Chapter07
Upcoming SlideShare
Loading in...5
×
 

Chapter07

on

  • 1,129 views

for study

for study

Statistics

Views

Total Views
1,129
Views on SlideShare
1,129
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Chapter07 Chapter07 Presentation Transcript

    • Chapter 7-Privacy Laws and HIPAA McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Learning Outcomes
        • Discuss federal privacy laws that pertain to health care.
        • Discuss four standards of HIPAA.
        • Summarize the provisions of the Privacy Rule and how they apply to your profession.
        • Recognize and dispel some of the more prevalent myths concerning HIPAA.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Privacy Laws are based on amendments to the U.S. Constitution:
        • First Amendment
          • Freedom of Speech.
        • Third Amendment
          • No soldier quartered in private citizen’s home without permission.
        • Fourth Amendment
          • Unreasonable search and seizure prohibited.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
        • Fifth Amendment
          • Cannot testify against yourself.
        • Ninth Amendment
          • Constitutional rights shall not be used to deny other rights retained by the people.
        • Fourteenth Amendment
          • Equal protection under the law.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Common points in all federal privacy laws are:
        • Information collected and stored about individuals shall be limited to what is necessary.
        • Access to personal information should be limited to those employees who need to know.
        • Personal information may not be released outside the organization without authorization.
        • When information is being collected about a person, that person should know and have opportunity to check.
        • See Table 7-1 for a list of major federal privacy law.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Health care billing has become more complex.
      • Managed care added layer of administrative duties.
      • Rising cost of medical malpractice and the cost of doing business.
      • Rising cost of health care and health insurance.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Covered entities
      • Covered transactions
      • Designated record set
      • Notice of Privacy Practices (NPP)
      • Protected Health Information (PHI)
      • State preemption
      • Treatment, payment, and health care operations (TPO)
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • People, businesses or agencies that must comply with HIPAA Standards and Privacy Rule:
        • Hospitals Nursing homes
        • Hospices Pharmacies
        • Physician practices Dental practices
        • Other providers of care Health plans (payers)
        • Health care clearing houses
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • A transaction is an electronic exchange of information between two covered entities.
      • Includes claims, patient identifiable information, referrals, authorizations.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Records maintained by or for a covered entity including:
        • Medical records.
        • Billing records.
        • Health plans enrollment, payment, claims adjudication, case management records.
        • Any record used by a covered entity to make decisions about an individual.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Every health care provider must provide each patient with a written notice of the provider’s privacy policies.
      • The patient is asked to sign an acknowledgment form.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Any information that contains one or more patient identifiers that could be used to identify an individual.
      • PHI must be protected whether written, spoken or electronically transmitted.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • If a state’s privacy laws are stricter than HIPAA, state law takes precedence.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • TPO allows providers to provide treatment, disclose PHI for payment, and conduct the necessary business operations within and among other covered entities.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Business associates of covered entities must have contracts/agreements with covered entities guaranteeing that PHI will be safeguarded.
      • Business associates include accountants, legal consultants, transcription services, and other similar type services provided to covered entities.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • There are four HIPAA standards. A standard is a general requirement.
        • Standard 1—Transactions and Code Sets
        • Standard 2—Privacy Rule
        • Standard 3—Security Rule
        • Standard 4—National Identifier Standards
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Transaction Requirements
        • Established standards for Electronic Data Interchange (EDI) for transmittal of information.
        • Must be used by all covered entities.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Code Sets
        • Local code sets eliminated.
        • Four categories of codes:
          • Coding systems for diseases (ICD-9)
          • Coding systems for causes of injury, diseases (ICD-9)
          • Actions taken to prevent, diagnose, treat or manage diseases (CPT-4)
          • Substances, equipment, supplies (HCPCS)
      McGraw-Hill © 2100 by The McGraw-Hill Companies, Inc. All rights reserved
      • Patient Health Information (PHI) may be disclosed with permission.
      • The permission is a reason for each use and disclosure.
      • There are eleven HIPAA defined permissions.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Disclosure to HHS representative (required)
      • Disclosure to patient (required)
      • Disclosure for treatment, payment or health care operations (TPO)
      • Others’ treatment
      • Personal representative
      • Disaster Relief Organizations
      • Incidental disclosures
      • Public purposes
      • Authorization from patient
      • De-identified information
      • Limited data set
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Verification of identification of requestor.
      • Only the minimum necessary data should be disclosed.
      • Patient lists may not be provided to pharmaceutical & survey companies that are marketing services.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Psychotherapy notes must have specific written approval from patient. Check for specific exceptions to this requirement.
      • Covered entities must have Policies and Procedures consistent with Notice of Privacy Practices (NPP).
      • If state law conflicts with HIPAA, you must follow the law that offers most protection.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Patient has right to access and right to copy records.
      • Patient has right to request amendments to his/her PHI. Unless provider has grounds to deny, amendments must be made.
      • Patient has right to request for an accounting of disclosures of PHI.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Patient has right to be contacted at places other than work or home.
      • Patient has right to request further restriction on who has access. Covered entity may deny request for valid reasons.
      • Patient has right to file a complaint.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Covered entities and business associates must have security plan in place.
      • Appropriate measures such as a security officer, passwords, firewalls, encryption, and anti-virus software necessary.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • Standard is meant to provide a unique number for each provider of care.
      • Implementation completed in May 2008.
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
      • In some physician offices, the privacy/security officer is a member of the staff and has other duties. This person is sometimes referred to as the “HIPAA Police.” You personally observe the security officer violate basic HIPAA Standards—especially Standard 2. What are you going to do?
      McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved