Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA THE PRIVACY RULE Reviewed 10/2014

Similar presentations


Presentation on theme: "HIPAA THE PRIVACY RULE Reviewed 10/2014"— Presentation transcript:

1 HIPAA THE PRIVACY RULE Reviewed 10/2014
In 2000, many patients that were newly diagnosed with depression received free samples of anti-depressant medications in their mail. Many of these patients were concerned on how the pharmaceutical companies were notified of their disease. After much investigation, the Physician, the Pharmaceutical company and a well known Pharmacy chain were all indicted on breach of confidentiality charges. This is just one example of why the Federal government needed to step in and assist in protecting patient privacy. Reviewed 10/2014

2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-depressant medications in their mail. As of April 2003 all hospitals across the nation were required to comply with this new federal regulation. It was designed to assist in protecting the patient’s privacy in this age of technology. Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important.

3 HISTORY Many of these patients were concerned on how the pharmaceutical companies were notified of their disease. As of April 2003 all hospitals across the nation were required to comply with this new federal regulation. It was designed to assist in protecting the patient’s privacy in this age of technology. Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important.

4 HISTORY After much investigation, the Physician, the Pharmaceutical company and a well known Pharmacy chain were all indicted on breach of confidentiality charges. As of April 2003 all hospitals across the nation were required to comply with this new federal regulation. It was designed to assist in protecting the patient’s privacy in this age of technology. Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important.

5 HISTORY This is just one example of why the Federal government needed to step in and assist in protecting patient privacy. As of April 2003 all hospitals across the nation were required to comply with this new federal regulation. It was designed to assist in protecting the patient’s privacy in this age of technology. Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important.

6 Definitions Privacy – state of being concealed; secret
Confidentiality – containing secret information (medical record) Authorization – to give permission for; to grant power to Breach Confidentiality – to break an agreement, to violate a promise In order to fully understand the importance of HIPAA and confidentiality, understanding the true definitions are also important.

7 HIPAA Health Insurance Portability and Accountability Act
Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important. The first federal legislation (effective April 14, 2003) that attempts to protect a patient’s right to privacy, and the security and access of personal medical information and usage. As of April 2003 all hospitals across the nation were required to comply with this new federal regulation. It was designed to assist in protecting the patient’s privacy in this age of technology. Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important.

8 HIPAA Privacy Rule Imposes restrictions on the use/disclosure of personal health information Gives patients greater protection of their medical records Hopefully provides patients with greater peace of mind related to the security of their information HIPAA targets how healthcare professionals use and or disclose the patients personal health information. It hopefully assists the patient in feeling more at ease in regards to maintaining privacy of their records.

9 Confidentiality Deals with: Potential breeches
Communication or in-formation given to you without fear of disclosure Legitimate Need to Know & Informed Consent Potential breeches of confidentiality can occur When a patient discusses their personal information with you (the healthcare provider), they should with no fear of you and anyone else finding out their personal information. Other topics that will need to be discussed deal specifically with a legitimate need to know and when confidentiality is breeched.

10 Protected Health Information
What is Protected Health Information (PHI)? When a patient gives personal health information to a healthcare provider, that becomes Protected Health Information (PHI)

11 Protected Health Information
PHI Includes: Verbal information Information on paper Recorded information Electronic information (faxes, s)

12 Protected Health Information
Examples of patients information Patients name or address Social Security or other ID numbers Doctor’s/ Nurse’s personal notes Billing information

13 Rules for the Use & Disclosure of PHI
PHI can be used or disclosed for Treatment, payment, and healthcare operations With authorization/agreement from patient For disclosure to patient Rules governing the way PHI was to be used and disclosed had to be developed and implemented.

14 Rules for the Use & Disclosure of PHI
You’re required to release PHI When requested/authorized by the patient (some exceptions apply) When required by the Department Health and Human Services Patients can request a list of persons who viewed their PHI, but they too must sign a consent The patient can request a listing of all persons who viewed their PHI. They too must sign a consent.

15 Authorization Guidelines
Patient authorization for release of PHI must be obtained in the following situations: Use/disclosure of psychotherapy notes For research purposes For use/disclosure to third parties for making activities Authorization is federally mandated when PHI is used for any of the following situations.

16 Authorization Guidelines
PHI can be used/disclosed without authorization for the following reasons: To inform appropriate agencies Public health activities related to disease prevention/control

17 Authorization Guidelines
PHI can be used/disclosed without authorization: To report victims of abuse, neglect or domestic violence To funeral homes, tissue/organ banks To avert a serious threat to health/safety Healthcare professionals are required by law to notify the appropriate authorities whenever they suspect the patient is a victim of abuse, neglect or domestic violence. Funeral home personnel must also be notified of any infectious patients prior to them preparing the bodies for burial. Certain infectious disease are required by law to be reported to the city county health departments. For example: sexual transmitted diseases, tuberculosis, meningitis, chickenpox, etc.

18 Notice of Privacy Practices
Patients have the right to adequate notice concerning the use/disclosure of their PHI The Notice of Privacy Practices must contain the patient’s rights and the covered entities’ legal duties Patients are required to sign a statement that they were informed of and understand the privacy practices Notice of the mandated privacy practices must be provided to all patients. Patients are told, provided written information and they are required to sign a statement that they were informed and understand privacy practices.

