Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

Published byMervyn Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc."— Presentation transcript:

1 HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

2 WHAT IS HIPAA?  Protect privacy and security of health information  Improve continuity of health insurance coverage and transfer of information about the person

3 WHAT IS HIPAA? -2  Federal law signed in 1996 authorizing development of regulations that: Relates to how we bill for a resident. Relates to how we bill for a resident. How we protect the resident’s private health information; more than the medical record, i.e. Social Security #, insurance #, birth-date, etc. How we protect the resident’s private health information; more than the medical record, i.e. Social Security #, insurance #, birth-date, etc.

4 THIS HIPAA TRAINING FOCUSES ON…  The Privacy Regulation Steps that must be taken to protect individually identifiable health information Steps that must be taken to protect individually identifiable health information Sets standards to restrict, limit and account for access to individual health records Sets standards to restrict, limit and account for access to individual health records Compliance deadline of 4/03 Compliance deadline of 4/03 Steps that must be taken to protect individually identifiable health information Steps that must be taken to protect individually identifiable health information

5 THIS HIPAA TRAINING FOCUSES ON -2  The Privacy Regulation Sets standards to restrict, limit and account for access to individual health records Sets standards to restrict, limit and account for access to individual health records Compliance deadline of 4/03 and still required today -- Compliance deadline of 4/03 and still required today --

6 PRIVACY RULE APPLIES TO  Health Care Providers Your facility is a health care provider Your facility is a health care provider  Health Plans Blue Shield, Kaiser, HMOs and Medi-Cal Blue Shield, Kaiser, HMOs and Medi-Cal

7 CONTINUING CULTURAL CHANGE  Impact of Privacy Rule Implementation including facility’s changes to: POLICIES POLICIES PROCEDURES PROCEDURES PRACTICES – i.e., conversations; care where medical records or other resident documents are kept PRACTICES – i.e., conversations; care where medical records or other resident documents are kept

8 FUNDAMENTAL PURPOSE OF PRIVACY RULE  Establish standards for Protection of Health Information Relates to past / present / future physical or mental health conditions Relates to past / present / future physical or mental health conditions Identifies the individual OR information that can be used to identify the individual Identifies the individual OR information that can be used to identify the individual

9 FACILITIES ARE REQUIRED  By federal and state law to : Maintain the privacy of health information Maintain the privacy of health information Provide notice of facility’s privacy practices TO THE RESIDENT, CONSERVATOR, REPRESENTATIVE Provide notice of facility’s privacy practices TO THE RESIDENT, CONSERVATOR, REPRESENTATIVE

10 PHI - PROTECTED HEALTH INFORMATION  Includes PHI transmitted/maintained Electronically – computer, e-mail Electronically – computer, e-mail In any other form or medium – disk, fax, paper, and orally In any other form or medium – disk, fax, paper, and orally Can you identify other records that might be seen by staff who do not need the information to do their job duties? Can you identify other records that might be seen by staff who do not need the information to do their job duties?

11 PRIVACY PRACTICE

12 PRIVACY – A WELL ESTABLISHED ‘ RIGHT’…  The HIPAA Privacy Regulation grants six rights to individuals regarding their health information: Confidential Communication Confidential Communication Access to and copies of health information Access to and copies of health information May request amendments to their health information May request amendments to their health information

13 PRIVACY – A WELL… -2  The HIPAA Privacy Regulation grants six rights to individuals regarding their health information (cont): Upon request, must be given an accounting of disclosures of their health information to others. Upon request, must be given an accounting of disclosures of their health information to others. Upon request, must be given a paper copy of the Notice of Privacy Practices. Upon request, must be given a paper copy of the Notice of Privacy Practices. May request restrictions on the uses and disclosures of health information May request restrictions on the uses and disclosures of health information

14 MINIMUM NECESSARY  The facility shall limit the amount of PHI: Disclosed or requested to documentation/related to protected health information that is reasonably necessary to carry out the job or fulfill the request for information. Disclosed or requested to documentation/related to protected health information that is reasonably necessary to carry out the job or fulfill the request for information. To employees only to the extent they need the information to carry out their JOB DUTIES [what does this mean to you??] To employees only to the extent they need the information to carry out their JOB DUTIES [what does this mean to you??]

