Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. HIPAA
  2. 2. Who does it Cover?o Healthcare providerso Health planso Healthcare clearinghouseso Business associates who have access to patient records
  3. 3. What does HIPAA do?o Imposes new restrictions on the use and disclosure of Protected Health Information (PHI)o Gives patients greater access to their medical recordso Gives patients greater protection of their medical records
  4. 4. What is Protected Health Information (PHI)?o Any information about a patient’s physical or mental health, services rendered or payment for those services.o Includes verbal, recorded, written, or electronic information
  5. 5. Use and Disclosureo You are permitted to use and disclose PHI without written authorization: • For treatment, payment, and health operations • With verbal authorization or agreement from the individual patient • For disclosure to the specific individual patient • For incidental uses such as physicians talking to patients in a semi-private room
  6. 6. Use and Disclosureo You are required to release PHI for use and disclosure without authorization: • When requested or authorized by the patient (some exceptions apply) • When required by the Department of Health and Human services (HHS) for compliance or investigation • When the facility is required by law
  7. 7. Authorizationo Written authorization is required: • For any purposes other than treatment, payment, or healthcare operations • For use and disclosure of psychotherapy notes • For research purposes • For marketing activities
  8. 8. Authorizationo Written authorization is not required: • To maintain WCMC’s patient directory • To inform family members or other identified persons involved in the patient’s care or notify them on patient location, condition, or death • To inform appropriate agencies during disaster relief efforts • Public health activities related to disease prevention or control
  9. 9. Authorization: Continued...• To report victims of abuse, neglect, or domestic violence• Health oversight activities such as audits, legal investigations, licensure or for certain law enforcement purposes or government functions• For coroners, medical examiners, funeral directors or tissue/organ donations• To avert a serious threat to health and safety
  10. 10. Clergyo Those who have been designated as “clergy” by their church will be able to view a list of patients in the hospital who have agreed to be included in the directory and who have indicated their religious affiliation to be that of the clergy member reviewing the listo For example: the Baptist clergy member can only look at the Baptist list of patients
  11. 11. Minimum Necessary Standardo The use and/or disclosure of PHI is limited to the minimum amount of health information necessary to get the job done right. • WCMC has policies and practices that ensure the least amount of PHI is shared • Employees must be identified who regularly access PHI along with the types of PHI needed and the conditions of access
  12. 12. Notice of Privacy Practiceso The patient has the right to have adequate notice concerning the use and disclosure of their PHIo This includes: • The patient’s rights and WCMC’s legal duties • Being available in print • Being displayed at the site of service
  13. 13. The Patient’s Privacy Rightso The Patient has the right to : • Request restricted uses and disclosures, although the covered entity is not required to agree • Have PHI communicated to them by alternate means and at alternate locations to protect confidentiality
  14. 14. The Patient’s Privacy Rightso The Patient has the right to : • Inspect and amend PHI, and obtain copies, (with some exceptions) • Receive the Notice of Privacy Practices at the time of the first delivery of service • Request a history of disclosures for six years prior to the request, except for disclosures made for treatment, payment, healthcare operations or with prior authorization
  15. 15. The Patient’s Privacy Rights : Continued...• Contact WCMC Privacy Officer regarding any privacy concern or breach of privacy within the facility or contact HHS with the information• Parents have the right to access and control the PHI of their minor children, except when state law overrides parental control
  16. 16. Non-Complianceo If you violate the HIPAA Privacy Rule you could face: • A civil penalty of up to $50,000 per offense, up to a maximum of $1.5 Million per year depending on the type of violation • A criminal penalty for knowingly disclosing PHI that may escalate to a maximum of $250,000 for conspicuously bad offenses and could include up to a 10 year prison term
  17. 17. What can you do?o Make sure you fully understand WCMC’s privacy practiceso Only use and disclose PHI when you need to do so to perform your jobo Only use and disclose the minimum amount of PHI needed to accomplish your jobo Make sure you handout the WCMC Notice of Privacy Practices to every patient
  18. 18. What can you do?o Ask patients before talking to family members about their conditiono Speak softly when discussing PHI in open areaso Avoid discussing patient issues in the cafeteria, on elevators, etc.o Do not leave PHI laying out in open view - such as lab work, progress notes, or any patient recordo Shred any extra copies of PHI not neededo Medical records should not be taken off campus
  19. 19. What can you do?o Don’t leave messages concerning a patient’s condition or test results on any answering machineo When releasing patient information over the phone, verify the identity of the callero Don’t share your password with anyoneo Log off your computer when you will be away from your work areao Report privacy violations to our Compliance Officer, Debbie Hare,380-1062