HIPAA

629 views

Published on

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
629
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
51
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

HIPAA

  1. 1. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of HIPAA JCAHO Mandatory Annual Competency Chesapeake Medical Staffing
  2. 2. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of HIPAA Initiative Health care has always tried to maintain confidentiality, but efforts have not always been successful. Public trust in health care has eroded and the health care industry needs to work hard to regain that trust. Health care institutions and providers have worked to make sharing of medical information easier to help facilitate care and payment.
  3. 3. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of HIPAA The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to cover three specific areas: 1. Insurance portability or the ability to move to another employer and be certain that your insurance will not be denied 2. Fraud enforcement and accountability 3. Administrative simplification The first two areas have been active since 1996, but it took until April of 2003 to enact administrative simplification.
  4. 4. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Administrative Simplification Administrative simplification refers to the guidelines that impact healthcare providers in the communications with other providers, families, friends, and the media. It includes written, verbal, phone, fax, and email communications.
  5. 5. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Impact on the Caregiver The essential parts of the administrative simplification section of the law have to do with: • consents • authorization • patient privacy • confidentiality • security of patient The law directs all health care providers and facilities to have standards in place to protect patient information and to educate staff on their responsibilities in this important area.
  6. 6. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of HIPPA is designed to:  Assure health insurance portability  Reduce health care fraud and abuse  Guarantee integrity and confidentiality of health information  Improve the operations of health care systems and reduce administrative costs
  7. 7. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Privacy vs. Confidentiality Privacy is the individual’s right to decide who, when, and how any information about him or herself is disclosed. Confidentiality is the obligation of another to maintain the person’s privacy.
  8. 8. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Consents and Authorizations Upon entering the healthcare facility, the patient is given information about how the organization will protect the privacy of the patient and what types of information will be shared and under what circumstances (generally related to the current care of the patient). This is called the Notice of Privacy Practices and is required by HIPAA to be given to all patients.
  9. 9. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of HIPAA Privacy LAW HIPAA is Federal Law and compliance is mandatory. Patient information must be protected through conscious effort at all times no matter where you are! The ONLY exception is when information is shared in order to provide care, treatment and payment for services.
  10. 10. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Consequences of NOT Protecting Patient Confidentiality There are both civil and criminal penalties associated with NOT following the HIPAA guidelines about releasing patient information. The penalties vary based on if the information was inadvertently or deliberately released, as well as the type of information released. Penalties and fines may be up to $250,000 and ten years imprisonment.
  11. 11. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Shared Information Under HIPAA, a facility may share or disclose patient information for the following purposes: • Treatment of the patient (e.g. consulting with other healthcare providers on diagnosis and treatment) • Obtaining payment from the patient’s health plan • Operational requirements (e.g. quality improvement activities or peer review) • Complying with legally mandated reporting or disclosure The patient must provide consent or further authorize any other release of information for any other purpose. The facility must also make a good faith effort to obtain a written acknowledgement that the patient received the Privacy Notice.
  12. 12. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Defining HIPAA Terms: • What is Portability? Portability ensures that as people move from one health plan to another they will have continuity of coverage and will not be denied coverage under pre-existing clauses. • What is Accountability? In accordance with HIPAA, accountability means an increase in the government’s fraud enforcement authority.
  13. 13. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Covered Entities Covered entities includes hospitals, health care providers, third party payers, such as insurance companies, and anyone who processes health information. Therefore, the term “covered entities” includes everyone that uses, accesses or interacts with patients in any way. These interactions may be formal or informal, from those of direct care givers to those that enter a patient room simply to clean or deliver items.
  14. 14. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Protected Health Information (PHI) Protected Health Information (PHI) is a new term that will be used with increasing frequency in facilities where you work. PHI refers to personal patient information that can be used to identify the patient, sometimes even inadvertently. The patient now has the right to direct when, why, and to whom PHI may be released. For instance, in the past, aggregated patient information may have been collected for research, quality improvement, or other purposes. Even though the patient’s name would be omitted, the patient may still be identifiable through specific data including date of procedure, type of procedure, gender, or any number of other details. The new bill allows patients much more control over PHI.
  15. 15. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Protecting PHI • Information that relates to a patient’s health cannot be used unless authorized by either the patient or someone acting on the patient’s behalf, or unless permitted by regulation. • Access to information is limited to only those individuals who need the information for a legitimate purpose. • HIPAA ensures that an individual’s health information may only be used for health purposes.
  16. 16. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of What Kind of Information is Protected? Patient information that is protected includes, but is not limited to: • the patient’s name, address & telephone number • age, diagnosis, surgery, date of procedure, and medications Beyond this, additional information that is protected includes any medical history information, results of physical examinations, laboratory and other diagnostic results, billing records and claim forms. Any information that could be used to identify the patient is protected under HIPAA. It is important to know that this information is protected in any form, be it written, electronic, or verbal.
  17. 17. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of How Does This Law Affect Our Discussion of Patient Issues? Although there are persons with whom you need to communicate about a specific patient, be certain to consider the following: • Does the person you are communicating with “need to know” the information about the patient? In other words, is there a medical necessity to discuss the patient? • Are you discussing the patient out of the hearing of others? • Without using a patient name, are you still discussing the patient in a way that others could discern who you are speaking about? For example, perhaps there is only one male on your unit, so if you use the word “he,” others will know who you are discussing.
  18. 18. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Discussing Patient Information with Family and Personal Representatives A personal representative is defined as any person who is legally authorized to act on behalf of the patient. This can be someone with a legal document, such as a general power of attorney or a more limited medical power of attorney, or simply someone who has the authority to act on behalf of the patient. PHI can be shared with a personal representative.
