –Procedures to notify staff of the restriction –Process for termination of agreement –Retention of all documentation for 6 years.

10 Right to Request Restrictions on Uses and Disclosures.  Confidential Communications right to receive information at an alternate location or by alternate means. –Covered Entity may require a written request –Covered Entity must accommodate all reasonable requests –Covered Entity may not require and explanation

11 Right to Request Restrictions on Uses and Disclosures.  Confidential Communications - Procedures –Require written request –Develop a process to determine reasonableness –Procedure for notifying employees of confidential communications

12 Access to Protected Health Information  Right of access to inspect or copy –Exceptions Psychotherapy Notes – (California returns the right to access) Information compiled in reasonable anticipation of civil, criminal or administrative action or proceeding Information subject to CLIA of 1998 –Limited to Information contained in the individuals “designated record set”

13 Access to Protected Health Information  Denials Without the Right of Review –Psychotherapy Notes –Anticipation of legal action –CLIA –Information created in research that includes treatment –Records subject to the Privacy Act –In a correctional institution –Information obtained from someone other than a provider under a promise of confidentiality

14 Access to Protected Health Information  Denials With the Right to Review –Licensed Health Care Professional determination that access would be harmful –Information makes reference to another person and would likely cause harm to that person –Request by personal representative who is likely to cause harm to the individual or another person

15 Access to Protected Health Information  Denials Granted in California Law –Information that is not part of the patients medical record –Records protected by state law governed by the confidentiality of communicable disease carriers –Personal representative is requesting access to the record of a minor who has the right of consent –Mental health records if likely to cause harm – however these records may be reviewed by another health care professional for the patient

16 Access to Protected Health Information  Procedures –Require written request – date stamp request –Verification of identity and authority if request is made by a personal representative –Must respond within 5 days (California) –Someone to review record –Must provide a written explanation of the basis for a denial in whole or in part. –Must provide a review of denials upon request –Retain documentation for 6 years

17 Time for a BREAK!

18 Right to Amend  Permitted denials –Information was not created by the covered entity unless the originator is no longer available –Is not part of the designated record set –Information would not be available for inspection under “right to access” –Information is accurate and complete

19 Right to Amend  Granted requests –Notify individual – obtain relevant persons to notify –Make correction in all affected records –Notify relevant persons or entities – business associates, payers, etc.

20 Right to Amend  Denied requests –Notify individual –Permit the individual to submit a “Statement of Disagreement” to be included in the record. –Provider may place a rebuttal in the record.

21 Right to Amend  Procedures –Require request in writing –Respond to request (acceptance or denial) within 60 days –If accepted – notify interested parties –If denied – accept a statement if requested –Retain all documentation related to the request for 6 years.

22 Accounting of Disclosures  An individual has the right to receive an accounting of disclosures of protected health information made by a covered entity in the six years prior to the date on which the accounting is requested.  Must act on the request within 60 days (one extension of 30 days is allowed in some circumstances)  Must provide the first request in any 12 month period at no charge

23 Accounting of Disclosures  What doesn’t have to be recorded: –Disclosures for treatment, payment or health care operations –To the individual –Incidental disclosures –Pursuant to authorization –National security or intelligence purposes –Correctional institutions or custodial situations –If part of a limited data set –Health oversight or law enforcement disclosures (under some circumstances)

24 Accounting of Disclosures  Accounting includes –Date of disclosure –Recipient name and address –Description of information disclosed –Purpose of disclosure –Copies of all disclosure requests

25 Accounting of Disclosures  Procedures –Keep a disclosure history for each patient. Include disclosures communicated orally, written, printed or transmitted electronically. –Keep a log of all research projects that involve the sharing of PHI for more than 50 P/P/C’s –Be able to provide a copy within the defined timeframe when requested. –All documentation related to the request must be retained for 6 years (including information provided)

26 The Clock is Ticking!

Download ppt "HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
PATIENT RIGHTS UNDER HIPAA HIPAA Collaborative of Wisconsin April 2003.

PATIENT RIGHTS UNDER HIPAA HIPAA Collaborative of Wisconsin April 2003.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
Pasadena Villa Network of Services

Pasadena Villa Network of Services
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
School-Based Health Centers & Confidentiality: Understanding FERPA & HIPAA Laurie Mesibov & Jill Moore UNC School of Government December 2012.

School-Based Health Centers & Confidentiality: Understanding FERPA & HIPAA Laurie Mesibov & Jill Moore UNC School of Government December 2012.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)

Similar presentations

Ads by Google