Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join.

Published byIsaias Bourns Modified over 9 years ago

Similar presentations

Presentation on theme: "CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join."— Presentation transcript:

1 CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join the meeting remotely: 1. Open a web browser and enter URL: www.readytalk.com Enter participant access code: 2093166www.readytalk.com 2. Phone in for the audio portion of the conference: 1-866-740-1260 - then enter the access code: 2093166 MEETING HANDOUTS: www.cchap.org/pmmeeting

2 CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM HIPAA GUIDELINES AND UPDATES Kara Kohn, RN, MBA karakohn@gmail.com MEETING HANDOUTS: www.cchap.org/pmmeeting

3 HIPAA 2013 Omnibus Rules and Updates

4 What is HIPAA? Health Insurance Portability and Accountability Act was enacted in1996 Protects health insurance coverage when there is a change or loss of jobs for workers and their families

5 What is HIPAA? Required national standards for electronic health care transactions Gave rights to individuals 12-18 for their own privacy (including from parents) Enacted privacy standards for PHI (Protected Health Information)

6 Key Terms and Definitions Privacy: Patient’s right over the use and disclosure of their own protected health information Security: Specific measures a Covered Entity (your practice) must take to secure protected health information from unauthorized breaches of privacy Protected Health Information (PHI): Any identifiable information which relates to an individuals past, present or future physical health or condition for which there is a reasonable cause to believe it can be used to identify that individual

7 Protected Health Information (PHI) Name Zip Code Birth Date Telephone Number Fax Number Account Number Email Address Social Security Number Medical Record Number Health Plan Numbers Certificate/license number Vehicle Identifiers and Serial Numbers Device Identifiers and Serial Numbers IP and URL address numbers Biometric Identifiers (finger or voice prints) Full Face Photos Images Any other unique identifying number, characteristic or code

8 What is New? Requests for electronic medical charts Request to not share information with health plans Immunization information allowed to be shared Restrictions for marketing, fundraising and sale of PHI Genetic information and insurance Business associates compliance New notices of Privacy Practices

9 Chart Requests Patients can ask for copies of their medical information in electronic format Patients can still ask for medical information via paper format 30 days to produce this information No more 30 day extensions

10 Request by Patients If all services are paid in full, in person, during a visit, a request can be made to not share information with their health plans This includes the treatments that were received during that specific visit

11 Immunization Records If a parent or guardian gives written permission, your office can provide immunization information to a school This is for schools that are required by law to have it This process is more streamlined, making it easier for both parents and practices

12 Marketing, Fundraising and Genetic Information Increased restrictions how patients information is used and disclosed to third parties for the use of marketing and fundraising Patients can not have their personal information sold to outside parties with out a written consent from them to do so Insurance companies cannot use genetic information for coverage and cost determinations

13 Business Associate All Business Associates must now adhere to all HIPAA rules and regulations when in possession of PHI A Business Associate is anyone that works in association with your practice and has access to patient information Does not include doctor-to-doctor business, healthcare providers, insurance companies or pharmacies

14 Who is a Business Associate Health Information Organizations E-prescribing Gateways Data Transmission Services (personal health record vendors) Labs Confirmation Services Collection Agencies Software Companies IT Techs Consultants Sales Reps After Hours Services

15 Business Associates cont. Any new Business Associates to your practice should have a signed agreement by September 23, 2013 Existing Business Associates have until September 23, 2014 to sign the new agreement You are not required to train your Business Associates If they have a subcontractor assisting them, the Business Associates will need to have their own contract in place with their subcontractor

16 Increased Privacy Protection It is now considered a breach if there is any disclosure of any PHI examples This can include inadvertent release of PHI Any suspected or known breach must be reported Risk assessment must be completed and documented any time that a breach is reported Fines of $50,000 for each violation, up to a limit of $1.5 million annually

17 Examples of a Breach Any posting of pictures or patient identification onto social websites (Facebook, Twitter, Instagram, etc.) Conversations in the waiting room disclosing PHI Loss of office laptop containing patient information Paperwork given to the wrong patient Verbal communication via phone to someone who is not the patient or their parent/guardian

18 Examples of a Breach cont. Permission is asked to share patient information with parents/guardians in room (age dependent) Faxing patient information to the wrong number Email communication sent to the wrong address or email group Computer screen with patient information that can be viewed by other patients/families Placing of PHI in a regular trash container

19 What Needs to Done in the Event of a Breach? No longer report only a “Significant Risk”. All presumed risks are considered a breach. Complete Breach Assessment Form Report via HHS Website http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html Potentially contact patients with knowledge of suspected or confirmed breach

20 How to Prevent Any and all paperwork changing hands is verified that each and every page belongs to the patient it is handed to All patients are asked their permission to proceed speaking when there are visitors in the room that are not a parent/guardian/POA All conversations are held at a reasonable tone and appropriate venues in the patient care area. Do not discuss patient care in hallways, waiting rooms, or exam rooms with doors open

21 How to Prevent All fax numbers are verified before hitting send, and a fax cover sheet with a confidentiality statement is used at all times All charts are maintained securely away from public view All printouts with patient information are placed facedown when you step away from the desk Computer screens are locked when you step away, even momentarily Patient information is not thrown into a general trash can

22 Questions? Thank you

Download ppt "CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join."

Similar presentations

Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
The Health Insurance Portability and Accountability Act - HIPAA

The Health Insurance Portability and Accountability Act - HIPAA
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Health Insurance Portability and Accountability Act 1.

HIPAA Health Insurance Portability and Accountability Act 1.
Informed Consent.

Informed Consent.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Similar presentations

Ads by Google