Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reid Cushman, UM Ethics Programs

Published byElmer Barrett Modified over 6 years ago

Similar presentations

Presentation on theme: "Reid Cushman, UM Ethics Programs"— Presentation transcript:

1 Reid Cushman, UM Ethics Programs
HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics Programs

2 forces for health privacy
a new federal law – called ”HIPAA” – adds national protections for everyone's health information however, there are many other sources of health privacy protection HIPAA, while important, is only one part of the picture

3 forces for health privacy
federal law (HIPAA) state law licensing and certification bodies (JCAHO, NCQA) health professions' licensing organizations (AMA, ANA and many others) your own ethical standards

4 HIPAA and its goals Health Insurance Portability and Accountability Act make health insurance coverage more portable between jobs reduce waste and fraud in the health care system

5 HIPAA and its goals Health Insurance Portability and Accountability Act make the health system “more efficient” overall and encourage use of electronic record-keeping systems for health data

6 the connection to privacy
paper records are very expensive (even if it seems otherwise) it can be difficult to find information when you need it

7 the connection to privacy
paper can only be in one place at a time record duplication brings potential for error – and more expense

8 the connection to privacy
electronic records are much cheaper (in the long run) it is much easier to find information -- both for those who should have it, and those who shouldn't

9 the connection to privacy
so, a much greater need for security and privacy protections than with paper records HIPAA's standards are a national response to the health privacy issues raised by computers

10 HIPAA's four Standards (“Rules”)
Transactions and Code Sets standard formats for all electronic transactions Identifiers Security Privacy

11 HIPAA's four Standards (“Rules”)
Transactions and Code Sets Identifiers standard IDs for health plans, providers, employers Security Privacy

12 HIPAA's four Standards (“Rules”)
Transactions and Code Sets Identifiers Security computer, communications protection technologies Privacy

13 HIPAA's four Standards (“Rules”)
Transactions and Code Sets Identifiers Security Privacy procedural protections for all health information

14 what is covered by HIPAA?
“protected health information” (PHI) any identifiable information related to the “past, present or future physical or mental health” of a person used for treatment, payment or any other function

15 what is covered by HIPAA?
protected health information (PHI) can be in “any form or medium” electronic, paper and even oral communications of PHI are covered by HIPAA's Privacy Rule only totally “de-identified” information is unprotected

16 who is covered by HIPAA? “covered entities”
health providers, health plans, and information clearinghouses organizations that provide or pay for health services basically, any entity that uses or discloses health data

17 who is covered by HIPAA? customers (patients) of covered entities receive protections – privacy rights – for their health information covered entities, and those that work in them, have privacy obligations to ensure that HIPAA protections are achieved

18 individual rights under HIPAA
to receive a “Notice of Privacy Practices” outlining how one's health information may be used or disclosed to obtain a copy of one's full health record (except for psychotherapy notes) to correct – or at least note disagreement – if the record appears to be in error

19 individual rights under HIPAA
to know (some of) the persons and organizations to whom one's health information has been disclosed to ask for extra protection or confidential communications of particularly sensitive data to authorize certain additional “non-standard” uses or disclosures

20 individual rights under HIPAA
to be assured that the institution follows appropriate privacy and security practices to complain to the covered entity's Privacy Officer – or directly to DHHS Office of Civil Rights – if one believes HIPAA rights have been violated

21 covered entities' responsibilities
to give each patient (customer) the Notice that outlines their privacy rights the Notice must describe planned uses and disclosures, including the “basic” ones for treatment, payment and health care operations written acknowledgment of Notice must be obtained

22 covered entities' responsibilities
to provide an opportunity for individuals to discuss any privacy concerns all individuals should understand their rights, including what to do if they feel their rights have been violated a process must be in place to handle problems and complaints

23 covered entities' responsibilities
to get authorization for certain additional kinds of uses and disclosures, beyond those for treatment, payment or basic health care operations to undertake the additional uses and disclosures permitted by law in an appropriate manner

24 covered entities' responsibilities
to develop reasonable, appropriate privacy and security policies to train all members of the workforce in those policies “as necessary and appropriate” to their job duties to get assurances from any business associates that handle PHI on the covered entity's behalf

25 obligations of health facility workers
to use or disclose protected health information only for work-related purposes to limit uses and disclosures to the “minimum necessary” to achieve those work purposes and to otherwise exercise reasonable caution, to protect all PHI under their control

26 obligations of health facility workers
to understand the facility's privacy and security policies, and follow them to try to remedy any privacy problems – or report them to the facility Privacy Officer or DHHS Office of Civil Rights HIPAA prohibits covered entities from retaliating or discriminating against a worker who files a complaint

27 obligations of health facility workers
note that “incidental uses and disclosures” are considered inevitable, and do not violate HIPAA reasonable limits and efforts – appropriate to the circumstances, and the nature of the information – are all that HIPAA requires

28 compliance timetable HIPAA Privacy Rule takes effect on 14 April 2003 for covered entities with more than $5M in annual revenues 14 April 2004 is the Privacy Rule deadline for smaller covered entities HIPAA Rules for security, transactions and identifiers take effect over the next few years

29 HIPAA and state law HIPAA “preempts” state health privacy law unless
“more stringent” (protective) for public health purposes for oversight or regulation of the state's health system

30 Florida health privacy protections
general right to privacy, and to a notice of one's rights right to see, copy records right to an accounting of disclosures (from providers) right to extra limitations on certain kinds of information (genetic, HIV, mental health, substance abuse)

31 Florida health privacy protections
most of Florida's privacy protections are as strong as – or stronger than – HIPAA's these protections will remain in force after April 14 they are in force NOW

32 sanctions for privacy failures
Federal civil and criminal penalties for HIPAA violations from $100 per incident up to $250,000 and 10 years in prison civil and criminal penalties for state law violations institutional reputation and market share employee suspension and termination loss of professional license

33 you are also a patient with networked computer systems, security of health information anywhere depends on privacy practices everywhere thousands of persons may have access to an individual's health record

34 you are also a patient try to treat others' health information the way you'd like yours to be treated, or that of a family member or a close friend

35 you are also a patient that includes attention to safe practices for the new electronic records, the old paper ones, as well as faxes, photocopies and printouts, telephone calls and

36 University of Miami Ethics Programs © 2002
Historic computer and electronic equipment images are provided courtesy of the University of Virginia Computer Museum. All other images are from the UM Ethics Program digital image collection and are in the public domain. This presentation may be re-used for non-commercial, educational purposes, with appropriate credit to the source. Any other use requires prior written permission. Information presented herein is believed to be correct at the time of posting. However, these materials are intended for education purposes only; they are not intended or represented as legal advice. UM Ethics Programs, PO Box (M-825), Miami FL 33101

Download ppt "Reid Cushman, UM Ethics Programs"

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.

HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Similar presentations

Ads by Google