SlideShare a Scribd company logo

Patient Privacy Provisions of the HITECH Act Implications for Patients and Small Healthcare Providers

Download as PPTX, PDF
Xiaoming Zeng
Xiaoming Zeng

Fred L. Ingle

1 of 14
Patient Privacy Provisions of the Health Information Technology for Economic and Clinical Health Act Implications for Patients and Small Healthcare Providers Fred L. Ingle HIMA 5060
Topics • Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) • Confidentially and privacy provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH) • Implications for Patients • Implications for small healthcare providers • Recommendations
Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) Predecessor to HITECH • Covered entities (CEs) - health plans, health care providers, and healthcare clearing houses • The act protects PHI in any form including oral, paper, and electronic media
When can PHI be used under HIPAA? • Information can be used without permission from the subject individual for: – Personal use by the subject individual or his/her designee – Treatment, payment, or healthcare operations – Public health and benefit activities – Research and public health (limited data set stripped of individualized information) • Only the minimum information necessary under the above provisions • PHI used for any other reason requires written authorization from the patient
Responsibility of the CE • Must provide the patient with the CEs privacy policy that is in accord with the Privacy Rule of 2002 • Privacy Policy must contain information about where to report concerns both to the CE and to U.S. Department of Health and Human Services
HIPAA Penalties • Both civil and criminal • Civil penalties – $100 per infraction – $25,000 for multiple infraction that do not include willful intent • Criminal Penalties – $50,000 and up to one year in prison for willful intent – $100,000 and up to five years in prison for false pretenses – $250,000 and up to ten years in prison for the sell, transfer, commercial use, or malicious harm
Confidentiality and privacy provisions of the Health Information Technology for Economic and Clinical Health Act • Definition of CEs expanded under HITECH to include business associates (BAs) of CEs • Under HIPAA termination of relationships with BAs was the only penalty for violating BAs • Under HITECH BAs are subject to the same penalties as CEs • Individuals can receive a copy of their PHI, receive information about who has accessed their PHI (3 year audit trail), and can request restrictions on PHI for any reason
HITECH and PHI Breaches • CEs and BAs are required to notify each individual affected • Methods of notification include mail, e- mail, telephone • If breach affects 500 or more individuals, a prominent media outlet must be used • Notification must occur within 60 days after initial discovery • HIPAA did not require individual notification
New Penalties Under HITECH • Under HIPAA there was no civil penalties for breaches that were not due to willful neglect if the violation was corrected within 30 days of discovery • Under HITECH any “unknowing wrongful disclosure” is subject to penalties that range from $100 to $25,000 • HITECH increases violations not due to willful neglect to $1000 to $100,000 • Penalties for repeated or uncorrected violations can extend to $1.5 million
Is HIPAA and HITECH working? • Under HIPAA in 2008, 9200 cases were resolved by the Office for Civil Rights (OCR) • Since HITECH started in 2009 through the end of 2011, over 19 million patient records were involved in breaches • Why? Lax enforcement due to lack of funds to prosecute • Audits required under the laws are moving at a snail’s pace • Failure of healthcare providers to perform risk analysis as required by the law
Recommendations • Education of patients on the provision of the law pertaining to PHI should be increased. There is a plethora of information on the Office of Civil Rights website that is useful in assisting patients in understanding their privacy rights. However, this information is not readily available at the point-of-care. Materials should be offered to patients at each encounter. • The “minimum necessary” stipulation of shared PHI for research needs to be replaced with exact language from HHS. • There should be some standards for not only certifying EHRs for privacy technology standards, but also required standards for the training and certification of administrators and others who interface with EHRs. • Audits by the Office of Civil Rights should be increased with appropriate funding. These audits should have an educational rather than a punitive focus intitially. • Providers should be conduct assessments to determine their capability of being compliant before an audit. Small providers that do not have the trained personnel available should consider out-sourcing the position of privacy and security officer to a well-qualified and certified entity.
