Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA CONFIDENTIALITY

Published byNorman Malone Modified over 6 years ago

Similar presentations

Presentation on theme: "HIPAA CONFIDENTIALITY"— Presentation transcript:

1 HIPAA CONFIDENTIALITY
Paul A. Stewart, Esq. Foley & Lardner One Maritime Plaza, 6th Floor San Francisco, CA

2 What’s to Simplify? Health Claims Encounter Information
Attachments to Health Claims Health Plan Enrollment/Disenrollment Eligibility Verification Claims Payments/Remittance Advice Payment of Premiums First Report of Injury Referral Certification/Authorization Claim Status Coordination of Benefits

3 Who Must Comply? A “Health Care Provider” - Furnishes, Bills or Gets Paid for Health Care Services or Supplies A “Health Plan” - Provides or Pays for Medical Care A “Health Care Clearinghouse” - processes non-standard into standard data elements “Business Partners” - Agents of Covered Entities

4 To What Do Regulations Apply?
“Health Information” (security regulations) Created by providers, health plans, public health authorities, employers, life insurers, schools or universities Relates to the physical/mental condition, provision of health care, payment

5 To What Do Regulations Apply? (cont’d)
“Protected Health Information” (“PHI”) (confidentiality regulations) health information identifies the individual or could reasonably be used to identify the individual

6 When To Comply? Whenever health information is electronically transmitted or maintained (security regulations) Whenever protected health information is electronically transmitted or maintained in connection with a standard transaction (confidentiality regulations) Obligations apply to information, not documents

7 Why Comply? Civil Monetary Penalties: up to $100 Per Violation/Per Person, with $25,000 Annual Limit Per Each Standard Violated Criminal Penalties for “Knowing Misuse”: $50,000–$250,000; Prison 1–10 years Greatest Penalties Reserved for Intent to Sell/Transfer/Use for Commercial Advantage, Personal Gain or Malicious Harm

8 What are the confidentiality Rules?
Disclosure/Use prohibited except as permitted by the regulation Permitted Disclosures: As authorized by the individual For health care treatment, payment, operations (except research and psychotherapy notes) In connection with national policy activities

9 What are the Rules? (cont’d)
Required Disclosures Request by the individual Investigation of compliance by government Circumstances Requiring Individual Authorization Marketing; sale, rental, barter; eligibility; fundraising; employers; research unrelated to treatment; psychotherapy notes Minimum Necessary

10 What are the Rules? (cont’d)
Patient Rights To Receive Adequate Notice of Information Practices To Inspect and Copy PHI To Request Amendment/Correction of PHI To Request Restriction on Uses/Disclosure of PHI To Receive Accounting of Uses/Disclosures

11 What Do I Have To Do? Designate a Privacy Official
Contact person/office Assess whether HIPAA preempts state law Assess current policies and procedures Develop comprehensive policies and procedures Draft contracts - Business partner/Chain of trust agreements

12 Preemption Assess whether HIPAA preempts state law
Federal standard, requirement or implementation specification contrary to state law Exceptions State law is necessary for certain purposes State law is more stringent State law relates to audits, licensure, certification, reporting of child abuse, births, deaths, injuries, public health activities

13 Policies and Procedures
Assess current policies and procedures What does your organization do to ensure PHI is not improperly disclosed? How do you monitor compliance with your current policies and procedures? What are the consequences in your organization if PHI is disclosed in violation of current legal requirements/p&p’s? Are your policies and procedures written?

14 Policies and Procedures (cont’d)
Develop comprehensive policies and procedures related to: Determining when disclosures are permitted/required Conditions applicable to certain permitted disclosures Minimum necessary standard Authorizations

15 Policies and Procedures (cont’d)
De-identifying PHI Business partners Deceased individuals Right to requests for restrictions Right to notice of information practices Right to access

16 Policies and Procedures (cont’d)
Right to accounting of disclosures Right to amendments and corrections Verification of identity/authority of requester Training Sanctions Complaints Changes in policies or procedures

17 Further Documentation
Must create documents related to the following and retain such documents for six years: Requested restrictions Contracts with business partners Authorization forms Notifications of information practices

18 Further Documentation (cont’d)
Statements regarding access/denial to PHI All accountings provided Denials of amendment/correction requests Employee certifications Complaints

19 Business Partner Contracts
Examples: Lawyers, auditors, consultants, TPA’s, DP firms Disclosures only as permitted/required No disclosures if disclosure by covered entity would violate regulation Safeguards established to prevent improper uses/disclosures Improper uses/disclosures reported Consistent subcontracts Right of access provided

20 Business Partner Contracts (cont’d)
Access by Secretary of DHHS to books/records pertaining to uses/disclosures PHI returned/destroyed upon termination of contract Amendments/corrections incorporated Third party beneficiaries/Liability to Patients for breach Termination upon improper use/disclosure Material breach may be noncompliance Need for audit trail

Download ppt "HIPAA CONFIDENTIALITY"

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.

HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Presented by the Office of the General Counsel An Overview of HIPAA.

Presented by the Office of the General Counsel An Overview of HIPAA.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

Similar presentations

Ads by Google