THE PRIVACY ACT The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
WHO IS RESPONSIBLE FORPATIENT PRIVACY HEALTHCARE PROVIDERS Physicians Nurses Hospitals Clinics IINSURANCE COMPANIES HMOs Company Health Plans Government Programs
WHO IS RESPONSIBLE FORPATIENT PRIVACY HEALTH INFORMATION DEPARTMENT Claims Department Benefits and Eligibility Department Referral Department Healthcare and Premium Payments Department We are all responsible as a team for our patients’ privacy!
WHAT ARE WE RESPONSIBLE FOR? (1) access control, to minimize the inappropriate retrieval of critical, electronically stored information (2) encryption of private health data, to prevent intruders from locating transmissions across cyberspace, and to make recoding the transmission more difficult (3) integrity control, to protect the validity and reliability of HCIT-accessible data (4) authentication, to help the organization identify who is authorized and therefore allowed to access specific documents and records
WHAT ARE WE RESPONSIBLE FOR? (5) audit control, to allow for meaningful tracing of inappropriate information access and retrieval (6) alarms, to provide warnings and alerts about attempted or intended intrusions into stored private data (7) event reporting, to ensure that any breach of HIPAA standards and regulations is swiftly reported and the resulting damages controlled quickly and effectively
PENALTIESHIPAA Violation Minimum Penalty Maximum PenaltyIndividual did not know $100 per violation, with an $50,000 per violation,(and by exercising annual maximum of with an annual maximumreasonable diligence $25,000 for repeat of $1.5 millionwould not have known) violations (Note:that he/she violated maximum that can beHIPAA imposed by State Attorneys General regardless of the type of violation)
PENALTIESHIPAA violation due to $1,000 per violation, with $50,000 per violation,reasonable cause and not an annual maximum of with an annual maximumdue to willful neglect $100,000 for repeat of $1.5 million violations
PENALTIESHIPAA violation due to $10,000 per violation, with $50,000 per violation,willful neglect but an annual maximum of with an annual maximumviolation is corrected $250,000 for repeat of $1.5 millionwithin the required time violationsperiod
PENALTIESHIPAA violation is due to $50,000 per violation, $50,000 per violation,willful neglect and is not with an annual maximum with an annual maximumcorrected of $1.5 million of $1.5 million
THE GOALIT IS OUR JOB AS A TEAM TO PROTECT OUR PATIENTS’ RIGHTS AND PRIVACY
REFERENCES HIPAA Violations and Enforcement [Report]. (2012). American Medical Association. Retrieved from http://www.ama-assn.org/ama/pub/physician- resources/solutions-managing-your-practice/coding- billing-insurance/hipaahealth-insurance-portability- accountability-act/hipaa-violations-enforcement.page Understanding Health Information Privacy. (2012). Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/ind ex.html Wolper, L. F. (2011). Health Care Administration: Managing Organized Delivery Systems ( 5th Edition). Boston: Jones and Bartlett Publishing Retrieved from VitalSource