  19. 19. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Allowed Disclosure HIPAA allows disclosure of PHI to spouses, parents, legal guardians, and others involved in a patient’s care without obtaining the patient’s formal, written permission. If you are in a patient room and need to discuss their care or treatment when others are present, simply ask the patient if there is any objection.
  20. 20. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Using and Sharing Information Most likely, all the personal information that you use and share in your daily duties is covered under HIPAA for “treatment” purposes. These include: • Discussing diagnosis and treatment with other nurses and physicians. • Performing diagnostic tests and providing this information to other providers. • Providing laboratory samples or imaging tests to those who perform diagnostics on them. • Referring a patient to another provider or facility, and discussing the treatment and/or diagnosis. • Telephone prescription information to a pharmacy.
  21. 21. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Requests for Access to Records Each facility will determine the specific policies but the following will be routine: • Clear identification that the person requesting the medical record is either the patient or has the correct authorization to view the record. • Only the parts of the record included in the authorization can be viewed. • The patient may request changes to the record and the facility and parties involved must respond to the request within a preset time frame. Note that this does not imply that the record must be changed, only that the patient’s request has a response. • Clear guidelines exist as to which staff members may have access to records and for what reasons.
  22. 22. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Faxes HIPAA also covers fax communications with specific patient information. Although each facility will have different specific policies, general guidelines will most likely include the following: • Locating fax machines in private and secure areas, away from patients and the public. • Fax cover sheets will include disclaimer to indicate what to do if sent inadvertently to the wrong number. • Whether faxes can or cannot be sent during “off hours” when the receiving fax papers will not be picked up immediately. • Protection of “sent” faxes left unattended on the fax machine.
  23. 23. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Computers Computers are now commonplace in hospital units and include a vast amount of patient information that must be secured. Be vigilant about your computer use, following these guidelines: • Computers should be set up so that the screens are not easily visible to the patient or visitors. • The computer user should “log off” when finished with the computer, so the screen is not left “on” and “visible” to others. • Each computer user should have their own password so that each person using the computer and the screens they go to can be identified. • Do not share your password with others.
  24. 24. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Confidentiality The mandates of HIPAA require each of us to: • maintain confidentiality of computer access codes • position computer screens away from public access or view • log off computers when you have finished.
  25. 25. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Audit of Computer Access • Audits may be conducted on a regular basis to identify inappropriate access to medical record information. • Audits may be conducted on all records for patients who are hospital employees, medical staff, admitted under an alias or recognized as high profile. • Random samples of records may be audited on a regular basis. • This procedure is outlined in hospital policy and is overseen by the Privacy Officer.
  26. 26. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Information Released to Family/Friends and/or the Press If the patient elects to be listed in a facility patient directory, the information in the directory may be released to family, friends, or the press. Other information must come from the patient or another clearly identified person based on the specific situation and the facility policy.
  27. 27. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of When NO Information is Released In general, any patient receiving care for substance abuse, psychiatric disorder, HIV, pregnancy, sexual abuse, or rape is treated with an even greater level of confidentiality. Confirmation of the patient’s treatment is generally prohibited. This means that if a call is received asking about a particular patient, no comment should be made as to whether the patient is even seeking treatment or being treated. Check with the facility’s HIPAA policy for exact terminology. Additionally, a patient may request to NOT be in the patient directory and the same standard would be in place. This is a critical feature and each facility will have very specific standards for you to follow (http://www.hipaa.org, 2003).
  28. 28. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Who Must Comply with HIPAA? HIPAA’s privacy and security provisions apply to all members of the workforce of a health care facility. This means all employees, such as nurses and physicians, and administrative, clerical, food service, or environmental services staff, as well as volunteers or any others under the facility’s direct supervision, must adhere to HIPAA policies.
  29. 29. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Unauthorized Disclosures Ensuring the security of patient information relies on your diligence. Unauthorized disclosures of protected information can occur if: • You fail to ensure information you are sending is going to someone who is authorized to receive that information • You neglect to review a patient’s record to find restriction on the use of their information • You hear discussions occurring in non-secure locations that disclose patient information If you are aware of an incident that may have resulted in an unauthorized disclosure, you should report it immediately. A facility may have a method to report unauthorized disclosures in a confidential manner.
  30. 30. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Incidental Exposure Incidental exposure can happen even when everything possible has been done to avoid it. It is a disclosure that cannot be reasonably prevented, is limited in nature, and occurs as a by-product of otherwise permitted use or disclosure. An example of incidental exposure: a patient walking down the hall accidentally hears part of a conversation that takes place while a therapist speaks to a physician.
  31. 31. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Patient Rights Patients have rights protected under HIPAA legislation which include the: • right of access to copies of their medical record • right to request the “Amendment of the Medical Record” • right to request restriction of uses and disclosures • right to request confidential communication
  32. 32. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Required Reporting If you suspect there has been an actual or attempted privacy breach to any form or protected information, whether electronic, paper or recorded, you are required to report it to the Privacy Officer for the involved facility.
  33. 33. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Policy Review It is recommended all CMS Associates review the following policies at the facilities you frequently work: confidentiality disclosure privacy patient rights chart audits patient’s access to their PHI
  34. 34. This material is the private property of Chesapeake Medical Staffing. Any duplication or use by anyone other than an employee of Conclusion As of 2003, HIPAA is a mandated law. All health care facilities and providers are obligated to comply. All CMS associates need to be knowledgeable of the contents and ramifications of this law. Although you may see variations in policies from facility to facility, you will recognize that the overall intent is to improve the protection of patient confidentiality in a healthcare environment that includes a great deal of technological advances. Please call the office to speak with the CMS compliance officer if you have any additional questions. Every hospital has a privacy officer dedicated to maintaining compliance of HIPAA.

×