Your SlideShare is downloading. ×
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Hipaa compliance within the workplace
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Hipaa compliance within the workplace

1,377

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,377
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
72
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BEST PRACTICES HIPAA Compliance in the Workplace
  • 2. What is HIPAA 3 How to Handle HIPAA 6 The Final Rule 9 Staffing Plus Solutions 13 TABLE OF CONTENTS:
  • 3. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects the privacy of health information. In the workplace, HIPAA ensure that employee health information is not provided to parties, such as employers, without the consent of the employee. HIPAA laws protect the privacy of all past, current and future employee health-related information. HIPAA doesn’t only apply to health care organizations – it also applies to businesses that aren’t in the health care industry. Businesses administer health insurance plans, as well as other health- related benefits and information about employee health conditions, which the business must secure in accordance with HIPAA guidelines. CHAPTER 1: What is HIPAA? Page 3
  • 4. HIPAA Compliance in the Workplace Page 4 Purpose HIPAA was established to provide federal protection for personal health information found in medical records, conversations regarding medical treatment and billing information related to the patient’s health. Under HIPAA, patients have the right to view and receive copies of their health information and receive a notice when that information is used and/or shared. Privacy The HIPAA Privacy Rule is balanced so that it allows the disclosure of Personal Health Information (PHI) needed for patient care and other important purposes. The Privacy Rule controls how a health plan or covered health care provider releases protected health information to an employer, including a manager or supervisor. If employers ask health care providers about PHI regarding an employee(s) without authorization, the providers cannot disclose such information. Employer Requests Under HIPAA, an employer can ask an employee for a doctor’s note related to sick leave, workers compensation, wellness programs or health insurance, however, if health- related information is contained within employment records, authorization has to be provided to the physician to obtain health information and may only be used for the purpose stated.
  • 5. Page 5 Who Is Covered? The intent of HIPAA in the workplace is to protect employees from sharing and disclosing health information with individuals who do not legally need to know that information. Entities covered by HIPAA include health plans, health care providers and health care clearinghouses (entities that process nonstandard health information they receive from another entity into a standard format or vice versa). While other organizations, such as life insurers, schools and law enforcement agencies, do not specifically fall under this law, they cannot obtain health information directly. In cases where health information is included, these organizations must receive the employee's authorization to access personal health information to be in compliance with HIPAA. Employee Rights Understanding employee rights under HIPAA is important in protecting their personal health information. Patients have the right to see and get copies of all health records and information, as well as the right to have corrections added to health information if the information is incorrect or incomplete, such as the result of a test. In the workplace, employees have the right to be notified of the way in which health information is shared and to decide whether or not to give permission for that reason. HIPAA Compliance in the Workplace
  • 6. The intent of HIPAA is to prevent the sharing and misuse of protected health information thereby ensuring patient privacy. Knowing the ins and outs of HIPAA will help your business stay compliant and free from violation penalties. CHAPTER 2: How To Handle HIPAA Page 6
  • 7. Page 7 Securing Medical Records Records containing information about employees’ PHI need to be secured not only from access outside of the company, but also from unauthorized users inside the company.  Only certain employees within the organization who deal directly with health-related policies need to access the information.  This information should be protected by a special password or locked in a secured drawer or filing cabinet.  When transferring these records, employees must follow company policies to ensure the information isn’t lost or intercepted by another party.  Employees who handle health related information must also maintain a log that details any release or transfer of information. Employee Training Any employees in the organization who handle health- related information – such as medical insurance policy information, a company wellness program or flexible spending account – need to receive proper training about HIPAA and how to handle health-related information. If you fail to properly train such employees, who in turn disclose information about another employee’s health, you may be found liable for the disclosure and may then be sued by the employee whose information was compromised. HIPAA Compliance in the Workplace
