Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Information Privacy & Security

Published byLouisa Sharp Modified over 6 years ago

Similar presentations

Presentation on theme: "Health Information Privacy & Security"— Presentation transcript:

1 Health Information Privacy & Security
LIS 4785 Introduction to Health Informatics Fall 2015, Week 10-1 Instructor: Dr. Sanghee Oh

2 Incoming Course Schedule
Week 10 (10/27, 10/29) Health information privacy & security; Telehealth; mhealth Week 11 (11/3, 11/5) Project Application Template Demo; Consumer health informatics Week 12 (11/10, 11/12) No classes; Self study; Group meetings Week 13 (11/17, 11/19) Topic reviews; Midterm exam 2 (11/19) Week 14 (11/24, 11/26) Thanksgiving Holidays No classes Week 15 (12/1, 12/3) Final Presentations Week 16 (12/8, 12/10) No classes; Final report submission

3 Show and Tell

4 Health Information Privacy & Security

5 Health Insurance Portability and Accountability Act (HIPAA)

6 Health Insurance Portability and Accountability Act (1996)
History HIPAA Health Insurance Portability and Accountability Act (1996) HITECH American Recovery and Reinvestment Act - Health Information Technology for Economic and Clinical Health (2009) Meaningful Use Guidelines for EHR (2010)

7 Health Insurance Portability and Accountability Act (1996) (HIPPA)
HIPAA Health Insurance Portability and Accountability Act (1996) Before HIPPA, there was no universally recognized security standard or basic mandates for Protected Health Information (PHI) The goal of HIPAA was to _____________________ while enabling healthcare organizations to pursue initiatives that further innovation and patient care. However, enforcement was very limited.

8 Health Insurance Portability and Accountability Act (1996)
Health Information Technology for Economic and Clinical Health (2009) (HITECH) HIPAA Health Insurance Portability and Accountability Act (1996) HITECH American Recovery and Reinvestment Act - Health Information Technology for Economic and Clinical Health (2009) HITECH, as part of ARRA, contains __________________ designed to accelerate the adoption of electronic health record (EHR)systems among providers. It broadens ______________________ listed under HIPAA and also increases ___ _____________________________. HIPAA gets some teeth! ____________ for violations Covered entities and business associates must __________. _________________ obligation enforcement

9 Health Insurance Portability and Accountability Act (1996)
Health Information Technology for Economic and Clinical Health (2009) (HITECH) HIPAA Health Insurance Portability and Accountability Act (1996) HITECH American Recovery and Reinvestment Act - Health Information Technology for Economic and Clinical Health (2009) CMS’s Meaningful Use incentives program provides incentive payouts to eligible professionals, hospitals, and CHAs (Community Health Alliances) that meet criteria for efficient and patient-centered use of EHR. The program provides incentives to further ___________________ set fourth in HITECH and HIPAA, including conducting a risk analysis. Meaningful Use Guidelines for EHR (2010)

10 The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The primary goal of HIPPA is __________________ and ________________________.

11 Electronic Health Records: Privacy and Security

12 What Information Must Be Protected?

13 ____________________________________
HIPAA protects an individual’s health information and his/her demographic information. This is called “_____________________________” or “PHI”. Information meets the definition of PHI if, even without the patient’s name, if you look at certain information and ___________________________ then it is PHI. The PHI can relate to ____________________ physical or mental health of the individual. PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in _____________ – files, voice mail, , fax, or verbal communications.  These rules apply ____________ you view, use, and share PHI.

14 What Does PHI Include? HIPAA defines information as protected health information (18 items in PHI) if it contains the following information about the patient, the patient’s household members, or the patient’s employers: ________________ Dates relating to a patient , i.e. birthdates, dates of medical treatment, admission and discharge dates, and dates of death Telephone numbers, addresses (including city, county, or zip code) fax numbers and other contact information Medical records numbers Any other unique identifying number

15 HIPAA Rules If you’re a covered entity (a health care plan, a health care clearinghouse or a health care provider that electronically transmits medical information), then you must comply with: _______________, which regulates the use and disclosure of Protected Health Information (PHI) held by covered entities, and protects individuals’ rights to understand and control how their health information is used. _______________, which complements the Privacy Rule and deals specifically with Electronic Protected Health Information (ePHI). It states that covered entities must ensure the confidentiality, integrity and availability of all ePHI they create, receive, maintain or transmit. _______________, which relates to the standardization of electronic transactions. _______________, which states that all HIPAA covered healthcare providers using electronic communications must use a unique ten-digit identification number National Provider Identifier (NPI). _______________, which establishes procedures for compliance and investigations, and sets civil money penalties for violations of the HIPAA AS Rules

16 HIPAA Privacy Rule

17 HIPAA Privacy Rule

18 HIPAA Privacy Rule The HIPAA Privacy Rule establishes national standards to _______________________ and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.  Health plan An individual or group plan that provides, or pays the cost of, medical care. Healthcare clearinghouses A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “value-added” networks and switches

19 HIPAA Privacy Rule The HIPAA Privacy Rule establishes a set of national standards for the _______________ of individually identifiable health information – often called _____________________– by covered entities, as well as standards for providing individuals’ with health information privacy rights and helping individuals understand and control how their health information is used.

