Hipaa 2 hours

993 views

Published on

This course provides training and CEUs for addicitons counselors and LPCs working in Addictions, Mental Health and Co-Occurring Disorders will help counselors, social workers, marriage and family therapists, alcohol and drug counselors and addictions professionals get continuing education and certification training to aid them in providing services guided by best practices. AllCEUs is approved by the california Association of Alcohol and Drug Abuse Counselors (CAADAC), NAADAC, the Association for Addictions Professionals, the Alcohol and Drug Abuse Counseling Board of Georgia (ADACB-GA), the National Board for Certified Counselors (NBCC) and most states.

Published in: Health & Medicine
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
993
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • [NARRATOR] The Health Insurance Portability & Accountability Act was passed by Congress in 1996 to guarantee that individuals could move from one health plan to another without losing insurance coverage, or be denied coverage because of pre-existing conditions. HIPAA, which does not replace the Privacy Act of 1974, quickly became a sweeping attempt to remedy many of the problems in health care today. [TRAINER] Portability – ability to transfer health insurance from one job to another – already in effect Accountability – prevent health care fraud and abuse – already in effect Administrative Simplification – to decrease costs and administrative burdens of providing health care Does not replace privacy act of 1974
  • [NARRATOR] HIPAA’s Privacy Rules are designed to address public concern for healthcare privacy and the increased risks associated with new technologies. The national standards, boundaries and safeguards support a good relationship between providers & patients and holds violators accountable for their actions. [TRAINER: Add any insight, stories or experience that is specific to your area of expertise, area, or facility.] New Technology Increases Privacy Risk Public and Congressional Concern About Health Care Privacy Support for Provider/Patient Relationship Creates National Standards to Protect PHI Sets National Boundaries on the Use and Release of Health Records Establishes Appropriate Safeguards for Protection of PHI Strikes a Balance to Support Disclosure for Public Health Purpose Holds Violators Accountable – Civil and Criminal Penalties
  • [NARRATOR] HIPAA provides patients with the right to release, limit release, request corrections and/or amendments, and obtain a list of individuals and agencies to whom or which their protected health information has been released. When there are disputes, patients also have the right to file complaints. [TRAINER] Right to Accounting of Disclosures Limits Releases to the Minimum PHI that is Necessary Gives Right to Obtain Copy of and Examine Their Health Record Gives Right to Request Correction of Their Health Record Empowers to Control Some Uses and Disclosures of Their PHI Gives Right to File Complaints with and Office For Civil Rights Gives Right to Written Request of Notice of Information Practices From Providers and Health Plans Gives Right to Have Reasonable Requests for Confidential Information Communications Accommodated
  • [NARRATOR] HIPAA requirements apply to all covered entities including any healthcare providers who transmit information electronically, public and private health plans, clearinghouses, and our business associates. [TRAINER] is considered both a provider and a plan Healthcare Providers Who Transmit Health Information in Electronic Transactions Health Plans – Government and Private Healthcare Clearinghouses – A Private or Public Entity That Facilitates the Transfer of Health Information from a Non-Standard Format into a Standard Format or Receives A Standard Information and Processes It into a Non-Standard Format on Behalf of Covered Entity. An Example is Fiscal Intermediary (FI) Business Associates Relationships – Those Entities That Perform Business on Behalf of that use Protected Health Information May not apply to all Tribal entities
  • [NARRATOR] Protected Health Information, or PHI, includes any health information, past, present, or future, physical or mental health or condition of an individual, & any payment information for the provision of health care (includes demographic information) which either specifically identifies the individual it describes or could be used to identify the individual. [TRAINER] Health information is Any information, whether oral or recorded in any form or medium, that: (1) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearing house; and (2) relates to the past, present and future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual including demographic information. [ADD INFORMATION REGARDING HIGHLY SENSITIVE HEALTH INFORMATION] Highly Sensitive Health Information. Any patient health information relating to: Testing for the Human Immunodeficiency Virus (HIV) or other sexually transmitted diseases or treatment related to HIV or other sexually transmitted disease; Testing for cancer or other life-threatening illnesses; and The diagnosis, treatment, or referral for treatment of a mental illness and or alcohol or substance abuse.
  • [NARRATOR] Providing patients with quality healthcare includes protecting their confidential healthcare information. First because it is required by law, and because it helps patients trust their healthcare providers. [TRAINER] NOTE TO TRAINER: Add any additional information as you deem appropriate] Does not replace the Privacy Act; works in conjunction with it Required by Law Earns Patient Trust Privacy of Information Security of Information Sets Federal Minimum Standards & Safeguards to Protect PHI Preempts Weaker State Laws Does Not Supercede Any Federal Laws [TRAINER: Add any insight, stories or experience that is specific to your area of expertise, area, or facility.]
  • [NARRATOR] When trust is compromised, conditions may go undetected or untreated, health information may not be complete & accurate, people will be hesitant to ask for treatment, may pay for care out of pocket to avoid an insurance claim or move from one physician to another—all of which can compromise quality of care. [TRAINER] Detecting & Treating All Conditions Accurate & Complete Health Records Highest Quality Healthcare Reduces Health Care Cost Patients Do Not Move from One Facility/Provider to Another If a patient does not trust us They Do Not Seek Treatment They Give Incomplete or Inaccurate Information They Move from One Provider to Another They Ask the Provider Not To Write Down Their Actual Condition
  • [NARRATOR] To earn patient trust, know & use the forms policies & procedures so that you can show sensitivity & respect toward the protected health information of all Native American & Alaska Natives. [TRAINER] Incidental disclosures are particularly important including any personnel of the facility who may discuss patient conditions, or release PHI in the following situations: Grocery stores, car pools, van pools, family time; Discussion or answering questions in public areas of the medical facility such as hallways, waiting rooms, etc.; In churches (via asking for prayers and releasing specifics during that request); Using printed information that should be shredded or destroyed as a medium for taking notes; Leaving information laying around the mailroom that should be in envelopes; Jammed fax or copier machines left unattended; Leaving sensitive information unattended on desks; Viewing information on computer screens; Revealing more than minimum information necessary in ANY situation; Handing sign-in clipboards to patients that contain other patient information; and/or Discussing information on a phone located in public areas or areas where others may hear.
  • [NARRATOR] Penalties for non-compliance are displayed on screen. The Office For Civil Rights enforces civil penalties and the US Dept of Justice imposes penalties for violations that are criminal in nature. [TRAINER] Civil Monetary Penalties: $100 Per Violation Capped at $25,000 for each calendar year for each requirement of prohibition that is violated Enforced by Office for Civil Rights Criminal Penalties for Certain Violations: Greater penalties for knowing violations of rule Enforced by U.S. Department of Justice
  • [NARRATOR] No Narration
  • [NARRATOR] When reviewing the notice of privacy practices with patients, before we ask them to sign the acknowledgement, we are required to explain what a health record is, or make sure the patient already knows what a health record is, and how the record is used. [TRAINER] Staff explains to patient that each time they receive healthcare a record is made of the treatment. These records are known as the patient’s Health Record. The Notice they are being asked to sign is an acknowledgment that the patient understands that the health record is used to: Plan for their care and treatment Communication source between health care professionals Tool with which we can check results and continually work to improve the care we provide Means by which Medicare, Medicaid or private insurance payers can verify the services billed Tool for education of health care professionals Source of information for public health authorities charged with improving the health of all Native American and Alaska Native people Source of data for medical research, facility planning and marketing Legal document that describes the care received
  • [NARRATOR] It is also important that patients understand their own health record so that they can help ensure it’s accuracy, understand why their information might be reviewed, and so they can make informed decisions. [TRAINER] Patients must understand what is in their health record and how the information is used because the patient can help ensure the accuracy of the information, clearly understand why others may review their health information and make an informed decision when making decisions about when and why to allow others access to their health information.