  • 8. Page 8 Employee Absences Under no condition may a manager disclose to other employees in an organization the details of a person’s medical absence from the company, unless the employee consents first. This means that when an employee falls ill or needs to undergo medical treatment, you may pass around a card or other materials to give to the employee who isn’t well, but you can’t disclose the reason for the employee’s absence to everyone else. Written Policies Not only do you need to follow HIPAA laws on a daily basis within your organization, but you also must document the policies your organization has adopted to ensure compliance with the laws. These documents need to detail how employees who have access to health information are to secure the information, under what circumstances health information should be disclosed, and consequences for an employee violating the organization’s HIPAA policies. All employees should have a copy of these written policies, especially those who have access to health information. HIPAA Compliance in the Workplace
  • 9. On January 25, 2013, the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) published its Final Rule of modifications to HIPAA. The stated purpose of the Final Rule is to both strengthen the privacy and security protections established under HIPAA, to increase flexibility for and decrease burden on the regulated entities. The amendments became effective on March 26, 2013 and will be enforced by the OCR beginning September 23, 2013. CHAPTER 3: The Final Rule Page 9
  • 10. Page 10 The final rule is actually considered an “omnibus rule” (composed of multiple components) including the following four final rules: 1. Final modifications to the HIPAA Privacy, Security, and Enforcement Rules. These modifications:  Make business associates of covered entities directly liable for compliance with certain requirements of the HIPAA Privacy and Security Rules.  Strengthen the limitations on the use and disclosure of PHI for marketing and fundraising purposes, and prohibit sale of PHI without individual authorization.  Expand individuals’ rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.  Require modifications to, and redistribution of, a covered entity’s notice of privacy practices.  Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others.  Adopt additional Health Information Technology for Economic and Clinical Health (HITECH) Act enhancements to the Enforcement Rule, such as provisions addressing enforcement of noncompliance with the HIPAA Rules due to willful neglect. HIPAA Compliance in the Workplace
  • 11. Page 11 2. A final rule adopting changes to the HIPAA Enforcement Rule to incorporate an increased and tiered civil money penalty structure provided by the HITECH Act. 3. A final rule on breach notification for unsecured PHI under the HITECH Act that clarifies when breaches of unsecured health information must be reported to HHS. 4. A final rule modifying the HIPAA Privacy Rule as required by the federal Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes. HIPAA Compliance in the Workplace
  • 12. Page 12 Civil Monetary Liability As required by the HITECH Act, the 2013 Amendments substantially increase the potential civil monetary fines for violations for covered entities and business associates, and establish tiers of escalating penalty amounts based on increasing degrees of culpability of violators and other responsible parties. The 2013 Amendments also reduce OCR’s discretion in assessing these fines. HIPAA Compliance in the Workplace Are You a Business Associate? As defined by HIPAA, a business associate is any organization or person working in association with or providing services to a covered entity who handles or discloses Personal Health Information (PHI) or Personal Health Records (PHR) Final Rule An overview of the final rule is available here from the U.S. Department of Health and Human Services. Violation Category – Section 1176(a)1 Each Violation (A) Did Not Know $100 - $50,000 (B) Reasonable Cause $1,000 - $50,000 (C)(i) Willful Neglect – Corrected $10,000 - $50,000 (C)(ii) Willful Neglect – Not Corrected $50,000
  • 13. Staffing Plus offers personalized HR services that will help control cost, lower risk and minimize the financial impact to your organization. We will provide you with the HR expertise and resources you need, so that you can stay focused on your strategic business and financial goals. As it pertains to HIPAA, Staffing Plus can offer the following assistance by:  Conducting a risk assessment  Establishing criteria and procedures for hiring and assigning tasks related to HIPAA  Documenting the policies to ensure compliance with the laws CHAPTER 4: Staffing Plus Solutions Page 13 For further guidance on HIPAA Compliance and other HR related areas, please contact our HR Outsourcing experts at (610)525- 4000 or via email at hro@staffingplus.com
  • 14. 551 W. Lancaster Ave. Haverford, PA 19041 Toll Free: 800-550-9212 Local: 610-525-4000 Fax: 610-526-6740 Email: hro@staffingplus.com

×