The Hippocratic Bargain • The Hippocratic Oath established the tenets of privacy and confidentiality as fundamental aspects of aspects of medical care in ancient Greece 2400 years ago. • What once was a two-party, physician patient relationship has completely changed • The original Hippocratic bargain has evolved into the patient’s information being shared with numerous and unknown healthcare individuals and others for a variety of reasons.
The New Hippocratic Bargain • Patient’s are apprised of who sees what and why • Access is based on “tiers” of minimum amount of information needed to treat • Providers diligently work to exchange sufficient information for treatment without overstepping privacy and confidentiality boundaries • Patients are active participants in this process
Sources • References • Anderson, H. (2010a). HIPPA audits inch closer to reality [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2359 • Anderson, H. (2010b). HIPPA privacy, security updates coming [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2468 • Blumenthal, D. (2009). Health IT adoption and the new challenges faced by solo and small group healthcare practices [Congressional Testimony]. In HHS.gov. Retrieved from http://www.hhs.gov/asl/testify/2009/06/t20090624a.html • Brown, B. (2009). Privacy provisions of the American Recovery and Reinvestment Act. Journal of Health Care Compliance, 11(3), 37-73. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=6acbfad3-0a7a-46f6-a1a6-6a53f3b62a0d%40sessionmgr114&vid=4&hid=124 • EMRapproved.com. (2012). Meaningful Use Stage 2 Final Rules. Retrieved from http://www.emrapproved.com/meaningful-use-stage-2.php • Greene, A. H. (2011). HHS Steps up HIPAA Audits... ...Now is the time to review security policies and procedures. Journal of AHIMA, 82(10), 58-59. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/890174092/13AC1C8147A275241B1/22?accountid=10639 • Heindel, C. & Boateng, C. (2012). Your organization could be next: How to prepare for an OCR audit. Journal of Health Care Compliance, 14(4), 47-76. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=4d0d3484-e684-48f2-98b9-5db58e9ebff7%40sessionmgr115&vid=4&hid=115 • Hewlett Packard. (2011). White Paper: Financing your EHR: Options to bridge the ARRA reimbursement gap. Retrieved from http://www.hp.com/sbso/solutions/healthcare/financing- your-ehr-implementation.pdf • Kohn, D. (2009). Impact on the enterprise content management industry: The 2009 ARRA & HITECH Acts. Infonomics, 23(5), 28-31. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/751997596/13AC1BC61537061FA4C/19?accountid=10639 • Martin, M. (2009). HITECH increases exposure of personal care records [Article]. In Health Care News. Retrieved from http://www.heartland.org/healthpolicynews.org/article/25293/HITECH_Increases_Exposure_of_Personal_Care_Records.html • Miller, J. (2010). Locking down privacy. Managed Healthcare Executive, 20(3), 12-16. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/212588887/13AC1ABC3929A1691B/13?accountid=10639 • Patton , C. (2012). Health Informatics "Hiring Spree": Demand for Health Informatics Workers Grows. Retrieved from http://www.healthinformaticsforum.com/profiles/blogs/health- informatics-jobs-demand • Redspin Inc. (2012). Red spin breach report 2011: protected health information. Retrieved from http://www.redspin.com/docs/Redspin_PHI_2011_Breach_Report.pdf • Silver, J., Levin, T., & Garrison, L. (2003). Staff workshop report: technologies for protecting personal information. Report prepared from the workshop convened by the Federal Trade Commission to examine the current and potential role of technology in protecting consumer information. Retrieved from http://www.ftc.gov/bcp/workshops/technology/finalreport.pdf • The Future of Health Now. The Future of Health Now -. (n.d.). Retrieved from http://www.thefutureofhealthnow.com • United States Department of Health and Human Services, Office Of Civil Rights, . (2012). 2012 HIPAA privacy and security audits report. Retrieved from http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf • United States Department of Health and Human Services, Office of Civil Rights. (2003). Summary of the HIPPA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf • Veazie, J. (2009). Hidden impact of the stimulus package. Health Care Collector, 23(4). Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=7ab09c68-e58a-4a34-b911-12824564f306%40sessionmgr111&vid=4&hid=103

Recommended

HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaadigitalpractice
 

Recommended

HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECHrcabarloc
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaadigitalpractice
 
Hitech Act
Hitech ActHitech Act
Hitech ActISACA New England
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Hitech Act
Hitech ActHitech Act
Hitech ActDeborah Obasogie
 
Hipaa
HipaaHipaa
Hipaabelziebub
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12O2 TESTING SERVICES
 
DVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PADVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PAWilliam Buddy Gillespie ITIL Certified
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA TrainingCynthia Holland
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection ActsJoseph White MPA CPM
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & SecurityNational Pharmacy Technician Association
 
HIPAA
HIPAAHIPAA
HIPAAAlanoud Alqoufi
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
Hipaa ppt june 6 2014
Hipaa ppt june 6 2014Hipaa ppt june 6 2014
Hipaa ppt june 6 2014Lyndon Godsall
 
Hi103 week 5 chpt 13
Hi103 week 5 chpt 13Hi103 week 5 chpt 13
Hi103 week 5 chpt 13BealCollegeOnline
 
Hipaa
HipaaHipaa
Hipaateammayco
 
Hipaa
HipaaHipaa
HipaaJason Wrench
 
HIPAA
HIPAAHIPAA
HIPAAkgriffin62
 
Hipaa privacy rule
Hipaa privacy ruleHipaa privacy rule
Hipaa privacy ruleMsBelleA
 
Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationplunkk
 
Personal Healthcare and Patient Privacy (November 25, 2016)
Personal Healthcare and Patient Privacy (November 25, 2016)Personal Healthcare and Patient Privacy (November 25, 2016)
Personal Healthcare and Patient Privacy (November 25, 2016)Nawanan Theera-Ampornpunt
 

More Related Content

What's hot

Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYmariaradziminski
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Hipaa privacy rule
Hipaa privacy ruleHipaa privacy rule
Hipaa privacy ruleMsBelleA
 

What's hot (20)

Hitech Act
Hitech ActHitech Act
Hitech Act
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGYHIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGY
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Hipaa
HipaaHipaa
Hipaa
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12
 
DVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PADVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PA
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & Security
 
HIPAA
HIPAAHIPAA
HIPAA
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security Presentation
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
Hipaa ppt june 6 2014
Hipaa ppt june 6 2014Hipaa ppt june 6 2014
Hipaa ppt june 6 2014
 
Hi103 week 5 chpt 13
Hi103 week 5 chpt 13Hi103 week 5 chpt 13
Hi103 week 5 chpt 13
 
Hipaa
HipaaHipaa
Hipaa
 
Hipaa
HipaaHipaa
Hipaa
 
HIPAA
HIPAAHIPAA
HIPAA
 
Hipaa privacy rule
Hipaa privacy ruleHipaa privacy rule
Hipaa privacy rule
 

Viewers also liked

Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationplunkk
 
Personal Healthcare and Patient Privacy (November 25, 2016)
Personal Healthcare and Patient Privacy (November 25, 2016)Personal Healthcare and Patient Privacy (November 25, 2016)
Personal Healthcare and Patient Privacy (November 25, 2016)Nawanan Theera-Ampornpunt
 
Confidentiality
Confidentiality Confidentiality
Confidentiality pcsamuels10
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevblk70130
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentialityjohnzinn
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityLLSS64
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentialityswilson0050
 
Confidentiality in Healthcare
Confidentiality in HealthcareConfidentiality in Healthcare
Confidentiality in Healthcarekmasterson
 

Viewers also liked (9)

Protecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentationProtecting patients confidentiality slide presentation
Protecting patients confidentiality slide presentation
 
Personal Healthcare and Patient Privacy (November 25, 2016)
Personal Healthcare and Patient Privacy (November 25, 2016)Personal Healthcare and Patient Privacy (November 25, 2016)
Personal Healthcare and Patient Privacy (November 25, 2016)
 
Confidentiality
Confidentiality Confidentiality
Confidentiality
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bev
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentiality
 
Confidentiality in Healthcare
Confidentiality in HealthcareConfidentiality in Healthcare
Confidentiality in Healthcare
 

