Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Insurance Portability and Accountability Act

Similar presentations


Presentation on theme: "Health Insurance Portability and Accountability Act"— Presentation transcript:

1 Health Insurance Portability and Accountability Act
Leanna Levin

2 What does HIPAA do? HIPAA requires every health plan, health care provider, and health care clearinghouse in the country to protect patient privacy.

3 Who is included? These include every hospital, doctor, nurse, home health care provider, nursing home, pharmacy, self-insurance company, health insurer and health-plan provider. Basically any party that handles protected health information is now required to take privacy measures.

4 What we are going to talk about today
Duties for those under HIPAA Compliance Protection of client’s privacy Security of health information Psychotherapy documentation release of information

5 Standards. Transactions. and Code Sets
The HIPAA ruling set forth on April 14, 2003 is an updated version of the HIPAA statutes of 1996. Because of new and improved technology, HIPAA’s Privacy Rule concentrates on electronically transmitted information.

6 The Administrative Simplification
So what is electronic and what do you need to do to comply with HIPAA regulations? The provisions state that covered entities that maintain or transmit health information are required to “maintain reasonable and appropriate administration, physical, and technical safeguards to ensure the integrity and confidentiality of the information and to protect against any reasonable anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information.”  

7 Compliance A covered entity must comply with the “applicable standards implementation specifications, and requirements… with respect to electronic protected health information”

8 Privacy of Individually Identifiable Health Information
Under the newly mandated privacy law: There must be a privacy officer to make sure there is compliance and handle patient concerns and complaints about privacy violations

9 Privacy of Individually Identifiable
Health Information There needs to be a repositioning of the computer screen so that someone walking by cant see private patients information The computer is also used to limit the personal information required on public sign in sheets

10 Privacy of Individually Identifiable
Health Information an evaluation of the positions that need access to each kind of information, medical records, doctor’s notes, personal information the decisions and the policies put in place need to be documented to keep medical documents limited to need-to-know viewing

11 Privacy of Individually Identifiable
Health Information a training program needs to be put into place so the employees are aware of the proper privacy standards for handling medical information document that training

12 Privacy of Individually Identifiable
Privacy of Individually Identifiable Health Information Patient’s Rights: waivers need to be signed for patients to allow parties not directly involved in patient care—such as insurance companies, financial institutions and employers—to see patient information

13 Privacy of Individually Identifiable
Health Information Patient’s Rights: forms need to be created that allow patients to inspect and copy their records, restrict who sees them, amend them and get a list of who has seen them

14 Privacy of Individually Identifiable Health Information
Not Patient’s Rights: Professionals seeking advice on treating a patient can discuss the matter with other professionals without the authorization from the patient. Conflict with the Code of Ethics

15 Security of Health Information
Administration Safeguards include a security management process, assigned security responsibility, workforce security, information access management, security awareness and training, security incident procedures, contingency plans, evaluations, and contracts

16 Security Management Process
A Risk Analysis is conducted to assess the vulnerabilities and risks to the confidentiality, integrity and availability of electronic private health information. Appropriate sanctions are implemented for workforce members who fail to comply.

17 Assigned Security Responsibility
An individual must be identified who is responsible for the development and implementation of security policies and procedures

18 Workforce Security   The policies and procedures need to be implemented to ensure that all assigned members of the workforce have appropriate access to electronic private health information and to prevent those who should not have access

19 Information Access Management
Implement policies and procedures for establishing, authorizing, reviewing, documenting, and modifying a user’s right to access a workstation, transaction, program, process, or other means of accessing electronic private health information Who can access what?

20 Security Awareness and Training
Implement a security awareness and training program for all members of the workforce, including management that includes training on protection from malicious software, log in monitoring, password management, and periodic security reminders.

21 Security Incident Procedures
Incident response and reporting procedures are required to remove the potential harmful effects of the incident and provide documentation of the incident and outcome.

22 Contingency Plan   Implement policies and procedures for responding to emergencies or other occurrences that damage systems containing electronic privacy health information.

23 Evaluation   Perform a periodic technical and nontechnical evaluation based upon the initial standards and also after environmental and operational changes affecting electronic privacy health information.

24 Business Associate Contracts
The employees not only need to attend the training programs, but they are also required to sign a contract stating they understand the policies and will abide by them. A chain of trust agreements through written contracts exists to ensure all members are abiding by the standards.

25 HIPAA and Psychotherapy Notes
Compared to discussion of information amongst professionals, the release of psychotherapy notes is more complicated more protection disclosure of psychotherapy notes requires patient authorization--or specific permission--to release this sensitive information.

26 Psychotherapy Notes and Insurance Companies
in the past, insurance companies have requested entire patient records--including psychotherapy notes--in making coverage decisions now health plans cannot refuse to provide reimbursement if a patient does not agree to release information covered under the psychotherapy notes provision

27 HIPPA and Psychotherapy Notes Cont.
Patients do not have the right to obtain a copy of the notes under HIPAA—different than the allowance of medical documents. When a psychotherapist denies a patient access to these notes, the denial isn't subject to a review process.

28 HIPAA Definition of Psychotherapy Notes
Psychotherapy notes are kept separate from medical records for this reason If a psychotherapist keeps this type of information in a patient's general chart, or if it's not distinguishable as separate from the rest of the record, access to the information doesn't require specific patient authorization.

29 When can a therapists notes be used?
There are special protections for use of psychotherapy notes . disclosure of psychotherapy notes requires an authorization from the patient/client except:

30 When can a psychotherapists’ notes be revealed under HIPAA?
for the originator of the notes (i.e., the mental health practitioner), for treatment of the subject patient; for students, trainees or practitioners, for supervised training programs; to defend a legal action or other proceeding brought by the patient against the covered entity; for lawful health oversight activities or as otherwise required by law, for coroners or medical examiners (where the patient is deceased); or where, consistent with applicable law and the standards to ethical conduct, there is a good faith belief that the use or disclosure is necessary to prevent or lessen a serious threat to health or safety.

31 Conclusions As a rehabilitation counselor, what do you have to comply to? What does a patient has a right to and what not? What protections are there for psychotherapy notes?

32 Helpful websites and Resources
HIPAA at the University of Florida HIPAA Privacy Officer Susan Blair

33 Questions or comments??


Download ppt "Health Insurance Portability and Accountability Act"

Similar presentations


Ads by Google