What We Need to Know about HIPAA Sylvia Rainwater, RN, BSN PN Instructor South Arkansas Community College Edited by Brenda Holmes MSN/Ed, RN
Purpose of this Training To provide SACC Faculty and Nursing Students with the knowledge & understanding of HIPAA Why privacy is important. To enhance awareness of the nursing student’s role in protecting a patients health information. Possible consequences and penalties for violation HIPAA laws
HIPAA H ealth I nsurance P ortability and A ccountability A ct IT’S THE LAW!
Trivia Question How many words are in the Health Insurance Portability and Accountability Act? How many lines are in the Health Insurance Portability and Accountability Act? How many titles are there?
Trivia Answers Words-73,840 Source: Microsoft Word: word count Lines-5,704 Five
Overview Signed into law by President Clinton on August 21, 1996 Public Law 104-191 HIPAA addresses numerous health care issues
Purpose of HIPAA To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage Reduce health care fraud and abuse To Protect individuals’ rights to privacy and confidentiality To ensure the security of electronic transfer of personal information
Health Insurance Portability and Accountability Act of 1996 Title I Title IV Title V Title III Title II Insurance Portability Fraud and Abuse Medical Liability Reform Group Health Plan Requirements Revenue Off-sets Administrative Simplification Tax Related Health Provision Privacy Security Electronic Data Transactions Identifiers Code Sets
Title I Title I of the HIPAA law deals with health care access, portability, and renewability with the intention of protecting health insurance coverage for workers and their families when they change or lose their jobs.
Title II Prevention of healthcare fraud and abuse Administrative Simplification
Administrative Simplification Key components Electronic Data Interchange (EDI) Transactions standards Code sets Privacy Security National Standard Identifiers Provider Employer Health Plan
Who is affected by HIPAA? The law applies directly to three groups referred to as “Covered Entities.” Health Care Providers Health Plans Health Care Clearinghouses
HIPAA Privacy Rule Primary Focus of this presentation! HIPPA PRIVACY RULE Title 45, CFR Parts 164 & 160 Protect individuals’ rights to privacy and confidentiality
The Privacy Rule The Standards for Privacy of Individually Identifiable Health Information established a set of national standards for the protection of certain health information The Privacy Rule standards address the use and disclosure of individuals’ health information PROTECTED HEALTH INFORMATION (PHI) Compliance Date: April 14, 2003 Enforced by: Office of Civil Rights (OCR)
Enforcement of HIPAA The Department of Health and Human Services (DHHS) is responsible for developing and establishing the Privacy Rule standards Office of Civil Rights (OCR) is responsible for implementing and enforcing the Privacy Rule
Health Information Health information should be protected from: People who aren’t involved in the patient’s direct treatment Insurance agencies using it to deny life or disability coverage Employers using it in hiring/firing decisions Reporters Nosy neighbors or family members
Privacy Standards for the Privacy of Health Applies to health information in all forms: Written Spoken Electronic Health information includes: Medical records Claims information Payment information
What is PHI? P ---PROTECTED H ---HEALTH I ---INFORMATION PHI is any health information that could identify an individual patient
Individually Identifiable Health Information Name Address Drivers license # Dates Birth date Admission date Discharge date Date of death Telephone numbers FAX number E-mail address Social Security Number Medical record number Web URL Finger or voice prints Photographic images Account number
Use and Disclosure of PHI Use-Sharing protected health information within the entity that maintains the information Disclosure-Release or transfer of PHI by an entity to persons or organizations outside of that entity Another facility Nursing home
Permitted Uses and Disclosures A covered entity is permitted to use and disclose protected health information without an individual’s authorization for the following: Treatment, Payment, and Health Care Operations Opportunity to Agree or Object Facility directory Incidental disclosures are permitted Public Interest
Disclosures not requiring patient Authorization Required by Federal or State Law Workers compensation Birth reporting Child abuse Required for public health reasons Sexually transmitted disease Required for national security reasons Prevent a serious threat of harm to the individual or others
Disclosures with Authorization Authorization is required for certain disclosures to: Attorneys Disclosures to a patient’s attorney for purposes of a malpractice lawsuit Disclosures to a life insurance company, when the individual is seeking to obtain coverage
Why HIPAA? Cost Concerns Genetic Advancements Marketing Technology Loss of Patient Data Privacy Concerns Breaches of Patient Privacy
Cost Concerns Billions of dollars being spent on administrative services related to health care Congress estimated that approximately $87 billion could be saved annually if administrative services could be improved Requiring more health care transactions to be conducted electronically, reduced paperwork Standardizing health care transactions
Privacy Concerns Privacy Concerns The case of Arthur Ashe (the late tennis star) his positive HIV status was disclosed by a healthcare worker and published by a newspaper without his permission 53 staff members at UCLA Medical Center were disciplined for accessing the medical information of Britney Spears
Privacy Breach Privacy Breach Case of Ann Pressley Up to 6 employees fired from St. Vincent Health Center Routine patient-privacy audit showed 8 people gained access to her records improperly All 8 were immediately placed on leave, pending an investigation. 2 of the 8 were found to have valid reasons for viewing the records
PRIVACY AND CONFIDENTIALITY REMEMBER Information about a patient is considered confidential whether it is written, saved on a computer, or spoken out loud. As a student or faculty, It’s important that you take steps to protect the privacy of patients Protecting Privacy is EVERYONE’S JOB!
ASK YOURSELF Would I want someone to gossip about my medical or personal information? How can I protect someone’s privacy? Am I willing to risk Prison and/or A Fine Losing my job Being Dismissed from Nursing School Because I don’t follow the legal, ethical, and RIGHT THING TO DO!
