Chapter07

1,039 views

Published on

for study

Published in: Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,039
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Chapter07

  1. 1. Chapter 7-Privacy Laws and HIPAA McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  2. 2. <ul><li>Learning Outcomes </li></ul><ul><ul><li>Discuss federal privacy laws that pertain to health care. </li></ul></ul><ul><ul><li>Discuss four standards of HIPAA. </li></ul></ul><ul><ul><li>Summarize the provisions of the Privacy Rule and how they apply to your profession. </li></ul></ul><ul><ul><li>Recognize and dispel some of the more prevalent myths concerning HIPAA. </li></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  3. 3. <ul><li>Privacy Laws are based on amendments to the U.S. Constitution: </li></ul><ul><ul><li>First Amendment </li></ul></ul><ul><ul><ul><li>Freedom of Speech. </li></ul></ul></ul><ul><ul><li>Third Amendment </li></ul></ul><ul><ul><ul><li>No soldier quartered in private citizen’s home without permission. </li></ul></ul></ul><ul><ul><li>Fourth Amendment </li></ul></ul><ul><ul><ul><li>Unreasonable search and seizure prohibited. </li></ul></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  4. 4. <ul><ul><li>Fifth Amendment </li></ul></ul><ul><ul><ul><li>Cannot testify against yourself. </li></ul></ul></ul><ul><ul><li>Ninth Amendment </li></ul></ul><ul><ul><ul><li>Constitutional rights shall not be used to deny other rights retained by the people. </li></ul></ul></ul><ul><ul><li>Fourteenth Amendment </li></ul></ul><ul><ul><ul><li>Equal protection under the law. </li></ul></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  5. 5. <ul><li>Common points in all federal privacy laws are: </li></ul><ul><ul><li>Information collected and stored about individuals shall be limited to what is necessary. </li></ul></ul><ul><ul><li>Access to personal information should be limited to those employees who need to know. </li></ul></ul><ul><ul><li>Personal information may not be released outside the organization without authorization. </li></ul></ul><ul><ul><li>When information is being collected about a person, that person should know and have opportunity to check. </li></ul></ul><ul><ul><li>See Table 7-1 for a list of major federal privacy law. </li></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  6. 6. <ul><li>Health care billing has become more complex. </li></ul><ul><li>Managed care added layer of administrative duties. </li></ul><ul><li>Rising cost of medical malpractice and the cost of doing business. </li></ul><ul><li>Rising cost of health care and health insurance. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  7. 7. <ul><li>Covered entities </li></ul><ul><li>Covered transactions </li></ul><ul><li>Designated record set </li></ul><ul><li>Notice of Privacy Practices (NPP) </li></ul><ul><li>Protected Health Information (PHI) </li></ul><ul><li>State preemption </li></ul><ul><li>Treatment, payment, and health care operations (TPO) </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  8. 8. <ul><li>People, businesses or agencies that must comply with HIPAA Standards and Privacy Rule: </li></ul><ul><ul><li>Hospitals Nursing homes </li></ul></ul><ul><ul><li>Hospices Pharmacies </li></ul></ul><ul><ul><li>Physician practices Dental practices </li></ul></ul><ul><ul><li>Other providers of care Health plans (payers) </li></ul></ul><ul><ul><li>Health care clearing houses </li></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  9. 9. <ul><li>A transaction is an electronic exchange of information between two covered entities. </li></ul><ul><li>Includes claims, patient identifiable information, referrals, authorizations. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  10. 10. <ul><li>Records maintained by or for a covered entity including: </li></ul><ul><ul><li>Medical records. </li></ul></ul><ul><ul><li>Billing records. </li></ul></ul><ul><ul><li>Health plans enrollment, payment, claims adjudication, case management records. </li></ul></ul><ul><ul><li>Any record used by a covered entity to make decisions about an individual. </li></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  11. 11. <ul><li>Every health care provider must provide each patient with a written notice of the provider’s privacy policies. </li></ul><ul><li>The patient is asked to sign an acknowledgment form. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  12. 12. <ul><li>Any information that contains one or more patient identifiers that could be used to identify an individual. </li></ul><ul><li>PHI must be protected whether written, spoken or electronically transmitted. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  13. 13. <ul><li>If a state’s privacy laws are stricter than HIPAA, state law takes precedence. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  14. 