15 MINIMUM NECESSARY -3  Examples As a team member you would need access to the health information to make resident care plan decisions. As a team member you would need access to the health information to make resident care plan decisions. Certified Nursing Assistant – What information do you need to do your job? Certified Nursing Assistant – What information do you need to do your job?

16 MINIMUM NECESSARY -6 Does NOT apply: When sending to another health care provider; however, you only need to give the information that is needed! When sending to another health care provider; however, you only need to give the information that is needed! Disclosure to the individual Disclosure to the individual Uses and disclosures made pursuant to an authorization Uses and disclosures made pursuant to an authorization To Dept. of Public Health L & C, required for compliance, otherwise required by law, ie., law enforcement, public health, Office of Inspector General To Dept. of Public Health L & C, required for compliance, otherwise required by law, ie., law enforcement, public health, Office of Inspector General

17 RIGHTS PRACTICE SESSION  You are working near the nursing station and find resident documents on the floor what should you do?  Confidential resident information is destroyed how?

18 HITECH & HIPAA ACCESS HITECH HIPAA SB 541 BREACHES Privacy and Security

19 Part of the American Recovery and Reinvestment Act of 2009 Applies the HIPAA privacy and security rules and their penalties to HIPAA business associates Creates a new breach reporting requirement for HIPPA CEs and BAs Effective Date February 2009 Part of the American Recovery and Reinvestment Act of 2009 Applies the HIPAA privacy and security rules and their penalties to HIPAA business associates Creates a new breach reporting requirement for HIPPA CEs and BAs Effective Date February 2009 California legislature that enforces reporting requirements for unlawful or unauthorized access, use or disclosure of a patient’s medical information Reporting requirement within 5 days of discovery Effective Date 2009 California legislature that enforces reporting requirements for unlawful or unauthorized access, use or disclosure of a patient’s medical information Reporting requirement within 5 days of discovery Effective Date 2009 Health Insurance Portability and Accountability Act Guidance for Privacy and Security of protected health information 45CFR 160 -164 Effective Date 2003 Health Insurance Portability and Accountability Act Guidance for Privacy and Security of protected health information 45CFR 160 -164 Effective Date 2003 HIPAA SB 541 HITECH ACT

20 HITECH Vocabulary  Breach – the unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of such information  Unsecured PHI – PHI that is not secured through the use of a technology or methodology that renders PHI “unusable, unreadable, or indecipherable to unauthorized individuals.  Acceptable methodologies – Encryption as specified in the HIPAA security rule  Shredding or destroying of non-electronic PHI

21 No Safe Harbor  California covered entities are still required to report unlawful or unauthorized access, use or disclosure of a patient’s medical information within 5 days to comply with SB 541 – which has been in effect since January 2009

22 Penalties  SB-541 – failure to report within 5 days $100 per day for each day that the unlawful or unauthorized access, use or disclosure is not reported up to a maximum of $250,000. $100 per day for each day that the unlawful or unauthorized access, use or disclosure is not reported up to a maximum of $250,000.

23 RIGHTS PRACTICE SESSION -2  You are working and can overhear a conversation about a resident. What should you do? Close the door if possible. Close the door if possible. Leave the area. Leave the area. Let the staff know you can hear. Let the staff know you can hear.

24 RIGHTS PRACTICE SESSION -3  The nursing staff are discussing a resident’s behavior and medications at an open nursing station where you can over hear the conversation and visitors are in a nearby room. 1.Is this protection of health information? 2. What should be done?

25 PRIVACY OFFICIAL  Addressed in Administrative Requirements  A Privacy Official has been designated for each Facility who is: MRD  A Contact Person/Department The Privacy Official is responsible for the oversight of resident privacy under HIPAA regulations and other state/federal regulations

26 PRIVACY NOTICE REVIEW COMPLAINT PROCESS  May file a complaint with either: Facility Facility Privacy OfficialPrivacy Official Health and Human Services Health and Human Services Office of Civil RightsOffice of Civil Rights  Complaint must be in writing and filed within 180 days of identifying the complaint

27

Download ppt "HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations

Ads by Google