  • [NARRATOR] Once the patient understands how their health records are used by others, and what disclosures and restrictions are, we must make sure they understand their rights. [TRAINER] We want to make sure we explain to all patients that they are guaranteed the right to: Inspect and receive a copy of their health record. Request a restriction on certain uses and disclosures of their health information. For example, you may ask that we not disclose their health information and or treatment to a family member. is not required to agree to the request; but if we do, we will comply with the request unless the information is needed to provide you with emergency services. Request a correction/amendment to their health record. If you believe the health information we have about you is incorrect or incomplete, we may amend their record or include their statement of disagreement. Request confidential communications about their health information. You may ask that we communicate with you at a location other than their home or by a different means of communications such as telephone or mail. Receive a listing of certain disclosures has made of their health information upon request. This information is maintained for six years or the life of the record, whichever is longer. Revoke their written authorization to use or disclose health information. This does not apply to health information already disclosed or used or in circumstances where we have taken action on their authorization or the authorization was obtained as a condition of obtaining insurance coverage and the insurer has a legal right to contest a claim under the policy or the policy itself. Obtain a paper copy of the Notice of Privacy Practices upon request. Obtain a paper copy of the Health and Medical Records; System Notice # 09-17-0001 upon request. Any person, whether patient or not, can obtain a copy of the notice of privacy practices. owns the records, but patients own the information in their own health records.
  • [NARRATOR] The next step is to explain to the patient ’s responsibilities with regard to their PHI. [TRAINER] The Indian Health Service is required by law to: Maintain the privacy of patients’ health information. Inform patients about ’s privacy practices regarding health information we collect and maintain. Notify the patient if we are unable to agree to a requested restriction. Accommodate reasonable requests from patients to communicate health information by alternative means or at alternative locations. Honor the terms of this notice or any subsequent revisions of this notice. reserves the right to change its privacy practices and to make the new provisions effective for all protected health information it maintains. will post any revised Notice of Privacy Practices at public places in this facility and on its web site at www..gov within 60 days. Patients may request a copy of the notice. Additionally, the revised notice must be mailed out to all active users within 60 days of a material revision. understands that health information is personal and is committed to protecting it. will not use or disclose a patient’s health information without permission, except as described in this notice and as permitted by the Privacy Act and the Health and Medical Records; System Notice 09-17-0001.
  • []NARRATOR] If the patient is incapacitated or the emergency situation prevents staff from going over the notice and obtaining a signature, follow the procedure as described on screen and get back to the patient as soon as their condition allows. [TRAINER] If the patient, due to emergency or incapacitation, cannot sign the form, this should be noted on the Acknowledgement form, signed and dated by the appropriate staff. The Notice is then provided to the patient as soon as they can resume making their own healthcare decisions. Again, do not agree verbally to any verbal requests regarding the patient’s health information or record. If another individual is acting as the patient’s representative in making healthcare decisions on behalf of the patient, provide that person with the Notice and the Acknowledgment form. Discuss emergency situations if deemed appropriate, based on audience need.
  • [NARRATOR] The notice must also be posted in a public place such as waiting areas and treatment rooms. [TRAINER] Suggests appropriate places to post the notice such as patient treatment rooms, lobby, waiting areas, etc. Notice may also been given to patients using video playing in waiting areas. is considered both a provider and a plan. If notice is revised, the revised notice must be posted and would also need to be distributed by mail to all active users within 60 days of a material revision.
  • [NARRATOR] Patients may submit a written request which may also be processed the same as form 810, if it contains a full description of information requested, and has an original signature and date. [TRAINER] A written request received by mail or in person must identify the individual and description of the information desired such as date of visit or diagnosis/condition. The request must contain the name and address of the requester, date of birth, signature for comparison purposes and date. If the written request is correct, it can be processed just the same as form 810.
  • [NARRATOR] Before a disclosure can be authorized, staff must note in the chart that they know the patient personally, or verify the requestor’s identification. [TRAINER] Verification of the ID of the individual requesting disclosure must be performed or comparison of the signature in the patient’s record. If request is made in person: If id of the patient is personally known to the responsible staff member, this is sufficient verification. Otherwise must have one piece of tangible identification (preferably picture ID): Driver’s license Military ID card Tribal Registration Card Employment id card/badge Passport Alien registration card
  • [NARRATOR] If the patient is requesting his or her own PHI, the name on the id presented must match name of patient. If it doesn’t, follow the procedure as described on-screen. [TRAINER] If the patient’s name has been legally changed, the patient must present evidence documenting the change, as well as verify particulars that can be confirmed by info already in record, such as last received medical treatment, parent’s names, or place of birth, etc.
  • [NARRATOR] Sometimes requests for PHI come from third parties. The following screens describe proper verification of identity procedures associated with third-party requests. [TRAINER] If a request is made by a law enforcement official, the official must verify his or her identity by producing a badge, official identification, or some other identification that shows that the law enforcement official has the authority to accept the PHI on behalf of the law enforcement agency. The law enforcement official must also produce the law enforcement request or court order requesting the release of PHI if it is not already on file.
  • [NARRATOR] No narration on this screen. [TRAINER] If a patient authorizes in writing PHI to be disclosed to an attorney, and the attorney comes to the facility in person to pick up the records, the attorney must present valid photo identification and authority (e.g., business card) that is consistent with the patient authorization regarding to whom the PHI may be disclosed. If a representative of the attorney comes in the attorney’s place, the representative must submit proof that the representative has authority to act on behalf of the attorney (e.g., agreement between a records company and an attorney). This provision also applies to patient authorizations to disclose PHI to an insurance company representative.
  • [NARRATOR] No narration on this screen. [TRAINER] If a patient authorizes in writing PHI to be disclosed to another individual (e.g., family member or friend), the individual must verify his or her identity with photo identification that matches the patient authorization to whom the PHI may be disclosed.
  • [NARRATOR] If the request comes from a parent, guardian, or the patient’s personal representative, staff must verify the identity of the requestor as well as the relationship of the requestor to the person who’s PHI is being requested. [TRAINER] An individual who makes a request for PHI on behalf of a minor, a person who is legally incompetent, or another individual shall verify that he has authority to act by providing a copy of a birth certificate, a court order, or other competent evidence of the relationship or authority, e.g. health care power of attorney, in addition to verifying his own identity with photo identification (unless personally known to the employee), unless the responsible staff person can establish that evidence of the relationship or authority has previously been provided.
  • [NARRATOR] Emergency situations sometimes require other healthcare providers to phone in a request for PHI. The on-screen bullets describe the correct procedure for verifying identity, documenting required information, and fulfilling a telephone request made for emergency treatment purposes. [TRAINER] Telephone Request Made for Emergency Treatment Purposes a. Take the provider’s name, facility name, location, and the telephone number of the requesting entity, and verify the identity of the requesting individual by telephoning the number provided. b. Document the call and the individual who received the call on the provider’s behalf; this serves as identification verification. c. Document the information being sought or requested. d. Document the reason for the request. e. Provide only the PHI that the requesting entity indicates is necessary to be provided by telephone at that time. Provide the rest of the requested PHI by the same means as it would be provided to the requesting entity in a non-emergency circumstance. Note: Do not withhold if the entire record is required for medical treatment purposes.