Sshhh!!! Private means Private If your role as a student requires you to communicate healthcare information with patients Assess the environment before you start talking Are there other people in the area who might hear the information you are sharing? Are those individuals authorized to hear the information?
The “NEED TO KNOW” Rule Believe it or not, as a student, you do not have the right to look at all the information available on every patient. For example, a student on 2 nd floor does not have the right to look at the medical record of a friend on 4 th floor.
The “NEED TO KNOW” Rule As a nursing student, you will discuss protected health information only as it pertains to your education or your patient’s care. Before looking at patient information, ask yourself, “Do I need to know this to do my job?” If “yes” you are allowed. If “no” you are NOT ALLOWED.
The “NEED TO KNOW” Rule Remember the rule of thumb-ask yourself, “ Do I need to know this to do my job ?” You should NOT access any information that you do not need to know in order to provide patient care or to complete your clinical assignment/observation.
How do we protect patient privacy? Do NOT talk about patients in public places Cafeteria Elevator Waiting rooms Parking lot
How do we protect patient privacy? Do Not leave messages regarding the patients condition or test results on message machines or with anyone other than the patient. Leave only your name and number on message machines when you are asking a patient to call you back. Avoid paging patients using information that could reveal their health issues.
How do we protect patient privacy? Close curtains & speak softly in semi-private rooms when discussing treatment & administering procedures. Be sure no one can see your computer screen while you are working Never share your access code Log off of your computer when not working
How do we protect patient privacy? Never leave charts open for others to see Never leave lab results, medications or other sensitive information out in the open where others can see it. Do not use the intercom to provide health information to patients or other staff members.
How do we protect patient privacy? DO NOT GIVE HEALTH INFORMATION to family members or friends If unsure about whether or not you should provide information about a patient, ask your instructor for assistance. If you over hear employees, students or observers discussing patients inappropriately, remind them of confidentiality.
How do we protect patient privacy? Shred or properly dispose of all documents containing protected health information that is not part of the official medical record. Know who you are speaking to on the phone, if not sure Get a name and number to call back after you find out it is ok to do so.
Clinical Assignment When preparing your clinical assignments: Identify the patient by initials only Use other demographic data only to the extent necessary to identify the patient and his or her needs to the instructor. Protect your notes or other sources of information from individual who don’t have a “need to know”
Clinical Assignment Preparing your clinical assignment: Protect your printer output from others who don’t have a “need to know” Protect your flash drive/zip/CD/PDA from being lost or stolen DO NOT put notes/scrape paper with patient’s health information in the trash. Students are NOT to photoduplicate or fax patient documents in the process of working with your patient’s PHI. Shred all patient health information-Do not take home patient report sheets
CONSEQUENCES OF HIPAA VIOLATIONS Legal Consequences: Civil or Criminal penalties Fines plus imprisonment Professional Consequences Disciplinary action by the State Board of Nursing Academic Consequences: Reprimands Loss of points toward grade or failure of course Dismissal from School of Nursing
Civil Penalties Civil penalties $100 per person per violation-up to $25,000/year person should have known better US Dept. of Health and Human Service for Civil Rights enforces civil penalties PROTECT PATIENT INFORMATION
Criminal Penalties Criminal penalties Up to $50,000 and 1 year prison; Knowingly releasing patient information Up to $100,000 and 5 years prison; gaining access to health information under false pretenses Up to $250,000 and 10 years prison; releasing patient information with harmful intent or selling patient information. US Department of Justice enforces criminal penalties
HIPAA VIOLATION REMEMBER HIPAA VIOLATIONS CAN HAVE SERIOUS CONSEQUENCES!
STOP Think about how you would feel if your own health information were used or disclosed in a way that was harmful to you or your family.
CONCLUSION As students and faculty we must remember to protect the privacy of patients If you have a question about the proper way to handle a patient’s privacy, ask your instructor, supervisor or manager in your clinical area, or contact the Privacy Compliance Officer of the institution you are working in.
SOUTH ARKANSAS COMMUNITY COLLEGE BETTY OWEN SCHOOL OF NURSING CONFIDENTIALITY AGREEMENT Patient confidentiality at the health care facilities used by SACC Betty Owen School of Nursing is of primary importance. In addition to each agency policy, HIPAA requires health information to be kept confidential. In order to protect individual rights to confidentiality and to comply with federal and state laws, students must agree to hold all information or records pertaining to patients, employees, and other company information gained through their clinical assignments at any agency used by the Betty Owen School of Nursing in strictest confidence. Confidentiality includes but is not limited to: Discussing patients or their health conditions with persons who do not have a need to know Accessing confidential information (which includes, but limited to photographic images, medical and demographic information) that is not within the scope of your assignment Misusing, disclosing with proper authorization, or altering confidential information Removing any documents with individually identifiable patient data from any agency I understand the terms of this Student Confidentiality Agreement, and I agree to abide by the above confidentiality requirements. I understand that any breach of any confidential information during or after my clinical experience(s) will result in immediate dismissal from the school of nursing as described in the Practical Nursing Handbook. __________________________________ __________________________________ Printed Student Name Printed School Official Name ___________________________________ ____________________________________ Student Signature School Official Signature ___________________________________ ______________________________________ Date Date
INSTRUCTIONS You have three weeks to complete this assignment. Once you have reviewed the PowerPoint presentation, print the confidentiality agreement located on blackboard. You will also need to take the online test which is available on blackboard. When you have completed the test you can then print out a certificate. Print one for yourself and one for your instructor.