20 A PATIENT’S RIGHTS HIPAA stipulates the following patient’s right under its privacy rule: Patients have a right to receive a ___________________ of any health care provider health clearing house, or health plan. Patients have a right to _______________ and _______________of their PHI (paper or electronic formats). Patients have a right to request _______________ to information, that changes be made to correct errors in their records or to add information that ha been omitted. Patients have a right to request _______________ of PHI uses and disclosures. Patients have a right to request that you give _______________ to their PHI. Patients have a right to request _______________. Patients have a right to _______________.

21 Notice of Privacy Practices
Describes to patients how their protected health information may be _______________ Details _______________in regards to their PHI and how to exercise these rights Details _______________of covered entity to protect PHI

22 Notice of Privacy Practices (NPP) for PHI
The NPP allows PHI to be used and disclosed for purposes of TPO (_______________, _______________, and _______________) Examples The patient’s referring physician calls and asks for a copy of the patient’s recent exam at a healthcare setting. A patient’s insurance company calls and requests a copy of the patient’s medical record for a specific service date The Quality Improvement office calls and asks for a copy of an Operative Report TPO includes teaching, medical staff/peer review, legal, auditing, quality reviews, customer service, business management, and releases mandated by law.

23 Minimum Necessary Minimum Necessary applies:
When using or disclosing PHI or when requesting PHI from another covered entity or business associate, a covered entity or business associate must make reasonable efforts to _________________________________________ to accomplish the intended purpose of the use, disclosure, or request.

24 HIPAA Snippets: Social Media Compliance

25 Use of Social Media An example guideline regarding use of social media at the UCSF Healthcare Facility. Do not share on social media any patient information acquired through your work, even if the information is public. Information obtained from your patient/provider relationship is confidential. Posting patient information without authorization is a violation of the patient’s right to privacy and confidentiality. Even if you think you’ve de‐identified the information, it still might be identifiable to others. NOTE: De‐identification of PHI requires removal of all 18 PHI identifiers, which includes “Any other unique identifying number, code, or characteristic” (e.g., photo of a wound; description of a patient’s condition)

26 HIPAA Security Rule

27 HIPAA Security Rule e-PHI
The HIPAA Security Rule establishes national standards to protect individuals’ _______________________________ that is created, received, used, or maintained by a HIPPA covered entity. e-PHI

28 HIPAA Security Rule The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the _______________, _______________, and _______________ of ePHI.

29 HIPAA Security Rule The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Confidentiality a set of rules or a promise that limits access or places restrictions on certain types of information Integrity the state of being whole and undivided Security the state of being free from danger or threat Confidentiality e-PHI Integrity Security

30 Security of ePHI Good security standards follow the “90/10” Rule:
10% of security safeguards are _______________ 90% of security safeguards rely on _______________ to adhere to good practices

31 HIPAA Violations

32 HIPAA Violations Bring More Than Minimal Fines

33 A Breach of Unsecured PHI
A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.  The Breach Notification Rule requires covered providers to promptly notify individuals and the Secretary of the HHS (Department of Health and Human Services) of the loss, theft, or certain other impermissible uses or disclosures of unsecured PHI. Health care providers must also promptly notify the Secretary of HHS if there is any breach of unsecured protected health information if the breach affects 500 or more individuals, and notify the media if the breach affects more than 500 individuals of a State or jurisdiction.

34 Type of HIPAA Breach

35 Penalties Failure to comply with the HIPAA Rules can result in civil and criminal penalties ($100 per violations to millions) . Civil Penalties The U.S. Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) is responsible for administering and enforcing the HIPAA Privacy and Security Rules and conducts associated complaint investigations, compliance reviews, and audits. OCR may impose fines on covered providers for failure to comply with the HIPAA Rules. State Attorneys General may also enforce provisions of the HIPAA Rules. Criminal Penalties The U.S. Department of Justice (DOJ) may enforce criminal penalties for HIPAA violations.

Download ppt "Health Information Privacy & Security"

Similar presentations

HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.

CHAPTER © 2012 The McGraw-Hill Companies, Inc. All rights reserved. 2 HIPAA, HITECH, and Medical Records.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.

HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations

Ads by Google