Similar to Patient Privacy Provisions of the HITECH Act Implications for Patients and Small Healthcare Providers

health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
Privacy, Confidentiality, and Security Lecture 2_slides
Privacy, Confidentiality, and Security Lecture 2_slidesPrivacy, Confidentiality, and Security Lecture 2_slides
Privacy, Confidentiality, and Security Lecture 2_slidesZakCooper1
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersJason Karn
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYPROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYDenise Masella
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersLawgical
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptxQmcleod
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptxQmcleod
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law TestSachiko Hurst
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Arpitha Aarushi
 

Similar to Patient Privacy Provisions of the HITECH Act Implications for Patients and Small Healthcare Providers (20)

health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
Privacy, Confidentiality, and Security Lecture 2_slides
Privacy, Confidentiality, and Security Lecture 2_slidesPrivacy, Confidentiality, and Security Lecture 2_slides
Privacy, Confidentiality, and Security Lecture 2_slides
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for Researchers
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAA
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion
 
Phi masella
Phi masellaPhi masella
Phi masella
 
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYPROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process Servers
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)
 
Dustin HIPAA
Dustin HIPAADustin HIPAA
Dustin HIPAA
 

More from Xiaoming Zeng

Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...
Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...
Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...Xiaoming Zeng
 
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Xiaoming Zeng
 
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...Xiaoming Zeng
 
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...Xiaoming Zeng
 
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...Xiaoming Zeng
 
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...Xiaoming Zeng
 
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...Xiaoming Zeng
 
Health 2.0 or Medicine 2.0 Applications in Health Care
Health 2.0 or Medicine 2.0 Applications in Health CareHealth 2.0 or Medicine 2.0 Applications in Health Care
Health 2.0 or Medicine 2.0 Applications in Health CareXiaoming Zeng
 
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...Xiaoming Zeng
 
HIV/Aids Surveillance Systems: Are They Implemented Effectively?
HIV/Aids Surveillance Systems: Are They Implemented Effectively? HIV/Aids Surveillance Systems: Are They Implemented Effectively?
HIV/Aids Surveillance Systems: Are They Implemented Effectively? Xiaoming Zeng
 
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...Xiaoming Zeng
 

More from Xiaoming Zeng (11)

Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...
Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...
Submit20your20 powerpoint20file20here lavelyd12_attempt_2012-12-05-16-59-51_l...
 
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
Submit20your20 powerpoint20file20here joynerr12_attempt_2012-12-06-02-08-37_j...
 
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...
Submit20your20 powerpoint20file20here cromarties11_attempt_2012-12-05-21-50-1...
 
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...
Submit20your20 powerpoint20file20here cavinessj07_attempt_2012-12-05-19-54-05...
 
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...
Submit20your20 powerpoint20file20here burchamg07_attempt_2012-12-05-21-16-03_...
 
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...
Submit20your20 powerpoint20file20here bernardp11_attempt_2012-12-05-21-24-27_...
 
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...
Submit20your20 powerpoint20file20here barota10_attempt_2012-12-04-22-03-37_pa...
 
Health 2.0 or Medicine 2.0 Applications in Health Care
Health 2.0 or Medicine 2.0 Applications in Health CareHealth 2.0 or Medicine 2.0 Applications in Health Care
Health 2.0 or Medicine 2.0 Applications in Health Care
 
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...
Clinical Decision Support Systems and their Impact on Cardiovascular Disease ...
 
HIV/Aids Surveillance Systems: Are They Implemented Effectively?
HIV/Aids Surveillance Systems: Are They Implemented Effectively? HIV/Aids Surveillance Systems: Are They Implemented Effectively?
HIV/Aids Surveillance Systems: Are They Implemented Effectively?
 
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...
Care at a Crossroads: The Intersection of Patient-Centered Records and Electr...
 

