Health Insurance Portability and Accountability Act (HIPAA) CCAC

  • View
    213

  • Download
    1

Embed Size (px)

Text of Health Insurance Portability and Accountability Act (HIPAA) CCAC

  • Health Insurance Portability and Accountability Act (HIPAA)CCAC

    HIPPA Overview

    *

    Learning OutcomesDefine HIPAA Describe Privacy Rule/Covered EntitiesDefine Protected Health Information (PHI)Know When to Use and Disclose PHIDefine De-identified PHIDescribe Need to Comply With HIPAA

    HIPPA Overview

    *

    What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996 Department of Health and Human Services (DHHS) administers the Act

    HIPPA Overview

    *

    HIPAA Primary ObjectivesImprove portability and continuity of health insurance coverageCombat waste, fraud and abuse in health carePromote the use of medical savings accountsImprove access to long-term care servicesSimplify administration of health insurance

    HIPPA Overview

    *

    Why the Need for HIPAA?Advancements in Technology Allows greater access to protected health information (PHI) Increased use of electronic transmission of patient data

    HIPPA Overview

    *

    HIPAA Privacy RulePublished in Federal Register December 28, 200045 CFR: Part 160: General Administrative Requirements45 CFR: Part 162: Administrative Requirements45 CFR: Part 164: Security and Privacyhttp://www.hhs.gov/ocr/hipaa

    HIPPA Overview

    *

    Covered EntitiesHealth PlanHealth Care ClearinghouseHealth Care Provider

    HIPPA Overview

    *

    Covered EntitiesBusiness AssociateHybrid

    HIPPA Overview

    *

    Protected Health Information (PHI)Individually Identifiable Health Information held or transmitted by a covered entity or its business associatein any form or mediawhether electronic, paper or oral

    HIPPA Overview

    *

    Individually Identifiable Health InformationPast, present or future physical or mental health condition or payment for provision of health care, or Provision of health care identifying the individual byNameAddressBirth date Social Security Number

    HIPPA Overview

    *

    ElectronicComputer Systems OralFormal and Informal Presentations, DiscussionsWrittenMedical Records, Reports, Publications, Letters, FaxesProtected Health Information (PHI)

    HIPPA Overview

    *

    Permitted Uses and DisclosuresWithout an individuals authorization:Treatment, Payment, and Health Care OperationsOpportunity to Agree or ObjectIncidental to otherwise permitted usePublic Interest and Benefit ActivitiesLimited Data Set

    HIPPA Overview

    *

    Permitted Uses and Disclosures May Not use or disclose except either as the:Privacy Rule permits or requires, orIndividual or personal representative authorizes in writingMust disclose in two situations:To individuals when requestedDHHS in compliance investigation or review or enforcement action

    HIPPA Overview

    *

    Minimum NecessaryCovered entity must:Make reasonable effort to disclose minimum amount of information to meet the purposeDevelop and implement policies and procedures for reasonable limitNot use, disclose, or request the entire medical record unless it can justify whole record is reasonably needed for the purpose

    HIPPA Overview

    *

    Individuals RightsKnow who may use and/or disclose PHI and to whom PHI is disclosed and for what purposeKnow the duration of the use/disclosure of PHIRevoke the use and/or disclosure of PHI at any time in writingHave access to inspect and obtain a copy of own PHIProvide Written Authorization for use and/or disclosure of PHI

    HIPPA Overview

    *

    Limited Data SetCertain, specified direct identifiers removedUsed and disclosed for ResearchHealth care operationsPublic health purposesRecipient promises safeguards

    HIPPA Overview

    *

    De-Identified Health InformationNo restrictions on use or disclosureNeither identifies or provides a reasonable basis to identify an individualTwo ways to de-identifyFormal determination of qualified personRemoval of specified identifiers

    HIPPA Overview

    *

    HIPAA Exercise #1What are specified identifiers?List on a flipchart

    HIPPA Overview

    *

    Specified Identifiers________________________________________________________________________________________________________________________________________________________________________________________________

    HIPPA Overview

    *

    Specified Identifiers________________________________________________________________________________________________

    ________________________________________________________________________________________________

    HIPPA Overview

    *

    Authorization Who provides?What is included?When is it necessary?Who is involved in the process?

