Published on

Presented by: Frank Webb

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Understanding HIPAA <ul><li>Presented by: </li></ul><ul><li>Officer Frank Webb </li></ul><ul><li>Mental Health Unit </li></ul><ul><li>Houston Police Department </li></ul>
  2. 2. Disclaimer <ul><li>The information provided in this presentation does not constitute legal advice and is intended to be used for guidance only. </li></ul>
  3. 3. HIPAA? <ul><li>Helping Impede Police Action & Authority </li></ul><ul><li>or </li></ul><ul><li>Health Insurance Portability & Accountability Act </li></ul>
  4. 4. HIPAA <ul><li>Also known as the Kennedy-Kassenbaum Act </li></ul><ul><li>Grew out of the Clinton Health Care Administration </li></ul>
  5. 5. HIPAA Goals <ul><li>Insure the confidentiality of patients’ health care information </li></ul><ul><li>Simplify the prosecution of health care fraud and abuse </li></ul><ul><li>Make changing jobs easier, while providing better access to health care insurance </li></ul>
  6. 6. Examples <ul><li>Chief over ISD </li></ul><ul><li>Collecting data within an agency </li></ul><ul><li>HNT </li></ul><ul><li>Call-Takers not being able to ask about MI </li></ul>
  7. 7. Examples <ul><li>Sharing data between police departments </li></ul><ul><li>Premise histories </li></ul><ul><li>Your examples? </li></ul>
  8. 8. Definitions <ul><li>PHI (Protected Health Information) - All Individually Identifiable Health Information and other information on treatment and care that is transmitted or maintained in any form or medium </li></ul><ul><li>Use - The sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information </li></ul>
  9. 9. Definitions <ul><li>Disclosure - Release or divulgence of information by an entity to persons or organizations outside of that entity </li></ul><ul><li>Authorization - The mechanism for obtaining consent from a patient for the use and disclosure of health information for a purpose that is not treatment, payment, or health care operations or not for other permitted disclosures </li></ul>
  10. 10. Definitions <ul><li>Minimum Necessary - When using PHI, a covered entity must make all reasonable efforts to limit itself to the “minimum necessary to accomplish the intended purpose of the use, disclosure, or request” </li></ul><ul><li>Health Plan - An individual or group plan that provides, or pays the cost of, medical care </li></ul>
  11. 11. Definitions <ul><li>Health Care Provider - Any person or organization that furnishes, bills, or is paid for health care services or supplies (such as EMS, Mental Health, Health Departments, etc.) </li></ul>
  12. 12. Definitions <ul><li>Health Care Clearinghouse - A public or private entity that processes or facilitates the processing of nonstandard data elements of health information into standard data elements </li></ul><ul><li>Covered Entities - Those entities that must comply with HIPAA regulations: Health Plans, Health Care Providers, and Health Care Clearinghouses </li></ul>
  13. 13. A Health Care Provider <ul><li>Doctors </li></ul><ul><li>Clinics </li></ul><ul><li>Psychologists </li></ul><ul><li>Dentists </li></ul><ul><li>Chiropractors </li></ul><ul><li>Nursing Homes </li></ul><ul><li>Pharmacies </li></ul>
  14. 14. A Health Plan <ul><li>Health insurance companies </li></ul><ul><li>HMOs </li></ul><ul><li>Company health plans </li></ul><ul><li>Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs </li></ul>
  15. 15. A Health Care Clearinghouse <ul><li>This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa </li></ul>
  16. 16. Covered Entities <ul><li>The Privacy and Security Rules apply only to covered entities. If an entity is not a covered entity, it does not have to comply. </li></ul><ul><li>- U.S. Department of Health & Human Services </li></ul>
  17. 17. The Problem <ul><li>The potential for HIPAA problems arises when dealing with agencies that do have to comply with it. </li></ul><ul><li>Obtaining patient health information </li></ul><ul><li>Being asked to release patient health information by the press, public or other interested parties </li></ul>
  18. 18. Permitted Law Enforcement Disclosures <ul><li>As required by law (court orders, court-ordered warrants, subpoenas) and administrative requests </li></ul><ul><li>To identify or locate a suspect, fugitive, material witness, or missing person </li></ul><ul><li>In response to a law enforcement official’s request for information about a victim or suspected victim of a crime </li></ul>
  19. 19. Permitted Law Enforcement Disclosures <ul><li>To alert law enforcement of a person’s death, if the covered entity suspects that criminal activity caused the death </li></ul><ul><li>When a covered entity believes that protected health information is evidence of a crime that occurred on its premises </li></ul>
  20. 20. Permitted Law Enforcement Disclosures <ul><li>By a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime. </li></ul>- U.S. Dept. of Health and Human Services
  21. 21. Administrative Request <ul><li>Administrative subpoena or investigative demand or other written request from a law enforcement official. Does not require judicial involvement. Must include a written statement the information requested is relevant and material, specific and limited in scope. </li></ul>
  22. 22. Necessary to prevent/lessen an imminent threat to health or safety of a person or the public? Disclose minimum necessary to person(s) able to prevent/lessen threat Oregon Health & Science University Integrity Office
  23. 23. Requesting PHI to identify or locate a suspect, fugitive, material witness or missing person? <ul><li>Name and address </li></ul><ul><li>Date and place of birth </li></ul><ul><li>Social Security number </li></ul><ul><li>ABO blood type & rh factor </li></ul><ul><li>Type of injury </li></ul><ul><li>Date and time of treatment </li></ul><ul><li>Date and time of death </li></ul><ul><li>Distinguishing physical characteristics </li></ul>Oregon Health & Science University Integrity Office
  24. 24. Necessary to identify or apprehend an individual where it appears the person escaped from custody or correctional institution? Disclose minimum necessary Oregon Health & Science University Integrity Office
  25. 25. Is disclosure to report about a victim of abuse or neglect (child, elder, mentally ill/developmentally disabled? Disclose minimum necessary Oregon Health & Science University Integrity Office