  • [NARRATOR] When Receiving Request for PHI via a subpoena or Court Order refer the request to the Area Health Records Consultant or Regional Attorney. [TRAINER] Process under Policy and Procedure for responding to requests for PHI by subpoena/court order and referral to the Area Health Record Consultant. Provide name & contact info of Area Health Records Consultant and Regional Attorney to trainees.
  • [NARRATOR] All disclosures must contain the statement that appears on-screen. [TRAINER] Information disclosed may be subject to re-disclosure by the recipient & no longer protected. The information disclosed must be accompanied by the following statement: ""This information has been disclosed to you from records whose confidentiality is protected by federal law. Federal regulations (45 CFR Part 2) prohibit you from making any further disclosure of it without the specific written consent of the person to whom it pertains, or as otherwise permitted by such regulations. A general authorization for the release of medical or other information is NOT sufficient for this purpose."
  • [NARRATOR] The statement that appears on-screen must be labeled or stamped onto disclosures about alcohol or substance abuse when disclosed from designated centers. [TRAINER] This statement applies only to designated alcohol/substance abuse facilities. Information disclosed by a designated alcohol/substance abuse facility must be accompanied by the following statement: This information has been disclosed to you from records protected by federal confidentiality regulations (42 CFR Part 2). The federal regulations prohibit you from making any further disclosure of it without the specific written consent of the person to whom it pertains, or as otherwise permitted by 42 CFR Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The federal rules restrict any use of the information to criminally investigate or prosecute any alcohol or drug abuse patient. A copy of the signed authorization, -810, must be provided to the individual and the original signed authorization or valid written request must be filed in the patient’s record.
  • [NARRATOR] Psychotherapy notes include information recorded in any medium by a mental health professional documenting or analyzing the contents of conversations held during counseling sessions. They are the property of the mental health professional and are kept separate from the rest of the patient’s medical record. [TRAINER] This does not apply to progress notes, which are recorded on the PCC Encounter form. PURPOSE : To establish the policy and procedure on the maintenance, use and disclosure of psychotherapy notes. POLICY : All psychotherapy notes recorded on any medium (paper, electronic), by a mental health professional such as a psychologists or psychiatrist must be kept by the author and filed separately from the rest of the patient’s medical record to maintain a higher standard of protection. Definition: Psychotherapy notes means process notes (not progress notes) recorded in any medium by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session for his or her use only, and are separated from the rest of the patient’s medical record.
  • [NARRATOR] To further clarify, psychotherapy notes do not include information listed onscreen because it is included in the medical record. [TRAINER] Information other than psychotherapy notes that is included in the patient record includes Medication prescription and monitoring; Counseling session start and stop times; The modalities & frequencies of treatment furnished; Results of clinical tests; and Any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, & progress to date.
  • [NARRATOR] The mental health professional who wrote and owns the psychotherapy notes does not need authorization to use & disclose those notes. Neither is an authorization required for use in supervised mental health training programs or by in legal actions that are initiated by the patient to whom the notes pertain. [TRAINER] An authorization is not needed to use and disclose psychotherapy notes for: use by the originator of the notes for treatment; use or disclosure for mental health training programs under supervision within the facility; use or disclosure by in a legal action or other proceedings brought by the patient, in consultation with Office of the General Counsel. [cont. on Next Screen]
  • [NARRATOR] An authorization is also not required for uses as described on-screen. [TRAINER] An authorization is not needed to use and disclose psychotherapy notes for: cont. from previous screen use or disclosure that is required by law, authorized disclosure to a health oversight authority with respect to the oversight of the originator of the psychotherapy notes, or use to report a serious and imminent threat to the health and safety of the patient or a third party disclosure required by the Secretary, DHHS to investigate facility compliance with the HIPAA Privacy Rule. certain disclosures to coroners or medical examiners about deceased patients to determine identity, cause of death, or to perform duties as authorized by law.
  • [NARRATOR] State laws vary significantly. Make sure you know whether state law prohibits or permits disclosure to parents, guardians, or anyone acting in the parental role. [TRAINER] If the applicable law prohibits disclosure of a minor’s PHI to the parent or guardian of the minor, shall not disclose the minor’s PHI to the parent, guardian or in loco parentis . If the applicable law permits or requires disclosure of a minor’s PHI to the parent or guardian of the minor, or there is no state law, may disclose the minor’s PHI to the parent or guardian, following the above procedures, unless: The parent or guardian or individuals acting in loco parentis lacks authority to act on behalf of the minor (for example, where parental rights have been terminated); A physician or health professional determines in writing that disclosure of the PHI to the parent, guardian or in loco parentis would constitute an unwarranted invasion of the minor’s privacy, there is a reasonable belief that such disclosure might endanger or cause harm to the minor, or such disclosure would otherwise not be in the best interest of the minor; [Cont. on Next Slide]
  • [NARRATOR] State laws vary significantly. Make sure you know whether state law prohibits or permits disclosure to parents, guardians, or anyone acting in the parental role. [TRAINER] [Cont’d from Previous Slide] The minor has consented to a health care service for which parental consent is not required under the law of the State in which the facility is located, and the minor has not requested that the parent, guardian or in loco parentis be treated as his personal representative; The parent or guardian agrees to an agreement of confidentiality between and the minor. Such an agreement should be documented in the minor’s health record; or The Privacy Act otherwise prohibits the disclosure.
  • [NARRATOR] Patients have the right to request corrections or amendments to their PHI. If a patient believes his or her information is inaccurate or incomplete, they may fill out and submit form -917. The procedure for processing the request is described on screen. [TRAINER] A patient who believes his/her health information is inaccurate or incomplete may submit a request to the Service Unit Director/Chief Executive Officer (SUD/CEO) or designee for amendment of the record in question. The patient must complete Form 917, Request for Amendment of Protected Health Information. All requests must be in writing unless the patient makes a request in person and the SUD/CEO or designee amends the record at that time. The SUD/CEO or designee receiving the request will date stamp Form 917. The patient must receive a date stamped copy of the completed Form 917 as an acknowledgement of the receipt of the request within 10 working days. If a decision on the request for amendment can be made within 10 working days of ’ receipt of the request, then will simultaneously notify the patient of the receipt and its decision within that 10-day period.
  • [NARRATOR] If the patient requests that change information that was created by another facility or provider, will make every effort to forward the request to the appropriate entity. Otherwise, patients will be notified of approval or denial within 60 days after receipt of request, unless extends time period for 30 days as allowed by law. If extends the time period, the patient will be notified of the reasons, and the date request will be acted upon. [TRAINER] If the patient requests amendment of records that are governed by the regulations of another government agency, will forward the request to that agency, and patient will be notified of that referral. The patient will be notified of the acceptance or denial of the request within 60 days after receipt of the request, unless extends the time period for no more than 30 days as allowed by law. If extends the time period, the patient will be notified of the reasons for the extension and the date by which will act on the request. The SUD/CEO or designee in consultation with the appropriate staff member will review the request for amendment and will inform the patient within sixty (60) days, for approval or denial. may extend the time frame one time only for no more than 30 days if it informs the patient of the reasons for the delay and the date by which will act on the request. The Form 917 will be filed at the site of the contested entry in the health record and maintained for the life of the health record.
  • [NARRATOR] If the request is approved, follow the directions as listed on screen to make the correction or add the amendment. You may not erase information that exists in the record in order to make a correction. [TRAINER] Correction of medical record data shall be accomplished as follows: No erasure or other obliteration shall be made. Incorrect data shall be lined out with a single line. The date of amendment, the signature of the person making the amendment, the amended information, and the reason for the amendment shall be added. Providers may correct their own information. This applies to patient-requested corrections or amendments.
