HIPAA

The Health Insurance Portability and Accountability Act HIPAA

HIPAA HIPAA Privacy – Protection for the privacy of Protected Health Information (PHI) effective April 14, 2003 (including Standardization of electronic data interchange in health care transactions, effective October 2003)

What is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act of 1996 HIPAA is a Federal Law HIPAA is a response to Congress, to healthcare reform HIPAA affects the health care industry HIPAA is mandatory

What is HIPAA? HIPAA protects the privacy and security of a patient’s health information HIPAA provides for electronic and physical security of a patient’s health information HIPAA prevents health care fraud and abuse HIPAA simplifies billing and other transactions, reducing health care administrative costs

Protected Health Information (PHI) PHI is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient’s medical record or payment history. PHI may be: paper format electronic format or information transmitted orally

What Patient Information Must We Protect? Protected Health Information (PHI) Relates to past, present, or future physical or mental condition of an individual; provision of healthcare to an individual; of for payment of care provided to an individual Is transmitted or maintained in any form (electronic, paper, or orally) Identifies, or can be used to identify the individual

PHI Examples Name Address Name of Employer Any date (birth, admit date, discharge date) Telephone and Fax numbers Email address Social Security Number Medical Records

When is it acceptable to use a patient’s PHI? Treatment of the patient, including appointment reminders Payment of health care bills Business and management operations Disclosures required by law Public Health and other governmental reporting

Protect the Privacy of the Patient’s PHI Look at a patient’s PHI only if you need it to perform your job Use a patient’s PHI only if you need it to perform your job Give a patient’s PHI to others only when it’s necessary for them to perform their jobs Talk to others about a patient’s PHI only if it is necessary to perform your job, and do it discreetly

Sharing PHI Refrain from discussing PHI in public areas unless doing so is necessary to provide treatment Medical and support staff should take care of sharing PHI with family members, relatives, or personal representatives of patients. Information cannot be disclosed unless the patient has had an opportunity to agree with or object to the disclosure Personal representatives are those individuals who are able to make healthcare decisions on behalf or the patient

Opportunity for Individual to Agree or Object

Notice of Privacy Practices Must give individual opportunity to restrict or prohibit (can be oral) the use or disclosure of name, location, general condition, and religious affiliation for: Disclosure to persons who request the individual by name (except religion) Disclosure to clergy Emergency exception

Health Center Notice of Privacy Practices You can find the Notice of Privacy Practices on the Health Center web site under “Services” Services Staff Wellness Flu Virus Information

Family, Friends, and Advocates Must give individual opportunity to agree or object: May disclose PHI relevant to person’s involvement in care or payment to family, friends, or others identified by individual May notify of individual’s location, condition, or death to family, personal representatives, or another responsible for care When individual is not present or incapacitated: Above uses and disclosures are permissible using professional judgment to determine if in best interest of individual

Public Policy Uses and Disclosures

Public Policy Purposes (a) As required by law (b) For public health (c) About victims of abuse, neglect or domestic violence (d) For health oversight activities (e) For judicial & administrative proceedings (f) For law enforcement purposes

Public Policy Purposes (2) (g) About decedents (to coroners, medical examiners, funeral directors) (h) For cadaver organ, eye or tissue donations (i) For research purposes (j) To avert a serious threat to health or safety (k) For specialized government functions (military, veterans, national security, protective services, State Dept., correctional (l) For workers’ compensation

Investigations & Compliance Reviews The Office of Civil Rights (OCR) may investigate complaints OCR may conduct compliance reviews to determine whether Covered Entities are in compliance

Filing Complaints Any person or organization may file complaint with OCR by mail or electronically Only for possible violations occurring after compliance date Complaints should be filed within 180 days of when the complainant knew or should have known that the act or omission occurred Individuals may also file complaints with Covered Entity

Complaint Process Informal review may resolve issue fully without formal investigation Many complaints will be resolved at this stage If not, begin investigation Voluntary resolution yet possible Technical Assistance

Civil Monetary Penalties (CMPs) CMPs can be imposed by OCR: $100 per violation Capped at $25,000 for each calendar year for each identical requirement or prohibition that is violated Covered Entity has a right to notice and a hearing before a CMP becomes final

Employee Obligations Do not disclose PHI without patient authorization If there is an unauthorized disclosure of PHI contact OCR immediately

Information Indiana State Department of Health Office of Technology and Compliance : http://www.in.gov/isdh/23500.htm U.S. Department of Health & Human Services and the Office of Civil Rights: http://www.hhs.gov/ocr/privacy/

HIPAA

More Related Content

What's hot (20)

Similar to HIPAA (20)

More from kgriffin62 (6)

Recently uploaded (20)

HIPAA