HIPAA: Privacy, Confidentiality, and Security Presented by: Libby Goodman
What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is a law that requires all healthcare providers to promise the privacy, confidentiality and security of the health information of every person. Patients have the right to this.
Who has to follow the HIPAA rules? Health care providers, including doctors, dentists, chiropractors, therapists, hospitals, nursing facilities, clinics, pharmacies, home health agencies, hospices, long-term care facilities, and personal care facilities of any type or size. Health plans and health insurance companies. Healthcare clearinghouses, such as billing services.
What kind of information does HIPAA protect? Information about the person’s past, present or future health condition, health treatment, or payment of healthcare services. Information that identifies you, or tells who you are such as name, phone, address, DOB, diagnosis, SS #, employer, position or other identifying data. Protected Health Information (PHI) comes in many formats – paper, electronic, or conversation, primarily patient’s medical record.
Exceptions to HIPAA rule… Emergencies Public health needs, such as infectious diseases Mandatory reporting of a child and elder abuse and neglect Judicial (court) and administrative (insurance companies) proceedings
Ways you can protect patients’ privacy and confidentiality: Confidentiality of health information Always treat resident records as confidential Know your workplace rules related to PHI Everyone has the right to decide who has access to their health information Only authorized staff should be allowed to view health information Do not include casual notes in a patient’s chart Do not let unauthorized people hear or see another person’s PHI
HIPAA violations can cost you! Single violation= $100 civil money penalty Multiple violations of an identifcal requirement or prohibition made during a calendar year = up to $25,000 Wrongful disclosure of individually identifiable health information = up to $50,000 & up to one year jail time Wrongful disclosure of individually identifiable health information committed under false pretenses = up to $100,000 & up to 5 years jail time Wrongful disclosure of individually identifiable health information committed under false pretenses with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm = up to $250,000 & up to 10 years jail time
Examples of what is NOT okay… Reviewing a medical record for no reason Even if it is someone famous, it is not acceptable. It may seem that the public is aware of their personal details, but the information in the public is often not correct and PHI details are never okay to review or discuss unless you are an authorized to view it or know it.
Protecting privacy is best policy Keep in mind how you would want others to handle your PHI. Treat your patients PHI with the same respect you would want for your own.