  • [NARRATOR] If the correction or amendment needs to be sent to someone else or another organization who may have received the information in the past, or who may rely on that information in the future, obtain the patient’s agreement and provide the information using the procedure described on-screen. [TRAINER] Subject to the individual’s agreement, the amended information will be provided: (a) to persons/organizations that knows received the information in the past and who may have relied or may foreseeably rely on such information to the detriment of the patient; and (b) to those persons/organizations identified by the patient as having received the health information and needing the amendment. When such information is sent, it should be accompanied by a statement, “This is an amendment to the information that was previously sent on _______date___________. ” Disclosure of the amended health information will be documented manually or electronically in the Accounting Disclosure Record. The patient will be notified in writing that the request for amendment of the health information has been approved.
  • [NARRATOR] In this section we will review form -913, the Request for Accounting of Disclosures. You will learn how to help patient obtain & fill out the form, & become familiar with all of the policies & procedures associated with accounting of disclosures including those that do not require an accounting, as well as temporary suspensions of accountings of disclosure.
  • [NARRATOR] A patient has the right to request & receive (with certain exceptions) an accounting of both written and oral disclosures of their PHI, that has released for a period of six years prior to the date on which the accounting is requested, or for the life of the record, whichever is longer. The accounting shall include disclosures made to or by business associates, and will require business associates to report back to any disclosures they have made. [Trainer] Disclosures of PHI that are subject to an accounting should be recorded in the “Disclosure Accounting Record, Form 505” or electronically utilizing the Release of Information (ROI) software package of the RPMS. Accountings of oral disclosures of PHI should also include the name, signature and title of staff who made the oral disclosure. Patient can determine the length of time they would like an accounting for. Per the Privacy Act, records must be supplied, even if they need to be pulled out of storage.
  • [NARRATOR] Accountings of disclosure must be in writing, include disclosures to and by business associates, and must include the information as displayed on-screen. [TRAINER] Each accounting (which will be given to the patient upon request) must be in writing, must include disclosures to & by business associates, & must include for each disclosure: Date of disclosure; Name & address of the person or organization who received the PHI; Brief description of the PHI disclosed, e.g., immunization record, labs, x-ray; and Brief statement of the purpose of the disclosure (or include a copy of the written request for disclosure, if appropriate).
  • [NARRATOR] Some disclosures do not have to be accounted for, including disclosures to DHHS officials who require the information, those disclosures to the Secretary of DHHS as required by investigations or to ensure compliance, disclosures to the patient and those the patient has authorized, as well as disclosures under the freedom of information act. [TRAINER] The following disclosures do not require accounting: Disclosures to officers and employees of the Department of Health and Human Services who have a need for the information for purpose of treatment, payment or operations, including disclosures to the Secretary that are required in order to investigate or determine compliance with privacy requirements; Disclosures to the patient; Disclosures pursuant to the patient’s written authorization; and Disclosures required under the Freedom of Information Act (FOIA). Note: Despite the numerous exceptions in the HIPAA Privacy Rule, the Privacy Act requires an accounting of many of the disclosures HIPAA- and the PA gives no provision that these accountings are exempt from a patient’s request for an accounting.
  • [NARRATOR] Individuals have the right, under certain circumstances, to access, inspect and obtain copies of their own PHI. In this section we will review those rights, along with the requirements patients must meet in order to obtain their PHI, how to respond to those requests, and the procedures to follow when access to the information is granted or not granted. [TRAINER] PURPOSE : To establish policy and procedure on rights of patients to access, inspect and obtain a copy of their protected health information (PHI). POLICY : The Health Insurance Portability and Accountability Act (HIPAA) provides individuals the right, under certain circumstances, to access, inspect and obtain copies of PHI about them that is maintained in a designated record set. The Privacy Act of 1974, 5 U.S.C. § 552a, and the implementing regulations at 45 CFR Part 5b, also provide patients the right to access, inspect, and obtain copies of records about them that is maintained in a system of records. The policy of is to provide patients their maximum rights under these statutes. With respect to access by or on behalf of minors, please refer to the Policy and Procedure on Protected Health Information of Un-emancipated Minors.
  • [NARRATOR] The patient must submit a written request to SUD/CEO or designee of the facility specifying the records he or she wants to access, then designate a representative to review the record and inform him or her of the contents. If another person is with the patient, obtain the patient’s authorization for that person’s presence before discussing the information. is allowed to charge reasonable fees for copies. [TRAINER] Officer (SUD/CEO) or designee of the facility that maintains the PHI, specifying the records the patient would like notification of or access to. At the time of the request, the patient must designate a representative in writing who would be willing to review the record and inform the patient of its contents. The representative may be a physician or other responsible individual. If the patient requests access to a record pertaining to him or her, and is accompanied by another individual, the patient must affirmatively authorize the presence of the other individual during any discussion of a record to which access is requested. In addition to requesting notification and access to records, the patient may also request copies be made of such records in accordance with the fee schedule set forth at 45 CFR 5b.13.
  • [NARRATOR] If the records are on-site, the SUD/CEO has 30 days to act on the request. If the records are not onsite the SUD/CEO has 60 days to respond, and in either case, one 30-day extension may be granted. If an extension is require, the patient must be notified of the extension and given the date at which they can expect a response. This information must also be documented in the health record. [TRAINER] The SUD/CEO or designee must act on the request within 30 days of its receipt if the information is maintained or accessible on-site and within 60 days if it is not. A one-time 30-day extension may be granted by the SUD/CEO or designee in writing, provided that within the respective 30-day or 60-day time frame, the SUD/CEO or designee provides the patient with a written statement of the reason(s) for the delay and the date by which will complete its action on the request. shall also provide access to information in a designated record set of its Contractor(s) (Business Associate(s)) unless the information is the same as information maintained by . All requests, designations, and correspondence relating to the patient’s request for access should be maintained in the patient’s health record.
  • [NARRATOR] When access is granted in whole or in part, follow the procedure as described on-screen. [TRAINER] Access Granted in Whole or in Part If direct access is granted, in whole or in part, the SUD/CEO or designee shall inform the patient in writing that s/he may inspect and/or obtain a copy of his or her PHI. is only required to produce the PHI once per request even if the record is maintained in more than one location or in more than one designated set of records. must provide the information in the requested form or format if it is readily producible in that form or format. If it is not, must produce a readable hard copy in another form or format upon which both the patient and have agreed. Subject to the patient’s agreement in advance, a summary or an explanation of the PHI may be provided in lieu of the underlying information, but the patient retains the right of access to both summaries and underlying information. [Cont. on Next Slide]
  • [NARRATOR] No Narration [TRAINER] [Cont. From Previous Slide] Access Granted in Whole or in Part Access must be provided at a mutually convenient time and place for inspection or copying. If requested, must mail the PHI, but may charge a cost-based fee for copying, in addition to postage. (See the fee schedule at 45 CFR 5b.13.) When a copy is provided, the date on which the copy is delivered should be entered in the patient chart. The Policy and Procedures for Verification of Identity Prior to Disclosure of Protected Health Information must be followed. TRAINER NOTE: Provide Trainees with information on how to find out if there are copying fees, and/or how much they are if there are fees.
  • [NARRATOR] If you are concerned that access to information will have an adverse effect on the patient, utilize the procedure allowing you to designate a representative to review the information first and inform the patient that you have done so. Then follow the direction of the personal representative. [TRAINER] may initially deny direct access to the patient and utilize the patient’s designated representative to review the records if determines that, or cannot determine whether, providing the patient with direct access is likely to have an adverse effect on the patient. In such cases, the health record will be sent to the patient’s designated representative and the patient will be notified in writing that the record has been sent to the designated representative. If has sent the record to the patient’s designated representative, the representative should then provide the record to the patient, after considering whether there would be any adverse effects on the patient. The patient will be allowed access to his/her record consistent with a determination by the patient’s designated representative of the manner of disclosure, if any, that would limit any likely adverse effect on the patient. Clinician is the only person who can determine if there is an adverse effect on the patient. The Health Information Management staff cannot make the determination.