19 Minimum Necessary What are the Minimum Necessary requirements?
Use/disclosure of PHI is limited to the minimum amount of health information required to do the job It means: Development of polices/practices on sharing health information Not all healthcare professionals need to have access to all components of the patient’s health information. For example, the hospital engineer entering a patient’s room to fix the television does not need to know the patients diagnosis. If the patient was infectious the only information that would be required is what protective equipment should the engineer wear. Again, the administrative safeguards play a vital role into the daily practices of Associates. Policies and procedures govern the practice and uphold the high standards of practice required when caring for people.

20 Minimum Necessary Identify employees who regularly access PHI.
Identify the types of PHI needed and the conditions for access. Grant only that access necessary to perform the job. Hospitals limit the patient information that can be viewed by their Associates in many ways. The Informational Technology Department can delineate who has access to what information by job title and or position. For example, the Registered Nurse does not need access to patient charges or billing information.

21 Protections for Health Information
Important Safeguards Physical Safeguards Computer terminals are not placed in public areas Technical Safeguards Every associate must keep his/her password confidential Administrative Safeguards Policy and procedure for release of patient information HIPAA has included into the Privacy Rules three important safeguards to protect health information. The first being physical safeguards. An example of this would be to have computer terminals located where unauthorized persons can not view the screens. An second important safeguard is technical safeguards. An example would be where employees are given their won, unique password and are not to share their password with anyone. If they do, it would be grounds for termination. Their password is their electronic signature. The third safeguard is Administrative. An example of an administrative safeguard would be for an organization to develop policies and procedures that reflect compliance with maintaining protected health information.

22 The Joint Commission Standards
Patients Rights The hospital demonstrates respect for the following patient needs: Confidentiality Privacy Security Resolution of complaints Records and information are protected against LOSS, destruction, tampering and UNAUTHORIZED ACCESS or use According to The Joint Comission, all patients have rights and it is vital as healthcare workers that we ensure their rights are upheld and protected. Patients have a right to ensure all information that is provided to the healthcare professional and institution is kept confidential and private. The healthcare professional and institution also must ensure that their information is secured at all times and if they do have any complaints, those complaints will be resolved in a timely manner.

23 The Joint Commission Standards
Patients Rights Patients have a right to confidentiality of all information that is provided to the healthcare professional and institution Health care professionals ensure that patient information is secured at all times and if there are any complaints, those complaints will be resolved in a timely manner. According to The Joint Commission, all patients have rights and it is vital as healthcare workers that we ensure their rights are upheld and protected. Patients have a right to ensure all information that is provided to the healthcare professional and institution is kept confidential and private. The healthcare professional and institution also must ensure that their information is secured at all times and if they do have any complaints, those complaints will be resolved in a timely manner.

24 Faxing Guidelines Located in non-public areas.
Centralized fax machines: Pick up information immediately DO NOT FAX the following records/results: HIV results Alcohol abuse Mental Health Substance abuse Narcotic prescriptions Child abuse The federal government has mandated that specific faxing guidelines be instituted. Never should the healthcare professional disclose any of the information listed via fax.

25 Faxing Guidelines When you fax to outside offices:
Check the transmission print out Verify that the correct number was dialed

26 Privacy Protect Your Patient!
No photographs or recordings of any type are to be taken of patients in the clinical setting. No cameras, palm pilots, cell phones or any electronic devices with photography capabilities are permitted in the clinical environment. Protect Your Patient!

27 Enforcement of the Medical Privacy Regulations
Office for Civil Rights -A patient may complain to the Privacy Officer in a hospital … OR -The Director of Health and Human Services (HHS) The agencies that enforce the medical privacy regulations are the Office of Civil Rights and or the Director of Health and Human Services.

28 Patient Privacy Rights
It’s your job to make sure patients know they have the right to: To see and copy their PHI Protect patient’s privacy and confidentiality Contact your hospital’s privacy administrator for any privacy concerns

29 Health Information Technology for Economic and Clinical Health Act
HITECH HITECH , It’s a Federal Law, part of the American Reinvestment and Recovery Act (ARRA) Effective September 23, Updated the HIPAA rule to include protections against identity theft Health Information Technology for Economic and Clinical Health Act Breach: An unauthorized acquisition, access, use, or disclosure of unsecured, unencrypted protected health information which compromises the security or privacy of such information.

30 HITECH (continued) Purpose: Criminal Penalties
Applies to covered health care entities and business associates. Makes massive changes to privacy and security laws Creates a nationwide electronic health record Increases penalties for privacy and security violations Breach Notification requirements (Patient, Department of Health and Human Services, and Media) Criminal Penalties Criminal provisions Penalties Sharing of civil monetary penalties with harmed individuals

31 What can you do? If you have any questions, ask your clinical instructor or contact the hospital’s Privacy Administrator


Download ppt "HIPAA THE PRIVACY RULE Reviewed 10/2014"

Similar presentations


Ads by Google