Lesson 7 - Overview of HIPAA

8/6/2019 Lesson 7 - Overview of HIPAA

1/22

Overview of Health

Insurance Portability andAccountability Act

(HIPAA) of 1996


2/22

Introduction

Recognizing the need to safeguard information

in this tumultuous age, nationwide regulations,

years in the making, were introduced under the

Health Insurance Portability and Accountability

Act (HIPAA) signed into law on 1996.

In the years that followed, it appeared that the

delays in implementation might lead to itsdemise.


3/22

Overview of

HIPAA

The Health Insurance Portability and

Accountability Act (HIPAA) was signed

into law by President Clinton in 1996. The Office for Civil Rights (OCR) is the

Departmental component responsible for

implementing and enforcing the privacyregulation.


4/22

Overview of

HIPAA

Guaranteeing the security and privacy of

health information has been the focus of

numerous debates. One of the biggest stumbling blocks to

implementation of comprehensive

standards for privacy was the associatedcost.


5/22

Overview of

HIPAA

The Administrative Simplification portion

of this law is intended to decrease the

financial and administrative burdens bystandardizing the electronic transmission

of certain administrative and financial

transactions.


6/22

Overview of

HIPAA

The Privacy Requirements went into effect on

April 14, 2003 and limit the release of protected

healthcare information (PHI) without the

patients knowledge and consent.

According to the US Department of Health and

Human Services (2002), there are certain rights

provided to patients by the Privacy Rule.


7/22

Overview of

HIPAA

On October 16, 2003 the ElectronicTransaction and Code Set Standards became

effective.

The Security Requirements went into effect onApril 21, 2005 and requires the covered

entities to put safeguards into place thatprotect the confidentiality, integrity andavailability of protected health informationwhen stored and transmitted electronically.


8/22

Overview of

HIPAA

Safeguards need to be in place to control

access whether the data and information are at

rest, residing on a machine or storage medium,

being processed or in transmission such as

being backed up to storage or disseminated

across a network.

HIPAA, with its privacy, confidentiality andsecurity regulations became the first national

rules for protecting the patients health

information.


9/22

Overview of

HIPAA

As information becomes more prevalent

in electronic formats, it will be easier to

collect, store, monitor, track, exchange,disseminate and aggregate PHI across

covered entities including healthcare

networks and data repositories.


10/22

Overview of

HIPAA

The HIPAA standards are designed to smooth

the path and actually increase the amount of

electronic transmissions.

The American National Standards Institute

(ANSI) X12N and Health Level 7 (HL7)

Standards Organizations worked together to

develop an electronic standard for claimsattachments to recommend to HHS (Spencer

and Bushman, 2006, 2).


11/22

Overview of

HIPAA

HL7 was initially associated with HIPAA

in 1996 through the creation of a Claims

Attachments Special Interest Groupcharged with standardizing the

supplemental information needed to

support healthcare insurance and other e-

commerce transactions.


12/22

Health Level 7

(HL7 )

Health Level 7 (HL7) - Level Seven in HL7s

name means the highest level of the

International Standards Organization's (ISO)

communications model for Open Systems

Interconnection (OSI) - the application level.

The application level addresses definition of

the data to be exchanged, the timing of theinterchange, and the communication of certain

errors to the application.


13/22

Overview of

HIPAA

The HL7 mission is supported through

two separate groups, the XML Special

Interest Group and the StructuredDocuments Technical Committee.

ISO is a non-governmental organization:

its members are not, as is the case in theUnited Nations system, delegations of

national governments.


14/22

Overview of

HIPAA

It is evident that many organizations haveguidelines, standards and rules to helphealthcare entities collect, store, manipulate,

dispose of and exchange secure PHI. HIPAA guarantees the security and privacy of

health information and curtails health care fraudand abuse while enforcing standards for health

information.


15/22

United States

and Beyond

The Gramm-Leach-Bliley Act (GLBA) is federal

legislation in the United States to control how

financial institutions handle the private

information they collect from individuals.

Sarbanes-Oxley Act (SOX) was legislation that

was put in place to protect shareholders as well

as the public from deceptive accountingpractices in organizations.


16/22

HIPAA

HIPAA Privacy Rule is intended to

enhance the rights of individuals.

This rule provides them with greateraccess and control over their PHI.

They can control its uses, dissemination

and disclosures.


17/22

HIPAA

Covered entities must not only establish a

required level of security for PHI but also

sanctions for employees who violate theirprivacy policies and administrative

processes for responding to patient

requests regarding their information.


18/22

Securing Information

In A Network


19/22

Fair Use of Information and

Sharing Copyright laws in the world of technology

are notoriously misunderstood.

The same copyright laws that cover

physical books, artwork, and other creative

material are still applicable in the digital

world.


20/22

Offsite Use of Portable Devices

If a device is lost or stolen, the agency must haveclear procedures in place to help insure thatsensitive data does not get released or usedinappropriately.

The Department of Health and Human Services(2006) identifies potential risks and proposes riskmanagement strategies for accessing, storing, andtransmitting EPHI. Visit this website for detailed

tabular information (p 4-6) on potential risks andrisk management strategies:http://www.cms.hhs.gov/SecurityStandard/Downloads/SecurityGuidanceforRemoteUseFinal122806.pdf


21/22

Thought Provoking Questions1. Joseph Kiram, a diabetes nurse educator

recently read an article in an onlinejournal that he accessed through his

health agencys database subscription.The article provided a comprehensivechecklist for managing diabetes in olderadults that he prints and distributes to hispatients in a diabetes education class.Does this constitute fair use or is this acopyright violation?


22/22

Thought Provoking Questions

2.Ms. Zenne Sue is a COPD clinic nurse enrolled in aMasters education program. She is interested in writinga paper on the factors that are associated with poorcompliance with medical regimens and associated re-

hospitalization of COPD patients. She downloadspatient information from the clinic database to a thumbdrive that she later accesses on her home computer.Sue understands rules about privacy of information andbelieves that since she is a nurse and needs this

information for a graduate school assignment that she isentitled to the information. Is Ms. Sue correct in herthinking? Give your rationale.