Embed Size (px)
Citation preview
HIPAA
Michigan Cancer Registrars Association 2005 Annual Educational Conference
Sandy Routhier
HIPAA History
• Health Insurance Portability and Accountability Act of 1996 “Administrative Simplification!”
• Federal Law – Published in Federal Register• Department of Health and Human Services
(HHS) issued the regulation: Standards for Privacy of Individually Identifiable Health Information
• The Office for Civil Rights (OCR) is the department responsible for implementing and enforcing the privacy regulation
HIPAA Privacy Regulations
• Compliance Date: April 14, 2003• Primary Resource: http://www.hhs.gov/ocr/hipaa• Final Regulation (12/28/00, 8/14/02): http://
www.hhs.gov/ocr/hipaa/finalreg.html• Summary of Regulation: http://
www.hhs.gov/ocr/privacysummary.pdf• State of Michigan’s Medical Record Access Act
– House Bill 4706 signed by Governor Granholm on April 1, 2004, effective immediately
– www.michiganlegislature.org (search for bill 4706)
Official Privacy Website
http://www.hhs.gov/ocr/hipaa/
Other HIPAA Initiatives
SECURITY REGULATIONS:• Compliance Date: April 21, 2005• Final Regulation (2/13/03):
http://www.hipaadvisory.com/regs/Regs_in_PDF/finaltrans.pdf• Fearsome Four: Audits, Activity Review, Risk Planning &
Disaster Recovery
TRANSACTION & CODE SET STANDARDS:• Final Rule published: 8/17/00, Final Modifications: 2/20/03• Compliance Date: October 16, 2003 (July 2004)• Final Regulation:
http://www.cms.hhs.gov/regulations/hipaa/cms0003-5/0003ofr2-10.pdf
More HIPAA To ComeNATIONAL PROVIDER IDENTIFIERS (NPI):• Final Rule published: 1/23/04 (See CMS website)• Can begin application process 5/23/05• Compliance Date: 5/23/07
NATIONAL EMPLOYER IDENTIFIERS:• Final Rule published: 5/31/02• Compliance Date: 7/30/04
NATIONAL HEALTH PLAN IDENTIFIERS
NATIONAL PATIENT IDENTIFIERS
Link to all HIPAA Regulations:
http://www.cms.hhs.gov/hipaa/hipaa2/regulations/default.asp
PRIVACY REGULATIONSPurpose
– To protect and enhance the rights of patients by providing them with access to their health information and controlling the inappropriate use of that information
– To improve the efficiency and effectiveness of healthcare delivery by creating a national framework for privacy protection
PATIENT PRIVACY
• With or without HIPAA, protecting privacy of health information is important to consumers
• Consumers are concerned about unauthorized disclosures of personal health information
• Rightly or wrongly, consumers are distrustful of providers, plans and employers in regard to their personal health information
PRIVACY BASICS• Covered Entities
– Health care providers, Health Plans & Clearinghouses
• Business Associates• Privacy Officer• Notice of Privacy Practice (Privacy Notice)• PHI = Protected Health Information
– Oral - Written - Electronic
• Minimum Necessary• Incidental Uses & Disclosures
Privacy Basics
• TPO = Treatment, Payment, Healthcare Operations
• Accounting for Disclosures• Directory – Hospital/Clergy• Reasonable Safeguards
– Role based Access
• Request for Amendments• Request for Restrictions• Complaint Process
Penalties
• Civil penalties of $100 per violation, up to $25,000 per standard violated per year
• Criminal penalties up to $250,000 and 10 years imprisonment
Security Basics• Administrative Procedures
– Policies & Procedures
• Physical Safeguards– Theft - Snooping– Vandalism - Environment– Disaster Recovery
• Technical Security– Authorizing– Accounting for Access– Encryption
Cancer Registry Impact
• Access to PHI
• Reporting data
• Patient follow up
• Accounting for disclosures
• Business Associate Agreements