  • [NARRATION] Taking extra care to protect PHI is especially important when using a fax machine to transmit information. The fax machine should not be located in a public area, should be monitored by the appropriate person, and only be accessible to authorized staff. Fax cover sheets must include the information appearing on your screen. [TRAINER] P&P for fax machine usage is extensive. Consider printing a copy of it and going over additional details not included on the training screens if you deem appropriate for your audience. The FAX machine shall be physically located so that: It is not in a public area; Its use can be monitored by the person(s) designated by the facility to conduct such monitoring; Only authorized staff can have direct access to the FAX machine. Medical Records FAX Cover Page: Before transmitting any patient medical records, the sender must fill out a Medical Record FAX cover page containing, at a minimum, the following information: Facility's Identification; Date of transmission; Number of pages being transmitted (including cover page); Authorized receiver's name; Authorized receiver's telephone number; Authorized receiver's FAX number; Sender's name; Provider's name (if applicable); Sender's telephone number; Sender's FAX number; and Remarks or Special Instructions (if appropriate). The following is an example of an acceptable confidentiality statement: THIS FAX IS INTENDED ONLY FOR THE USE OF THE PERSON OR OFFICE TO WHOM IT IS ADDRESSED, AND CONTAINS PRIVILEGED OR CONFIDENTIAL INFORMATION PROTECTED BY LAW. ALL RECIPIENTS ARE HEREBY NOTIFIED THAT INADVERTENT OR UNAUTHORIZED RECEIPT DOES NOT WAIVE SUCH PRIVILEGE, AND THAT UNAUTHORIZED DISSEMINATION, DISTRIBUTION, OR COPYING OF THIS COMMUNICATION IS PROHIBITED. IF YOU HAVE RECEIVED THIS FAX IN ERROR, PLEASE DESTROY THE ATTACHED DOCUMENT(S) AND NOTIFY THE SENDER OF THE ERROR BY CALLING (enter applicable service unit or area office phone number and extension). [TRAINER NOTE] Consider adding this confidentiality statement to outgoing eMails.
  • [NARRATOR] Prior to sending a fax, follow the procedure displayed on-screen to ensure that confidential information is not faxed to the wrong number, received by the wrong person, or, if is sent in error, that it is destroyed. Place a copy of the cover sheet and the confirmation of fax in the patient record. [TRAINER] Sending Information Whenever the facility's authorized FAX user(s) intends to send a FAX, he/she shall comply with the following: Telephone the receiving facility to inform them that patient medical records are being FAXed, confirm the FAX number, and determine whether the FAX machine is located in a secured area. If the FAX machine is not in a secured area, request the authorized individual at the receiving facility to stand by the receiving facility's FAX machine. Reconfirm the destination FAX number prior to transmission by checking the telephone number displayed on the FAX machine screen before transmitting the FAX. [Cont. on Next Screen]
  • [NARRATOR]No Narration [TRAINER] (cont. from previous slide) Confirm the success of the transmission by calling the intended recipient or by checking the FAC Report. In the event that the FAX is erroneously transmitted to the wrong FAX number and the sender is aware that this error has occurred, he/she should immediately contact the erroneous recipient and request that the FAX be destroyed. A copy of the FAX cover page, or equivalent documentation, shall be placed in the patient's medical record. The FAX cover page, or equivalent documentation, shall include confirmation of receipt of FAX.
  • [NARRATOR] It is just as important to follow procedure for receiving information via fax. Remove faxed information from the machine as soon as possible, confirm that the page count is correct and if anything is missing, call the sender and request the information be re-transmitted. Follow any instructions on the fax cover sheet, and execute additional procedures as described on-screen. [TRAINER] Receiving Information Whenever the facility's authorized FAX user(s) receives an incoming medical record FAX, he/she shall comply with the following: Remove the FAXed medical information from the FAX machine as soon as possible, once he/she is aware that the FAX has been received. Count the number of pages received to verify the number of pages against the FAX cover page. If page(s) are missing, the sender must be contacted and requested to retransmit the document. Read the FAX cover page and follow any instructions. If the facility maintains an ARJ, document receipt of the FAXed document on the ARJ. If the FAXed medical information is printed on thermal paper, the thermal paper must be photocopied. Upon photocopying the information, the thermal copy must be shredded.
  • [NARRATOR] No Narration [TRAINER] Receiving Information Whenever the facility's authorized FAX user(s) receives an incoming medical record FAX, he/she shall comply with the following: (cont.) Notify the intended recipient that a FAX was received. Unless the FAXed medical information will at all times remain in a secured area, the FAXed medical information must be hand delivered or placed in a sealed envelope and delivered to the intended recipient as soon as possible. If a FAX has been erroneously transmitted to an facility, the authorized FAX machine user who received the FAX shall inform the sender of the error. The fax must then be destroyed and these actions would be notated in the ARJ, if applicable.
  • Hipaa 2 hours

    1. 1. <ul><li>Presented by: </li></ul><ul><ul><li>Dr. Dawn-Elise Snipes, Ph.D., LMHC, CRC, NCC </li></ul></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    2. 2. <ul><li>Passed by Congress in 1996 </li></ul><ul><li>Portability – Transfer of Health Insurance Coverage </li></ul><ul><li>Accountability – Prevent Healthcare Fraud and Abuse </li></ul><ul><li>Administrative Simplification – Decrease Costs and Administrative Burdens </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    3. 3. <ul><li>Increased Risks for Invasion of Privacy </li></ul><ul><li>Public and Congressional Concern about Healthcare Privacy </li></ul><ul><li>Support for Provider-Patient Relationship </li></ul><ul><li>National Standards to Protect PHI </li></ul><ul><li>National Boundaries on Use and Release of Health Records </li></ul><ul><li>Appropriate Safeguards for Protection of PHI </li></ul><ul><li>Disclosure for Public Health Purpose </li></ul><ul><li>Civil and Criminal Penalties </li></ul>Overview Unlimited CEUs at AllCEUs.com for $74.99 per year
    4. 4. <ul><li>Individuals Have the Rights to </li></ul><ul><li>An Accounting of Disclosures </li></ul><ul><li>Release of Minimum Necessary </li></ul><ul><li>A Copy of Health Record </li></ul><ul><li>Request Corrections </li></ul><ul><li>Control Some Uses and Disclosures of PHI </li></ul><ul><li>File Complaints with and Office for Civil Rights </li></ul><ul><li>Submit Written Requests for Notice of Information </li></ul><ul><li>Have Reasonable Requests for Confidential Communication of PHI Accommodated </li></ul>Overview HIPAA Privacy Rule Unlimited CEUs at AllCEUs.com for $74.99 per year
    5. 5. <ul><li>Healthcare Providers </li></ul><ul><li>Government & Private Health Plans </li></ul><ul><li>Healthcare Clearinghouses </li></ul><ul><li>Business Associates </li></ul>Overview Unlimited CEUs at AllCEUs.com for $74.99 per year
    6. 6. <ul><li>Health Information is Oral or Recorded Information that </li></ul><ul><li>Is Created/Received by a Healthcare Provider, Health Plan, Public Health Authority, Employer, Life Insurer, School or University or Healthcare Clearinghouse </li></ul><ul><li>Relates to the Past, Present and/or Future Physical or Mental Health or Other Health Condition </li></ul><ul><li>Concerns the Provision of Healthcare </li></ul><ul><li>Relates to Past, Present or Future Payment </li></ul><ul><li>PHI is Defined as Health Information that is </li></ul><ul><li>Individually identifiable </li></ul><ul><li>Transmitted or Maintained in any Form or Medium </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    7. 7. <ul><li>Required by Law </li></ul><ul><li>Earns Patient Trust </li></ul><ul><li>Privacy & Security of Information </li></ul><ul><li>Sets Federal Minimum Standards & Safeguards to Protect PHI </li></ul><ul><li>Preempts Weaker State Laws </li></ul><ul><li>Does Not Supercede Federal Laws or Privacy Act </li></ul>Overview Unlimited CEUs at AllCEUs.com for $74.99 per year
    8. 8. <ul><li>Detection & Treatment of All Conditions </li></ul><ul><li>Accurate & Complete Health Records </li></ul><ul><li>Highest Quality Healthcare </li></ul><ul><li>Reduces Healthcare Cost </li></ul><ul><li>Patients Do Not Move from One Facility/Provider to Another </li></ul><ul><li>If Patients Do Not Trust Us They </li></ul><ul><li>Do Not Seek Treatment </li></ul><ul><li>Give Incomplete or Inaccurate Information </li></ul><ul><li>Move from One Provider to Another </li></ul><ul><li>Ask the Provider Not to Record Their Actual Condition </li></ul>Overview Unlimited CEUs at AllCEUs.com for $74.99 per year
    9. 9. <ul><li>Know Forms Policies & Procedures </li></ul><ul><li>Respect Patient’s Right to Privacy </li></ul><ul><li>Treat All Records as if They Are Your Own </li></ul><ul><li>Be Sensitive to Privacy in All Situations </li></ul>Overview Unlimited CEUs at AllCEUs.com for $74.99 per year
    10. 10. <ul><li>Civil Monetary Penalties: </li></ul><ul><li>$100 Per Violation </li></ul><ul><li>Capped at $25,000 Per Calendar Year Per Violation </li></ul><ul><li>Enforced by Office for Civil Rights </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    11. 11. <ul><li>Up to $50,000 Fine & 1 Year Imprisonment for Knowingly Obtaining or Disclosing Individually Identifiable Health Information </li></ul><ul><li>Up to $100,000 & 5 Years Imprisonment if Done Under False Pretenses </li></ul><ul><li>Up to $250,000 & 10 Years Imprisonment if Done With Intent to Sell, Transfer, or Use for Commercial Advantage, Personal Gain or Malicious Harm </li></ul><ul><li>Enforced by U.S. Department of Justice (DoJ) </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    12. 12. <ul><li>Explain That Health Records Are Used to </li></ul><ul><li>Plan for Care & Treatment </li></ul><ul><li>Communicate Among Healthcare Professions </li></ul><ul><li>Check Results & Improve Care </li></ul><ul><li>Verify Services Billed </li></ul><ul><li>Educate Healthcare Professionals </li></ul><ul><li>Improve Health of All People </li></ul><ul><li>Support Medical Research </li></ul><ul><li>Conduct Facility Planning & Marketing </li></ul><ul><li>Maintain Legal Healthcare Records </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    13. 13. <ul><li>Explain That Patient Must Understand His/Her Own Health Record in Order to </li></ul><ul><li>Ensure Accuracy </li></ul><ul><li>Understand Why Others May Review His/Her PHI </li></ul><ul><li>Make Informed Decisions Regarding Disclosures </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    14. 14. <ul><li>Explain Patient’s Right to </li></ul><ul><li>Receive & Inspect Health Records </li></ul><ul><li>Request Restrictions </li></ul><ul><li>Request Corrections and/or Amendments </li></ul><ul><li>Request Confidential Communications </li></ul><ul><li>Receive a List of Certain Disclosures </li></ul><ul><li>Revoke Written Authorization to Disclose or Use Health Information </li></ul><ul><li>Receive a Paper Copy of the Notice of Privacy Practices </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    15. 15. <ul><li>Explain to Patient ’s Responsibilities to </li></ul><ul><li>Maintain Privacy of Information </li></ul><ul><li>Inform Individuals about Privacy Practices </li></ul><ul><li>Notify Patients if Requests for Restriction are Denied </li></ul><ul><li>Accommodate Reasonable Requests for Alternative Communications </li></ul><ul><li>Honor All Terms of Notice of Privacy Practices </li></ul>Privacy Notice Unlimited CEUs at AllCEUs.com for $74.99 per year
    16. 16. <ul><li>If Emergency or Incapacitation </li></ul><ul><li>Note Situation on Acknowledgment Form, Sign, Date </li></ul><ul><li>& Place in Record </li></ul><ul><li>Provide Form to Patient as Soon as They Are Capable </li></ul><ul><li>of Signing </li></ul><ul><li>Do Not Agree to Anything Verbally </li></ul>Privacy Notice Unlimited CEUs at AllCEUs.com for $74.99 per year
    17. 17. <ul><li>Notice Must be Posted </li></ul><ul><li>In a Public Place </li></ul><ul><li>Inside or Outside Facility </li></ul><ul><li>On Website </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    18. 18. <ul><li>Written Requests Must Contain </li></ul><ul><li>Requestor’s Name & Address </li></ul><ul><li>Date of Request </li></ul><ul><li>Date of Birth </li></ul><ul><li>Description of Requested Information </li></ul><ul><li>Original Signature </li></ul><ul><li>If Correct Fulfill Request </li></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    19. 19. <ul><li>Responsible Staff Knows Patient Personally </li></ul><ul><li>If Not Known Personally, Require One Piece of Tangible Identification </li></ul><ul><ul><li>Driver’s License </li></ul></ul><ul><ul><li>Military ID Card </li></ul></ul><ul><ul><li>Tribal Registration Card </li></ul></ul><ul><ul><li>Employment ID Card/Badge </li></ul></ul><ul><ul><li>Passport </li></ul></ul><ul><ul><li>Alien Registration Card </li></ul></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    20. 20. <ul><li>Patient Requesting Own PHI Must Have Matching ID </li></ul><ul><li>ID With Name Change Requires Supporting Evidence </li></ul><ul><li>Additional Verification (i.e.Last Visit Made, Parents’ Names, or Place of Birth </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    21. 21. <ul><li>Law Enforcement Official Must Show </li></ul><ul><li>Official Identification </li></ul><ul><li>Law Enforcement Request or Court Order Requesting the Release of PHI </li></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    22. 22. <ul><li>Attorney, Attorney’s Assistant or Insurance Company Representative Must </li></ul><ul><li>Show Valid Photo ID & Authority (i.e. Business Card) </li></ul><ul><li>Show Proof of Authority to Act </li></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    23. 23. <ul><li>Other Individuals Must Present </li></ul><ul><li>Photo ID Matching Individual Named in Patient Authorization </li></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    24. 24. <ul><li>PHI to Parent, Guardian or Personal Representative </li></ul><ul><li>Verify Identity of Requestor </li></ul><ul><li>Verify Relationship </li></ul><ul><ul><li>Copy of a Birth Certificate </li></ul></ul><ul><ul><li>Court Order </li></ul></ul><ul><ul><li>Previously Provided Evidence in Medical Record </li></ul></ul><ul><ul><li>Other Evidence of Relationship </li></ul></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    25. 