© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA

© 2013 The McGraw-Hill Companies, Inc. All rights reserved.

Ch 8Privacy Law and

HIPAA


Learning Outcomes

8.1 Discuss U.S. constitutional amendments and privacy laws that pertain to health care.

8.2 Explain how the language provisions and standards of the Health Insurance Portability and Accountability Act (HIPAA) mandates apply to your profession.

8-2


Learning Outcomes

8.3 Discuss the special requirements for disclosing protected health information.

8.4 Discuss the patient rights defined by HIPAA.

8.5 Recognize and dispel some of the more prevalent myths concerning HIPAA.

8-3


Privacy

• Freedom from unauthorized intrusion

–Protected by the 1st, 3rd, 4th, 5th, 9th, and 14th amendments

8-4


Basis for Privacy Laws

• Information collected and stored about individuals should be limited to what is necessary to carry out the functions of the business or government agency collecting the information.

• Once it is collected, access to personal information should be limited to those employees who must use the information in performing their jobs.

8-5


Basis for Privacy Laws

• Personal information cannot be released outside the organization collecting it unless authorization is obtained from the subject.

• When information is collected about a person, that person should know that the information is being collected and should have the opportunity to check the information for accuracy.

8-6


U.S. Privacy Laws

8-7


U.S. Privacy Laws

8-8


Question

Tell whether the following statement is true or false.

HIPAA of 1996 was the first federal legislation to deal thoroughly and explicitly with the privacy of medical records.

True

False

8-9


Answer

True

HIPAA of 1996 was the first federal legislation to deal thoroughly and explicitly with the privacy of medical records. To ensure compliance, HIPAA provides for civil and criminal sanctions for violators of the law.

8-10


ARRA Changes to HIPAA

• Changes to HIPAA privacy and security regulations

• Changes in HIPAA enforcement

• Changes that address health information held by either covered entities or business associates not expressly covered by HIPAA

8-11


ARRA Changes to HIPAA (cont.)

• Changes relevant to HIPAA administration, and studies, reports, and educational initiatives related to health care

8-12


HIPAA Legislation

• Health Insurance Portability and Accountability Act– A federal law passed in 1996 to protect

privacy and other health care rights for patients.

8-13


HIPAA Legislation Benefits

• Helps workers keep continuous health insurance coverage when they change jobs.

• Protects confidential medical information from unauthorized disclosure and/or use.

• Helps curb the rising cost of health care fraud and abuse.

8-14


HIPAA Covered Entities

• Hospitals/academic medical centers.

• Nursing homes

• Hospices

• Pharmacies

• Physician practices

• Dental practices

• Chiropractors

8-15


HIPAA Covered Entities (cont.)

• Podiatrists

• Osteopaths

• Physical therapists

• Alternative medicine practitioners

• Laboratories

• Health plans (payers)

• Health care clearinghouses

8-16


HIPAA Covered Transactions

• A physician submitting an electronic claim to a health plan

• A physician sending a referral or authorization electronically to another physician, lab, or hospital

8-17


HIPAA Covered Transactions

• A physician sending patient-identifying information to a billing service or to another physician

• Any health care provider that employs another entity, such as a clearinghouse or billing agency, to send claims to payers or health plans

8-18


Other HIPAA Terms

• Designated record set

• Notice of privacy practices

• Protected health information

• De-identify

• State preemption

• Treatment, payment and health care operations

8-19


HIPAA Standards

• Standard 1. Transactions and Code Sets

• Standard 2. Privacy Rule

• Standard 3. Security Rule

• Standard 4. National Identifier Standards

8-20


Transactions and Code Sets

• Transactions– Transmission of information between two

parties to carry out financial or administrative activities

• Code Sets– Any set of codes used to encode data

elements, such as tables of terms, medical concepts, medical diagnostic codes, or medical procedure codes

8-21


Four Categories of Code Sets

• Coding systems for diseases, impairments, or other health problems

• Causes of injuries, diseases, impairments, or other health problems

• Actions taken to prevent, diagnose, treat, or manage diseases, injuries, and treat impairments

• Substances, equipment, supplies, or other items used to perform these actions

8-22


Required Use of HIPAA Standards

• Claims or encounter information

• Eligibility requests

• Referrals and authorizations

• Claim status inquiries

8-23


Question

Tell whether the following statement is true or false.

According to HIPAA, health care providers and plans can use and disclose patient information (PHI), but they must identify a permission for each use and disclosure.

True

False

8-24


Answer

TrueAccording to HIPAA, health care providers and plans can use and disclose patient information (PHI), but they must identify a permission or reason for each use and disclosure.

8-25


Types of HIPAA-Defined Permissions

• Required disclosures

• Disclosures to patients

• Disclosure for treatment, payment, or health care operations

• Others’ treatment, payment, operations

• Personal representatives

• Disaster relief organizations

8-26


Types of HIPAA-Defined Permissions

• Incidental disclosures

• Public purpose

• Authorization

• De-identification

• Limited data set

8-27


Securing Electronic Data

• Has a security officer for the practice been appointed?

• Are passwords that allow access to electronic information protected?

• Risk assessment should include evaluating how each person protects the password.

8-28


Securing Electronic Data (cont.)

• Passwords should not be posted for all to see.

• Passwords should not be unnecessarily divulged to others.

• Are appropriate security measures, such as firewalls, encryption, and antivirus software in place, and are they checked and updated regularly?

8-29


Special Requirements for Disclosure

• Verification

• Minimum necessary

• Marketing

• Psychotherapy notes

• Policies and procedures consistent with notice of privacy practices

• State laws

8-30


Patient Rights/HIPAA Law

8-31


Protecting Your Privacy

8-32


Question

Tell whether the following statement is true or false

In all cases health care providers cannot issue the names of hospital patients and patient condition updates to family members.

True

False

8-32


Answer

False

It is not true in all cases that health care providers cannot issue the names of hospital patients and patient condition updates to family members.

True

False

8-33

Documents

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA