Upload
simone-roff
View
219
Download
1
Tags:
Embed Size (px)
Citation preview
11
HIPAAHIPAA Education Education CCAC Professional Development CCAC Professional Development
Training September 2006Training September 2006
22
Privacy Privacy and and ConfidentialityConfidentialityhave always been important have always been important ethical considerations in any ethical considerations in any
healthcare environment.healthcare environment.
Introduction
33
The U.S. Government has The U.S. Government has set laws in place to set laws in place to makemake suresure that privacy and that privacy and confidentiality are followed confidentiality are followed
PrivacyConfidentiality
HIPAA
44
What is What is HIPAAHIPAA??
Health Insurance Portability and Health Insurance Portability and Accountability ActAccountability Act– Law enacted in 1996Law enacted in 1996– Privacy Rule in 2003Privacy Rule in 2003– Security Rule in 2005Security Rule in 2005
Health Plans, Clearing Houses Health Plans, Clearing Houses and Healthcare Providersand Healthcare Providersmust complymust comply
55
Or else be hit with Federal Or else be hit with Federal penalties!!!penalties!!!
66
These penalties can be These penalties can be either civil ranging up to either civil ranging up to $25,000$25,000 or orcriminal ranging up to criminal ranging up to $250,000 or prison $250,000 or prison sentences up to 10 yearssentences up to 10 years
77
Patient Rights Under Patient Rights Under HIPAAHIPAA
Gives patients moreGives patients more controlcontrol over over their health informationtheir health information
Protects patients health information Protects patients health information andand anyany information that could information that could identify the patient.identify the patient.
Gives conditions on how health Gives conditions on how health information may be released.information may be released.
Requires providers to safeguard health Requires providers to safeguard health information whether it is verbal, information whether it is verbal, written or electronic.written or electronic.
88
HIPAA defines patient information HIPAA defines patient information as Protected Health Informationas Protected Health Information
(PHI)(PHI) NameName AddressAddress RelativesRelatives EmployersEmployers Birth DateBirth Date TelephoneTelephone Fax NumberFax Number Social Security #Social Security #
License NumberLicense Number Health Plan Health Plan
NumberNumber Medical Record Medical Record
NumberNumber Finger/Voice PrintsFinger/Voice Prints Internet AddressInternet Address Email AddressEmail Address Vehicle Serial Vehicle Serial
NumberNumber
99
Privacy PrinciplesPrivacy Principles
What does HIPAA require Providers to do?What does HIPAA require Providers to do?– Develop policies and proceduresDevelop policies and procedures– Educate employeesEducate employees– Give patients a copy of the Notice of Privacy Give patients a copy of the Notice of Privacy
PracticesPractices– Create a new authorization form Create a new authorization form – Develop “safeguards” for protecting Develop “safeguards” for protecting
informationinformation– Designate a Privacy Officer and Security Designate a Privacy Officer and Security
OfficerOfficer
1010
Privacy PrinciplesPrivacy Principles
Notice of Privacy Practices (NPP)Notice of Privacy Practices (NPP)– Given to the patient upon registrationGiven to the patient upon registration– Describes how information may be Describes how information may be
used and disclosedused and disclosed– Responsibility to safeguard informationResponsibility to safeguard information– Patient should “acknowledge” the Patient should “acknowledge” the
receipt of Noticereceipt of Notice– Outlines Patients Rights under HIPAAOutlines Patients Rights under HIPAA
1111
Privacy PrinciplesPrivacy Principles
Patient’s Health Information RightsPatient’s Health Information Rights– Restrict use and disclosureRestrict use and disclosure– Inspect and copy the recordInspect and copy the record– Add an amendment to the recordAdd an amendment to the record– Know what information was released Know what information was released
for other purposesfor other purposes– Complain about health information Complain about health information
practicespractices
1212
Ways to Protect Ways to Protect ConfidentialityConfidentiality
Confidential communicationsConfidential communications Guidelines for Telephone UseGuidelines for Telephone Use Fax policyFax policy Using Records and Other Using Records and Other
InformationInformation– Patient AuthorizationPatient Authorization– T-P-O Treatment, Payment, T-P-O Treatment, Payment,
OperationsOperations
1313
Ways to Protect Ways to Protect ConfidentialityConfidentiality
The Minimum Necessary StandardThe Minimum Necessary Standard
As a healthcare employee As a healthcare employee you should ask you should ask yourself…yourself…
1414
……do I do I need to knowneed to know this to do my job?????this to do my job?????
This is called the “This is called the “Minimum Minimum NecessaryNecessary””
1515
The Minimum Necessary standard requires providers to evaluate their practices and enhance safeguards as needed to limit unnecessary or inappropriate access to. and disclosure of PHI.
Providers should have a policy to limit how much PHI is used, disclosed, and requested for certain purposes. Policies must limit who has access to PHI, and under what conditions, based on individual job responsibilities and the nature of their business.
Minimum Necessary StandardMinimum Necessary Standard
1616
This law This law DOES NOTDOES NOT interfere interfere with your staff continuing to with your staff continuing to provide the Quality Care you provide the Quality Care you
have always provided!!!have always provided!!!
There is no Minimum Necessary requirement when it There is no Minimum Necessary requirement when it comes to treating a patient. For treatment purposes comes to treating a patient. For treatment purposes
you are allowed to share information freely with other you are allowed to share information freely with other treatment personnel directly caring for the patienttreatment personnel directly caring for the patient
What HIPAA is NOT…What HIPAA is NOT…
1717
Scenario Scenario
You have just had to deal You have just had to deal with a very demanding with a very demanding customer and need to customer and need to discuss your frustrations discuss your frustrations with someone. As you walk with someone. As you walk outside to get some air, you outside to get some air, you see a friend from another see a friend from another department. What do you department. What do you do?do?
1818
Protecting the Medical Protecting the Medical RecordRecord
What do I need to know about What do I need to know about releasing patient information?releasing patient information?– Is this for T-P-O?Is this for T-P-O?– Is there an Authorization?Is there an Authorization?– Did I ask the patient?Did I ask the patient?– Are there adequate safeguards?Are there adequate safeguards?– Did I use professional judgment?Did I use professional judgment?
1919
The Security RegulationThe Security Regulationand Electronic Informationand Electronic Information
Protecting Electronic Protected Protecting Electronic Protected Health Information (ePHI)Health Information (ePHI)– C-ConfidentialityC-Confidentiality– I-IntegrityI-Integrity– A- AvailabilityA- Availability
Risk AssessmentRisk Assessment Safeguards for Protecting DataSafeguards for Protecting Data
2020
Helpful Hints When Helpful Hints When Working with ComputersWorking with Computers
Never share your password Never share your password
Always keep computer screens pointed Always keep computer screens pointed away from the publicaway from the public
Never remove computer equipment, Never remove computer equipment, disks or software from the facility unless disks or software from the facility unless you have permission to do soyou have permission to do so
Only access the information that you Only access the information that you needneed
2121
Helpful Hints When Helpful Hints When Working with ComputersWorking with Computers
Always double check the address line of Always double check the address line of an email before you send itan email before you send it
Don’t leave your computer unattended. If Don’t leave your computer unattended. If you have to walk away, log off before you you have to walk away, log off before you leaveleave
Look out for suspicious activity to makeLook out for suspicious activity to make sure no one else uses your account or sure no one else uses your account or
passwordpassword
2222
Exceptions to the RuleExceptions to the Rule
Reasons for releasing confidential Reasons for releasing confidential informationinformation
When reporting is requiredWhen reporting is required What happens if you accidentally What happens if you accidentally
release information?release information?
2323
Understanding Your Understanding Your RoleRole Read the Privacy NoticeRead the Privacy Notice Know your company’s policies Know your company’s policies
and proceduresand procedures Know when state regulationKnow when state regulation
“ “pre-empts” HIPAApre-empts” HIPAA Use appropriate safeguardsUse appropriate safeguards Talk to your Privacy OfficerTalk to your Privacy Officer
2424
What is New with What is New with HIPAA?HIPAA?
TransactionsTransactions Claims attachmentClaims attachment
EnforcementEnforcementComplaint DrivenComplaint Driven
Monetary/Civil PenaltiesMonetary/Civil Penalties
National Provider IdentifierNational Provider IdentifierAssigned identifier to be used inAssigned identifier to be used in
all external electronic transactionsall external electronic transactions(May 2007 effective date)(May 2007 effective date)
2525