25. <ul><li>When Receiving Request for PHI in Emergency </li></ul><ul><li>Obtain Requesting Provider’s Name, Facility Name, Location & Telephone Number </li></ul><ul><li>Verify Requestor Identity by Telephoning the Number Provided </li></ul><ul><li>Document Call & Identity of Individual Who Received the Call </li></ul><ul><li>Document the Information Being Sought or Requested </li></ul><ul><li>Document the Reason for the Request </li></ul><ul><li>Provide Minimum Necessary PHI </li></ul><ul><li>Provide Additional Information Requested as in Non-Emergency </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    26. 26. When Receiving Request for PHI via Court Order Refer to Area Health Records Consultant or Regional Attorney Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    27. 27. &quot;This information has been disclosed to you from records whose confidentiality is protected by federal law. Federal regulations (45 CFR Part 2) prohibit you from making any further disclosure of it without the specific written consent of the person to whom it pertains, or as otherwise permitted by such regulations. A general authorization for the release of medical or other information is NOT sufficient for this purpose.“ Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    28. 28. “ This information has been disclosed to you from records protected by federal confidentiality regulations (42 CFR Part 2). The federal regulations prohibit you from making any further disclosure of it without the specific written consent of the person to whom it pertains, or as otherwise permitted by 42 CFR Part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The federal rules restrict any use of the information to criminally investigate or prosecute any alcohol or drug abuse patient.” Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    29. 29. <ul><li>Notes Recorded by a Mental Health Professional that </li></ul><ul><li>Document or Provide Analysis of Conversation in Private, Group, Joint or Family Counseling Session </li></ul><ul><li>Are Maintained Separate From the Medical Record </li></ul><ul><li>Owned by the Mental Health Professional Who Recorded Them </li></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    30. 30. <ul><li>Psychotherapy Notes Do Not Include </li></ul><ul><li>Medication Prescription & Monitoring </li></ul><ul><li>Counseling Session Start & Stop Times </li></ul><ul><li>Modalities & Frequencies of Treatment Furnished </li></ul><ul><li>Results of Clinical Tests </li></ul><ul><li>Summary of </li></ul><ul><ul><li>Diagnosis </li></ul></ul><ul><ul><li>Functional Status </li></ul></ul><ul><ul><li>Treatment Plans </li></ul></ul><ul><ul><li>Symptoms </li></ul></ul><ul><ul><li>Prognosis </li></ul></ul><ul><ul><li>Progress to Date </li></ul></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    31. 31. <ul><li>Use by the Originator of the Notes for Treatment </li></ul><ul><li>Use or Disclosure for Supervised Mental Health Training Programs </li></ul><ul><li>Use or Disclosure by in Legal Action or Proceedings Initiated by the Individual </li></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    32. 32. <ul><li>Use or Disclosure That Is Required by Law </li></ul><ul><li>Authorized Disclosure to a Health Oversight Authority With Respect to the Oversight of the Originator of the Psychotherapy Notes and Used to Report a Serious and Imminent Threat to the Health and Safety of the Patient or a Third Party </li></ul><ul><li>Disclosure Required by the Secretary of DHHS to Investigate Facility Compliance With HIPAA </li></ul><ul><li>Certain Disclosures about Deceased Patients to Coroners or Medical Examiners </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    33. 33. <ul><li>Where Law Prohibits, Shall Not Disclose the Minor’s PHI to </li></ul><ul><li>the Parent, Guardian or in Loco Parentis </li></ul><ul><li>Where State Law Permits, May Disclose the Minor’s PHI to </li></ul><ul><li>the Parent, Guardian or in Loco Parentis Unless </li></ul><ul><ul><li>Parental Rights Have Been Terminated </li></ul></ul><ul><ul><li>Disclosure Might Endanger Minor </li></ul></ul><ul><ul><li>Disclosure is Not In Best Interest of Minor </li></ul></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    34. 34. <ul><li>Where State Law Permits, May Disclose the Minor’s PHI to the Parent or Guardian Unless (cont.) </li></ul><ul><ul><li>Minor Has Consented to Service Where Parental Consent is Not Required Under State Law </li></ul></ul><ul><ul><li>Minor Has Requested Parent/Guardian Not Be Treated as Personal Representative </li></ul></ul><ul><ul><li>Parent/Guardian Agrees to Agreement of Confidentiality between and Minor </li></ul></ul><ul><li>The Health Information Management Director or Designee Shall Determine Whether or Not to Release a Minor’s PHI to the Minor’s Parent or Guardian </li></ul>Disclosures Unlimited CEUs at AllCEUs.com for $74.99 per year
    35. 35. <ul><ul><li>All Requests Must Be Made in Writing </li></ul></ul><ul><ul><li>SUD/CEO Will Date Stamp the Form </li></ul></ul><ul><ul><li>Patient Receives Copy of Date Stamped Form within 10 Business Days </li></ul></ul><ul><ul><li>If Decision Can Be Made Within 10 Business Days, Patient Will Be Notified at the Same Time He/She Receives Copy </li></ul></ul>Corrections Unlimited CEUs at AllCEUs.com for $74.99 per year
    36. 36. <ul><ul><li>If Patient Requests Changes to PHI Created by Another Agency, Forward Request to That Agency </li></ul></ul><ul><ul><li>Patient Will Be Notified of Approval or Denial Within 60 Days After Receipt of Request </li></ul></ul><ul><ul><li>May Extend Time Period for 30 Days As Allowed by Law </li></ul></ul><ul><ul><li>If Extends Time Period, Patient Will Be Notified of Reasons & Date Request Will Be Acted Upon </li></ul></ul><ul><ul><li>Only One 30 Day Extension Is Allowed </li></ul></ul><ul><ul><li>File Form at Site of Contested Entry in the Health Record & Maintain for Life of Health Record </li></ul></ul>Corrections Unlimited CEUs at AllCEUs.com for $74.99 per year
    37. 37. <ul><li>Execute Approved Corrections As Follows: </li></ul><ul><li>Without Erasure or Other Obliteration </li></ul><ul><li>Use Single Line Through Incorrect Data </li></ul><ul><li>Correct the Information </li></ul><ul><li>Add Reason for the Correction </li></ul><ul><li>Include Date & Corrector’s Signature </li></ul>Corrections Unlimited CEUs at AllCEUs.com for $74.99 per year
    38. 38. <ul><li>With Patient Approval, Submit Correction to Persons/Organizations </li></ul><ul><ul><li>That Received Information in the Past </li></ul></ul><ul><ul><li>That May Have Relied, or May Rely in the Future, on the Information </li></ul></ul><ul><ul><li>Are Identified by the Patient As Needing the Correction or Amendment </li></ul></ul><ul><ul><li>With Required Statement “This Is an Amendment to the Information That Was Previously Sent on _______Date___________. ” </li></ul></ul><ul><li>Document the Correction in the Accounting Disclosure Record </li></ul><ul><li>Notify the Patient in Writing of Approval </li></ul>Corrections Unlimited CEUs at AllCEUs.com for $74.99 per year
    39. 39. <ul><li>P&P for Accounting of Disclosures </li></ul><ul><li>Disclosures That Do Not Require Accounting </li></ul><ul><li>Temporary Suspensions </li></ul>Accountings Unlimited CEUs at AllCEUs.com for $74.99 per year