14. <ul><li>TPO allows providers to provide treatment, disclose PHI for payment, and conduct the necessary business operations within and among other covered entities. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  15. 15. <ul><li>Business associates of covered entities must have contracts/agreements with covered entities guaranteeing that PHI will be safeguarded. </li></ul><ul><li>Business associates include accountants, legal consultants, transcription services, and other similar type services provided to covered entities. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  16. 16. <ul><li>There are four HIPAA standards. A standard is a general requirement. </li></ul><ul><ul><li>Standard 1—Transactions and Code Sets </li></ul></ul><ul><ul><li>Standard 2—Privacy Rule </li></ul></ul><ul><ul><li>Standard 3—Security Rule </li></ul></ul><ul><ul><li>Standard 4—National Identifier Standards </li></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  17. 17. <ul><li>Transaction Requirements </li></ul><ul><ul><li>Established standards for Electronic Data Interchange (EDI) for transmittal of information. </li></ul></ul><ul><ul><li>Must be used by all covered entities. </li></ul></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  18. 18. <ul><li>Code Sets </li></ul><ul><ul><li>Local code sets eliminated. </li></ul></ul><ul><ul><li>Four categories of codes: </li></ul></ul><ul><ul><ul><li>Coding systems for diseases (ICD-9) </li></ul></ul></ul><ul><ul><ul><li>Coding systems for causes of injury, diseases (ICD-9) </li></ul></ul></ul><ul><ul><ul><li>Actions taken to prevent, diagnose, treat or manage diseases (CPT-4) </li></ul></ul></ul><ul><ul><ul><li>Substances, equipment, supplies (HCPCS) </li></ul></ul></ul>McGraw-Hill © 2100 by The McGraw-Hill Companies, Inc. All rights reserved
  19. 19. <ul><li>Patient Health Information (PHI) may be disclosed with permission. </li></ul><ul><li>The permission is a reason for each use and disclosure. </li></ul><ul><li>There are eleven HIPAA defined permissions. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  20. 20. <ul><li>Disclosure to HHS representative (required) </li></ul><ul><li>Disclosure to patient (required) </li></ul><ul><li>Disclosure for treatment, payment or health care operations (TPO) </li></ul><ul><li>Others’ treatment </li></ul><ul><li>Personal representative </li></ul><ul><li>Disaster Relief Organizations </li></ul><ul><li>Incidental disclosures </li></ul><ul><li>Public purposes </li></ul><ul><li>Authorization from patient </li></ul><ul><li>De-identified information </li></ul><ul><li>Limited data set </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  21. 21. <ul><li>Verification of identification of requestor. </li></ul><ul><li>Only the minimum necessary data should be disclosed. </li></ul><ul><li>Patient lists may not be provided to pharmaceutical & survey companies that are marketing services. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  22. 22. <ul><li>Psychotherapy notes must have specific written approval from patient. Check for specific exceptions to this requirement. </li></ul><ul><li>Covered entities must have Policies and Procedures consistent with Notice of Privacy Practices (NPP). </li></ul><ul><li>If state law conflicts with HIPAA, you must follow the law that offers most protection. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  23. 23. <ul><li>Patient has right to access and right to copy records. </li></ul><ul><li>Patient has right to request amendments to his/her PHI. Unless provider has grounds to deny, amendments must be made. </li></ul><ul><li>Patient has right to request for an accounting of disclosures of PHI. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  24. 24. <ul><li>Patient has right to be contacted at places other than work or home. </li></ul><ul><li>Patient has right to request further restriction on who has access. Covered entity may deny request for valid reasons. </li></ul><ul><li>Patient has right to file a complaint. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  25. 25. <ul><li>Covered entities and business associates must have security plan in place. </li></ul><ul><li>Appropriate measures such as a security officer, passwords, firewalls, encryption, and anti-virus software necessary. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  26. 26. <ul><li>Standard is meant to provide a unique number for each provider of care. </li></ul><ul><li>Implementation completed in May 2008. </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved
  27. 27. <ul><li>In some physician offices, the privacy/security officer is a member of the staff and has other duties. This person is sometimes referred to as the “HIPAA Police.” You personally observe the security officer violate basic HIPAA Standards—especially Standard 2. What are you going to do? </li></ul>McGraw-Hill © 2010 by The McGraw-Hill Companies, Inc. All rights reserved

×