Patient Privacy Provisions of the HITECH Act Implications for Patients and Small Healthcare Providers

  • 1. Patient Privacy Provisions of the Health Information Technology for Economic and Clinical Health Act Implications for Patients and Small Healthcare Providers Fred L. Ingle HIMA 5060
  • 2. Topics • Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) • Confidentially and privacy provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH) • Implications for Patients • Implications for small healthcare providers • Recommendations
  • 3. Confidentiality and privacy provisions of the Health Insurance Portability Act of 1996 (HIPAA) Predecessor to HITECH • Covered entities (CEs) - health plans, health care providers, and healthcare clearing houses • The act protects PHI in any form including oral, paper, and electronic media
  • 4. When can PHI be used under HIPAA? • Information can be used without permission from the subject individual for: – Personal use by the subject individual or his/her designee – Treatment, payment, or healthcare operations – Public health and benefit activities – Research and public health (limited data set stripped of individualized information) • Only the minimum information necessary under the above provisions • PHI used for any other reason requires written authorization from the patient
  • 5. Responsibility of the CE • Must provide the patient with the CEs privacy policy that is in accord with the Privacy Rule of 2002 • Privacy Policy must contain information about where to report concerns both to the CE and to U.S. Department of Health and Human Services
  • 6. HIPAA Penalties • Both civil and criminal • Civil penalties – $100 per infraction – $25,000 for multiple infraction that do not include willful intent • Criminal Penalties – $50,000 and up to one year in prison for willful intent – $100,000 and up to five years in prison for false pretenses – $250,000 and up to ten years in prison for the sell, transfer, commercial use, or malicious harm
  • 7. Confidentiality and privacy provisions of the Health Information Technology for Economic and Clinical Health Act • Definition of CEs expanded under HITECH to include business associates (BAs) of CEs • Under HIPAA termination of relationships with BAs was the only penalty for violating BAs • Under HITECH BAs are subject to the same penalties as CEs • Individuals can receive a copy of their PHI, receive information about who has accessed their PHI (3 year audit trail), and can request restrictions on PHI for any reason
  • 8. HITECH and PHI Breaches • CEs and BAs are required to notify each individual affected • Methods of notification include mail, e- mail, telephone • If breach affects 500 or more individuals, a prominent media outlet must be used • Notification must occur within 60 days after initial discovery • HIPAA did not require individual notification
  • 9. New Penalties Under HITECH • Under HIPAA there was no civil penalties for breaches that were not due to willful neglect if the violation was corrected within 30 days of discovery • Under HITECH any “unknowing wrongful disclosure” is subject to penalties that range from $100 to $25,000 • HITECH increases violations not due to willful neglect to $1000 to $100,000 • Penalties for repeated or uncorrected violations can extend to $1.5 million
  • 10. Is HIPAA and HITECH working? • Under HIPAA in 2008, 9200 cases were resolved by the Office for Civil Rights (OCR) • Since HITECH started in 2009 through the end of 2011, over 19 million patient records were involved in breaches • Why? Lax enforcement due to lack of funds to prosecute • Audits required under the laws are moving at a snail’s pace • Failure of healthcare providers to perform risk analysis as required by the law
  • 11. Recommendations • Education of patients on the provision of the law pertaining to PHI should be increased. There is a plethora of information on the Office of Civil Rights website that is useful in assisting patients in understanding their privacy rights. However, this information is not readily available at the point-of-care. Materials should be offered to patients at each encounter. • The “minimum necessary” stipulation of shared PHI for research needs to be replaced with exact language from HHS. • There should be some standards for not only certifying EHRs for privacy technology standards, but also required standards for the training and certification of administrators and others who interface with EHRs. • Audits by the Office of Civil Rights should be increased with appropriate funding. These audits should have an educational rather than a punitive focus intitially. • Providers should be conduct assessments to determine their capability of being compliant before an audit. Small providers that do not have the trained personnel available should consider out-sourcing the position of privacy and security officer to a well-qualified and certified entity.
