1. HIPAA Health Insurance Portability and Accountability Act of 1996

2. HIPAA - It’s the Law  Title II, Subtitle F of this act has 4 key aims:  * Protect the insurability of individuals (health ins.) Must cover you immediately at a new job.  * Ensure information security  * Simplify health care administration  * Preserve patient privacy of individual health information

3. It mandates regulation in 5 areas  * Electronic transactions standards  * Unique health identifiers  * Standard code sets  * Security of electronically stored health care data  * Privacy of individually identifiable health information

4. Why These New Regulations?  Congress perceived:  * Increased public concern about privacy  * Increased use of interconnected electronic information systems in health care  * Advances in genetic science  * Estimated average of 150 people have access to patient’s medical records

5. The Ultimate Goal  * Improve consumer control of their health information  * Change the way health care is provided and information is managed  * Health care industry to speak the same language (provide a seamless exchange of clinical information between health care providers by 2005)  * Save the industry administrative $$ by administration simplification

6. National Impact  * The most sweeping legislation to affect the health care system in over 30 years (since Medicare)  * Popular consensus anticipates real benefits from HIPAA law  * Everyone in health care is affected!!!!!

7. Health Care Impact  HIPAA effects:  * How we code patient’s charts  * How we transact with health care payers  * Who can access patient information  * How we use patient information  * How we protect patient information  * And others ……

8. Who is Affected?  * Chief Privacy Officer  * Board of Directors  * Executive Officers  * Service Line Directors  * Physicians  * Hospital staff  * Medical Students and residents  * Contractors and vendors  * Volunteers

9. Transaction and Code Sets… What Are These?  Electronic Transaction is the electronic exchange of information between two parties to carry out financial or administrative activities related to health care. Includes: Health plan premium payments Claims information Claims eligibility Claim status ETC.

10. Industry Example:  What are the benefits of using standard pharmacy transactions? Faster payments, faster response to eligibility request, etc.

11. HIPAA Universal Identifiers include:  * Health Care Providers (10 digit alphanumeric)  * Employers (9 digit tax payer number)  * Health Plans (9 digit ID number assigned)  * Individual (hot debate – delayed legislation)

12. Privacy VS. Security  Privacy The right of individuals to keep information about themselves from being disclosed to others.  Security The ability to control access and protect information from accidental or intentional disclosure to unauthorized persons, from alterations, destruction or loss

13. SECURITY Facility not just electronic security  Some Safeguards include:  * Password for computer  * Locking drawers, bins, file cabinets  * Clean desk awareness  * Faxes, printouts and reports  * Virus protection  * Backup and disaster recovery procedures

14. More safeguards:  * Unique user I D  * Access restriction  * Audit controls (examine system activity)  * Entity ID verification  * Data authentication (to ensure data is not altered or destroyed)  * Transmission security

15. Privacy – what is it?  The Privacy Rule  States that a Covered Entity may not use or disclose Protected Health Information (PHI) unless the patient agrees to the use of disclosure, or the use of disclosure is specifically required or permitted by the HIPAA regulations.  Compliance - April 14, 2003

16. What is Protected Health Information?  * Names  * Social Security Number  * Geographic locations smaller than a state  * Photographs  * Birth date except for year  * Medical record # or account #  * Telephone or fax  * License #, VIN #  * Email address  * URLs/Ip address  * Health Plan beneficiary numbers  * Biometric identifiers

17. Why Be HIPAA Compliant?  * It’s the law! Civil penalties $100 to $25,000 per person, per standard…. And worse.  * Unauthorized Disclosure or Misuse of Patient Information (Criminal Penalty) Fine up to $250,000 and/or 10 years in prison For a knowing misuse of information  * Save Administrative $$$$  * Good business to protect privacy  * Penalties apply to individuals and organizations

18. Office of Civil Rights oversees this law  Types of complaints received so far:  * Disclosure of identifying information  * Not releasing allowed information  * Not providing a copy of records to patient

19. Who Complains?  Physicians  Patients  Public