    HIPPA Overview

    *

    AuthorizationProvided by individual in writingWritten in specific termsMay allow use and disclosure by covered entity or third partyWritten in plain language

    HIPPA Overview

    *

    AuthorizationContains specific informationDescription of information to be used/disclosed in specific and meaningful fashionPersons disclosing and receivingExpiration date or noneRight to revoke Individuals signature and date

    HIPPA Overview

    *

    AuthorizationCovered Entity and Individual Privacy Board Institutional Review Board (Research)Copy provided to individualExamples of required use

    HIPPA Overview

    *

    Authorization RequiredPsychotherapy NotesMarketing with following exceptions:Face-to-face between covered entity and individualCovered entitys provision of promotional gifts of nominal valueIf direct or indirect remuneration from a third party, fact must be revealed

    HIPPA Overview

    *

    Authorization in ResearchWaiver or Authorization RequiredReview and Approval by a Privacy Board or IRBStatement identifying Board and Date of ApprovalSigned by Chair or designee

    HIPPA Overview

    *

    Privacy Practices NoticeCovered entities must provide since April 14, 2003Notice to contain certain elementsDeliver to patientsPosted at each service deliver siteAvailable on requestOn Website

    HIPPA Overview

    *

    Privacy Practices NoticeObtain written acknowledgement from patients of receipt Document reason for failure to obtain written acknowledgement

    HIPPA Overview

    *

    Enforcement of HIPAA Office of Civil Rights (OCR) is responsible Covered entity investigated after a complaint is receivedProcess may include Investigations and Compliance Reviews

    HIPPA Overview

    *

    Compliance with HIPAAProcesses for Filing ComplaintsCovered Entities to providerecordscompliance reportsCooperate with and permit access to information

    HIPPA Overview

    *

    Penalties General Penalty: $100 per person per violation up to $25,000/year Wrongful Disclosure PenaltiesEnforced by Department of Justice Fined up to $50,000, imprisoned not more than 1 year or both

    HIPPA Overview

    *

    Penalties Wrongful Disclosure Penalties Fined up to $100,000, imprisoned not more than 5 years or both for obtaining PHI under false pretenses Fined up to $250,000, imprisoned not more than 10 years for obtaining PHI with intent to sell, transfer, or use for commercial advantage, personal gain or malicious harm

    HIPPA Overview

    *

    HIPAA Exercise #2Handout in binderFill in the blanks with the number preceding the correct answer Some numbers may be used more than once

    HIPPA Overview

    *

    SummaryHIPAA and the Privacy RuleCovered Entities ResponsibilitiesIndividually Identifiable Health InformationUse and Disclosure of PHIAuthorizationsDe-Identified PHICompliance with HIPAA

    HIPPA Overview

    *

    ReferencesOCR Privacy Rule Summary Revised 05/03HIPAA Privacy RuleAnnotated to Reflect August 14, 2002 Modifications; HIPAA Advisory.com/Courtest of William MacBain, MacBain & MacBain, LLCPublic Law 104-191, August 21, 1996, An Acthttp://www.hhs.gov/ocr/hipaa

    HIPPA Overview

    This presentation is about the Health Insurance Portability and Accountability Act or HIPAA as it is commonly referred to and its impact on the healthcare industry as a whole. Although this act was enacted by Congress in 1996, it continues to evolve as the regulatory agencies of the U.S. government assess its impact on specific regulations. The majority of the presentation focuses on the Privacy Rule and the regulations contained in that rule.Please feel free to ask questions as the material is presented to ensure you understand its impact on you personally as well as professionally.The purpose of this training is to define HIPAA and the Privacy Rule. The learning outcomes are those activities that you, as a participant, will be able to do once the training is complete. You will be able to define HIPAA and understand it as an Act. You will also be able to describe the Privacy Rule and determine who the Covered Entities are. To define Protected Health Information or PHI to the extent that you will know how and when to use (if a covered entity), know what may or may not be disclosed and the requirements for compliance with the privacy rule. In addition you will define de-identified Protected Health Information and how it may be used and/or disclosed. Once you recognize where you fit into the picture (Covered Entity, Business Associate and/or Patient) you will better recognize how to comply with HIPAA. The Health Insurance Portability and Accountability Act or HIPAA was signed into law on August 21, 1996. Once an Act is signed into law it is assigned to a government agency to enact. In this case it was assigned to the Department of Health and Human Services or DHHS for administration. The administration generally requires development of regulations (the how to be in compliance with the law). Once we have completed this training course, you will be aware of the need for compliance with HIPAA and how to be in compliance with this act.The primary objectives