  • 12. The Hippocratic Bargain • The Hippocratic Oath established the tenets of privacy and confidentiality as fundamental aspects of aspects of medical care in ancient Greece 2400 years ago. • What once was a two-party, physician patient relationship has completely changed • The original Hippocratic bargain has evolved into the patient’s information being shared with numerous and unknown healthcare individuals and others for a variety of reasons.
  • 13. The New Hippocratic Bargain • Patient’s are apprised of who sees what and why • Access is based on “tiers” of minimum amount of information needed to treat • Providers diligently work to exchange sufficient information for treatment without overstepping privacy and confidentiality boundaries • Patients are active participants in this process
  • 14. Sources • References • Anderson, H. (2010a). HIPPA audits inch closer to reality [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2359 • Anderson, H. (2010b). HIPPA privacy, security updates coming [Article]. In HealthcareInfoSecurity.com. Retrieved from http://www.healthcareinfosecurity.com/articles.php?art_id=2468 • Blumenthal, D. (2009). Health IT adoption and the new challenges faced by solo and small group healthcare practices [Congressional Testimony]. In HHS.gov. Retrieved from http://www.hhs.gov/asl/testify/2009/06/t20090624a.html • Brown, B. (2009). Privacy provisions of the American Recovery and Reinvestment Act. Journal of Health Care Compliance, 11(3), 37-73. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=6acbfad3-0a7a-46f6-a1a6-6a53f3b62a0d%40sessionmgr114&vid=4&hid=124 • EMRapproved.com. (2012). Meaningful Use Stage 2 Final Rules. Retrieved from http://www.emrapproved.com/meaningful-use-stage-2.php • Greene, A. H. (2011). HHS Steps up HIPAA Audits... ...Now is the time to review security policies and procedures. Journal of AHIMA, 82(10), 58-59. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/890174092/13AC1C8147A275241B1/22?accountid=10639 • Heindel, C. & Boateng, C. (2012). Your organization could be next: How to prepare for an OCR audit. Journal of Health Care Compliance, 14(4), 47-76. Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=4d0d3484-e684-48f2-98b9-5db58e9ebff7%40sessionmgr115&vid=4&hid=115 • Hewlett Packard. (2011). White Paper: Financing your EHR: Options to bridge the ARRA reimbursement gap. Retrieved from http://www.hp.com/sbso/solutions/healthcare/financing- your-ehr-implementation.pdf • Kohn, D. (2009). Impact on the enterprise content management industry: The 2009 ARRA & HITECH Acts. Infonomics, 23(5), 28-31. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/751997596/13AC1BC61537061FA4C/19?accountid=10639 • Martin, M. (2009). HITECH increases exposure of personal care records [Article]. In Health Care News. Retrieved from http://www.heartland.org/healthpolicynews.org/article/25293/HITECH_Increases_Exposure_of_Personal_Care_Records.html • Miller, J. (2010). Locking down privacy. Managed Healthcare Executive, 20(3), 12-16. Retrieved from http://search.proquest.com.jproxy.lib.ecu.edu/docview/212588887/13AC1ABC3929A1691B/13?accountid=10639 • Patton , C. (2012). Health Informatics "Hiring Spree": Demand for Health Informatics Workers Grows. Retrieved from http://www.healthinformaticsforum.com/profiles/blogs/health- informatics-jobs-demand • Redspin Inc. (2012). Red spin breach report 2011: protected health information. Retrieved from http://www.redspin.com/docs/Redspin_PHI_2011_Breach_Report.pdf • Silver, J., Levin, T., & Garrison, L. (2003). Staff workshop report: technologies for protecting personal information. Report prepared from the workshop convened by the Federal Trade Commission to examine the current and potential role of technology in protecting consumer information. Retrieved from http://www.ftc.gov/bcp/workshops/technology/finalreport.pdf • The Future of Health Now. The Future of Health Now -. (n.d.). Retrieved from http://www.thefutureofhealthnow.com • United States Department of Health and Human Services, Office Of Civil Rights, . (2012). 2012 HIPAA privacy and security audits report. Retrieved from http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf • United States Department of Health and Human Services, Office of Civil Rights. (2003). Summary of the HIPPA Privacy Rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf • Veazie, J. (2009). Hidden impact of the stimulus package. Health Care Collector, 23(4). Retrieved from http://ehis.ebscohost.com.jproxy.lib.ecu.edu/ehost/pdfviewer/pdfviewer?sid=7ab09c68-e58a-4a34-b911-12824564f306%40sessionmgr111&vid=4&hid=103