• Federal law passed by Congress in 1996• Regulations promulgated by the Dept of Health and Human Services• Guidelines implemented in April, 2003
HIPAA regulations were designed to:1) protect individuals’ rights to privacy and confidentiality2) assure the security of electronic transfer of personal information
Health information is used by multiple agents in thecourse of a single episode with a health problem.Below are some of the agencies and individuals whomay handle health information. This is not allinclusive:• Admitting clerks • Transport techs• Caregivers from the • Respiratory therapists ED to the morgue • Billing clerks• Physical therapists • Insurance agents/clerks• Nutritionists • School teachers/nurses• Lab personnel • Home health personnel• Receptionists in • Medical records clerks MD offices • Website managers
Objectives After completing this program you will be able to: Discuss the general concepts of HIPAA guidelines Adapt HIPAA guidelines for the various settings in which you might practice Discuss the seven patient/client rights regarding his/her health information Differentiate individuals who have a ‘need to know’ from those who don’t. This determines those with whom you can discuss protected health information Discuss application of HIPAA to the student role List legal and professionalconsequences of violating HIPAA rules
Why HIPAA?? Genetic advancements - as more is known about our genetic predisposition to diseases, HIPAA will ensure that, for example, an individual is not denied insurance because the company knows that she may eventually develop MS. Marketing - as information is more easily captured concerning, for example, the prescriptions we purchase, HIPAA is designed to prevent marketing of unsolicited products or services based on harvested marketing data. Technology - as information is quickly and sometimes loosely moved around networks, HIPAA standards will hold violators accountable for accidental or intentional ‘interception’ of protected health information (PHI).
What Objectives do the Privacy RegulationsAccomplish for Patients? Give patients more control over their health information. Set boundaries on the use and disclosure of health records. Establish appropriate safeguards for all people who participate in or are associated with the provision of healthcare to ensure that they honor patients’ rights to privacy of their PHI. Hold violators accountable through civil and criminal penalties. Strike a balance when public responsibility requires disclosure of some forms of data--for example, to protect public health.
What are the Seven Patient Rights RegardingPrivacy of PHI (Protected Health Information) Individuals have the right to: 1. Receive notice of an agency’s privacy practices. 2. Know that an agency will use its PHI ONLY for treatment, payment, operations (TPO), certain other permitted uses and uses as required by law 3. Consent to and control the use and disclosure of their PHI.
Seven Rights…continued4. Access their protected health information (PHI), except for psychotherapy notes (they might be charged for copies)5. Request amendment or addendum to their PHI (not always granted)6. Receive accountings of disclosures7. File privacy complaints to agency officer
HIPAA Restricts Sharing PHI Personal information cannot be released to individuals or companies interested in marketing ventures, without the patient’s written permission. For example: Names of patients with diabetes cannot be released to a company marketing nutritional products to lower blood glucose. Names and addresses of infants or their parents cannot be released to formula manufacturers. Contact information of previous patients cannot be used to raise money for any hospital campaign.
Who has Access to PHI?The ‘Need-to-Know’ PrinciplePHI should be shared with as few individuals as needed to ensure patient care and then only to the extent demanded by the individual’s role.For example, the nursing assistant ‘needs to know’ only the facts concerning the patient’s current admission.As a nurse or other professional, you will discuss PHI only as it applies to your practice or your patient’s care.
Protecting your patient’s PHI Take all reasonable steps to make sure that individuals without the ‘need to know’ do not overhear conversations about PHI. DO NOT conduct discussion about PHI in public areas to include but not limited to elevators or cafeterias. Do not let others see your computer screen while you are working. Be sure to log out when done with any computer file.
Protecting your patient’s PHIWhen preparing care plans or other ancillary materials: • identify the patient/client by initials only • use other demographic data only to the extent necessary to identify the patient and his/her needs. • protect the computer screen, PDA, clip board, or notes from other individuals who don’t have a ‘need to know’ • protect your printer output from others who don’t have a ‘need to know’ • protect your floppy/zip/CD-ROM/PDA from loss • consider using Webspace to save your documents
Consequences of HIPAA ViolationsIn addition to federal laws, failure to comply with HIPAA also violates Nursing’s Code of Ethics Board of License Medical Boards
Potential Consequences ofHIPAA ViolationsLegal consequences Criminal penalties up to imprisonment Civil penalties to include fines (up toProfessional consequences: Disciplinary action by the Board of Nurses Disciplinary action by employer Termination of employment Public Embarassment
HIPAA Supplemental Training for Health Care Settings Today’s Date: Your Name PrintedI have completed this HIPAA training program. I understand the basic provisionsof the law and agree to do my part to ensure the patients’ rights of privacy andconfidentiality. Furthermore, I understand the consequences of failing to do so. Your Signature
HIPPA (1996) The Health Insurance Portability andAccountability Act of 1996 (HIPAA) Privacy andsecurity rules retrieved on April 28, 2011 fromhttp://www.hhs.gov/ocr/privacy/