    40. 40. <ul><li>Record Disclosures of PHI that Are Subject to an Accounting </li></ul><ul><ul><li>In the Disclosure Accounting Record </li></ul></ul><ul><ul><li>Electronically in RPMS Release of Information (ROI) Software </li></ul></ul><ul><li>Accountings of Oral Disclosures of PHI Should Also Include the Name, Signature & Title of Staff Who Made the Oral Disclosure </li></ul>Accountings Unlimited CEUs at AllCEUs.com for $74.99 per year
    41. 41. <ul><li>Patient-Requested Accountings of Disclosure </li></ul><ul><li>Must Be in Writing </li></ul><ul><li>Must Include Disclosures to & by Business Associates </li></ul><ul><li>Must Include for Each Disclosure: </li></ul><ul><ul><li>Date of Disclosure </li></ul></ul><ul><ul><li>Name & Address of Recipient of Disclosure </li></ul></ul><ul><ul><li>Brief Description of the PHI Disclosed </li></ul></ul><ul><ul><li>Brief Statement of the Purpose of the Disclosure or Copy of Request for Disclosure </li></ul></ul>Accountings Unlimited CEUs at AllCEUs.com for $74.99 per year
    42. 42. <ul><li>Disclosures That Do Not Require Accounting Include </li></ul><ul><li>Disclosures to Officers & Employees of the DHHS Who Have a Need for the Information for Purposes of Treatment, Payment, </li></ul><ul><li>or Operations </li></ul><ul><li>Disclosures to the Secretary That Are Required in Order to Investigate or Determine Compliance with Privacy Requirements </li></ul><ul><li>Disclosures to the Patient </li></ul><ul><li>Patient-Authorized Disclosures </li></ul><ul><li>Disclosures Required Under the Freedom of Information Act (FOIA) </li></ul>Accountings Unlimited CEUs at AllCEUs.com for $74.99 per year
    43. 43. <ul><li>Understanding Patients’ Rights </li></ul><ul><li>Requirements for Obtaining PHI </li></ul><ul><li>Requirements for Responding to Requests </li></ul><ul><li>Procedure When Access is Granted </li></ul><ul><li>Procedure When Access is Not Granted </li></ul>Patient Access Unlimited CEUs at AllCEUs.com for $74.99 per year
    44. 44. <ul><li>Patient Requirements for Requesting Access: </li></ul><ul><li>Submit Written Request to SUD/CEO or Designee Specifying the Records the Patient Wants to Access </li></ul><ul><li>Designate a Representative to Review the Record & Inform the Patient of the Contents </li></ul><ul><li>Authorize Presence of Any Other Individual Present During Any Discussion of a Record </li></ul><ul><li>Patient May Request Copies of Records in Accordance with the Fee Schedule </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    45. 45. <ul><li>Requirements for Responding to Patient Requests for Access: </li></ul><ul><li>SUD/CEO Must Act on Request Within 30 Days If Maintained or Accessible On-site </li></ul><ul><li>SUD/CEO Must Act on Request Within 60 days If Not Maintained or Accessible On-site </li></ul><ul><li>SUD/CEO May Have One 30 Day Extension </li></ul><ul><li>Must Provide Patient With Written Statement of Reason(s) for Extension & Date on Which Will Respond </li></ul><ul><li>All Requests Must Be Maintained in Patient’s Health Record </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    46. 46. <ul><li>When Access Is Granted in Whole or in Part: </li></ul><ul><li>SUD/CEO Shall Inform Patient in Writing </li></ul><ul><li>Must Produce the PHI Only Once Per Request </li></ul><ul><li>Must Produce in Format Requested, if Producible, or Legible Hard Copy </li></ul><ul><li>A Summary or Explanation of the PHI May Be Provided in Lieu of the Underlying Information If Patient Agrees in Advance, but Patient Still Retains Right to See Entire PHI </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    47. 47. <ul><li>When Access Is Granted in Whole or in Part (cont.) : </li></ul><ul><li>Must Be Provided at Mutually Convenient Time & Place for Inspection or Copying </li></ul><ul><li>Can Be Mailed If Patient Pays Copying Fee </li></ul><ul><li>Note Date the Copy Is Provided in Patient Chart </li></ul><ul><li>Follow P&P for Verification of ID </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    48. 48. <ul><li>If Cannot Determine Whether Direct Access to the Record Will Have Adverse Effect on Patient </li></ul><ul><li>Deny Direct Access to the Patient </li></ul><ul><li>Forward Records to Designated Representative to Review </li></ul><ul><li>Notify Patient in Writing </li></ul><ul><li>Provide Patient Direct Access If Designated Representative Does Not Provide the Patient with the Record </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    49. 49. <ul><li>Location: </li></ul><ul><li>Not in a Public Area </li></ul><ul><li>Use Can Be Monitored Only by the Person(s) Designated to Conduct Monitoring </li></ul><ul><li>Only Authorized Staff Can Have Direct Access to FAX Machine </li></ul><ul><li>Medical Records Fax Cover Page Must Include: </li></ul><ul><li>Facility's Identification </li></ul><ul><li>Date of Transmission </li></ul><ul><li>Number of Pages Being Transmitted (Including Cover Page) </li></ul><ul><li>To: Authorized Receiver's Name, Telephone Number, & FAX Number </li></ul><ul><li>From: Sender's Name, Provider's Name (If Applicable), Sender's Telephone Number & FAX Number </li></ul><ul><li>Remarks or Special Instructions (If Appropriate) </li></ul><ul><li>Confidentiality Statement </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year
    50. 50. <ul><li>Call Receiving Facility to Inform that Records Are Being Sent </li></ul><ul><li>Confirm Fax Number </li></ul><ul><li>Confirm That Fax Machine Is in a Secure Area or Request that Recipient Stand by Machine to Receive </li></ul><ul><li>Reconfirm After Dialing that the Number Displayed on Fax Machine Is Correct Before Hitting “Send” </li></ul>Administrative Unlimited CEUs at AllCEUs.com for $74.99 per year
    51. 51. <ul><li>Confirm Receipt by Calling Recipient or Checking Transmission Report </li></ul><ul><li>If Fax Is Sent to Wrong Machine Contact Recipient & Request Fax Be Destroyed </li></ul><ul><li>Place Copy of Cover Page & Confirmation of Fax Receipt in Patient’s Medical Record </li></ul>Administrative Unlimited CEUs at AllCEUs.com for $74.99 per year
    52. 52. <ul><li>Remove Medical Information from Machine ASAP </li></ul><ul><li>Count Number of Pages </li></ul><ul><li>If Missing Pages Contact Sender & Request Re-transmittal </li></ul><ul><li>Read Fax Cover Page & Follow Instructions </li></ul><ul><li>If Facility Has ARJ, Document Receipt of Fax </li></ul><ul><li>If Fax is Printed on Thermal Paper, Photocopy & Destroy Original Thermal </li></ul>Administrative Unlimited CEUs at AllCEUs.com for $74.99 per year
    53. 53. <ul><li>Notify Intended Recipient that Fax Was Received </li></ul><ul><li>Faxed Medical Information that Is Not in a Secure Area Must Be </li></ul><ul><ul><li>Hand Delivered or </li></ul></ul><ul><ul><li>Placed in a Sealed Envelope & Delivered ASAP </li></ul></ul><ul><li>If Fax Is Erroneously Received at Facility </li></ul><ul><ul><li>Inform Sender of Error </li></ul></ul><ul><ul><li>Destroy Fax </li></ul></ul><ul><ul><li>Note in ARJ if Applicable </li></ul></ul>Administrative Unlimited CEUs at AllCEUs.com for $74.99 per year
    54. 54. <ul><li>If in doubt, ask </li></ul><ul><li>All disclosures oral, electronic or in writing must be accounted for in the medical record </li></ul><ul><li>There are limited reasons for breaching confidentiality without consent </li></ul><ul><li>All patients have the right to request access to and/or amendment of their PHI </li></ul><ul><li>Be cautious when using electronic communication such as fax or email to ensure secure delivery of the information </li></ul>Unlimited CEUs at AllCEUs.com for $74.99 per year

    ×