The Health Insurance Portability and Accountability Act HIPAA
HIPAA <ul><li>HIPAA Privacy – Protection for the privacy of Protected Health Information (PHI) effective April 14, 2003 (i...
What is HIPAA? <ul><li>HIPAA is the Health Insurance Portability and Accountability Act of 1996 </li></ul><ul><li>HIPAA is...
What is HIPAA? <ul><li>HIPAA protects the privacy and security of a patient’s health information </li></ul><ul><li>HIPAA p...
Protected Health Information (PHI) <ul><li>PHI is any information about health status, provision of health care, or paymen...
What Patient Information Must We Protect? <ul><li>Protected Health Information (PHI) </li></ul><ul><ul><li>Relates to past...
PHI Examples <ul><li>Name </li></ul><ul><li>Address </li></ul><ul><li>Name of Employer </li></ul><ul><li>Any date (birth, ...
When is it acceptable to use a patient’s PHI? <ul><li>Treatment of the patient, including appointment reminders </li></ul>...
Protect the Privacy  of the Patient’s PHI <ul><li>Look at a patient’s PHI only if you need it to perform your job </li></u...
Sharing PHI <ul><li>Refrain from discussing PHI in public areas unless doing so is necessary to provide treatment  </li></...
Opportunity for Individual to Agree or Object
Notice of Privacy Practices <ul><li>Must give individual opportunity to restrict or prohibit (can be oral) the use or disc...
Health Center  Notice of Privacy Practices <ul><li>You can find the Notice of Privacy Practices on the Health Center web s...
Family, Friends, and Advocates   <ul><li>Must give individual opportunity to agree or object: </li></ul><ul><ul><li>May di...
Public Policy Uses and Disclosures
Public Policy Purposes <ul><li>(a) As required by law  </li></ul><ul><li>(b) For public health </li></ul><ul><li>(c) About...
Public Policy Purposes (2) <ul><li>(g) About decedents (to coroners, medical examiners, funeral directors) </li></ul><ul><...
Investigations &  Compliance Reviews <ul><li>The Office of Civil Rights (OCR) may investigate complaints </li></ul><ul><li...
Filing Complaints <ul><li>Any person or organization may file complaint with OCR by mail or electronically </li></ul><ul><...
Complaint Process <ul><li>Informal review may resolve issue fully without formal investigation </li></ul><ul><ul><li>Many ...
Civil Monetary Penalties (CMPs) <ul><li>CMPs can be imposed by OCR: </li></ul><ul><ul><li>$100 per violation </li></ul></u...
Employee Obligations <ul><li>Do not disclose PHI without patient authorization </li></ul><ul><li>If there is an unauthoriz...
Information <ul><li>Indiana State Department of Health Office of Technology and Compliance :  http://www.in.gov/isdh/23500...
Upcoming SlideShare
Loading in …5
×

HIPAA

1,465 views

Published on

Training

Published in: Health & Medicine, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,465
On SlideShare
0
From Embeds
0
Number of Embeds
67
Actions
Shares
0
Downloads
122
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

HIPAA

  1. 1. The Health Insurance Portability and Accountability Act HIPAA
  2. 2. HIPAA <ul><li>HIPAA Privacy – Protection for the privacy of Protected Health Information (PHI) effective April 14, 2003 (including Standardization of electronic data interchange in health care transactions, effective October 2003) </li></ul>
  3. 3. What is HIPAA? <ul><li>HIPAA is the Health Insurance Portability and Accountability Act of 1996 </li></ul><ul><li>HIPAA is a Federal Law </li></ul><ul><li>HIPAA is a response to Congress, to healthcare reform </li></ul><ul><li>HIPAA affects the health care industry </li></ul><ul><li>HIPAA is mandatory </li></ul>
  4. 4. What is HIPAA? <ul><li>HIPAA protects the privacy and security of a patient’s health information </li></ul><ul><li>HIPAA provides for electronic and physical security of a patient’s health information </li></ul><ul><li>HIPAA prevents health care fraud and abuse </li></ul><ul><li>HIPAA simplifies billing and other transactions, reducing health care administrative costs </li></ul>
  5. 5. Protected Health Information (PHI) <ul><li>PHI is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient’s medical record or payment history. </li></ul><ul><li>PHI may be: </li></ul><ul><li>paper format </li></ul><ul><li>electronic format </li></ul><ul><li>or information transmitted orally </li></ul>
  6. 6. What Patient Information Must We Protect? <ul><li>Protected Health Information (PHI) </li></ul><ul><ul><li>Relates to past, present, or future physical or mental condition of an individual; provision of healthcare to an individual; of for payment of care provided to an individual </li></ul></ul><ul><ul><li>Is transmitted or maintained in any form (electronic, paper, or orally) </li></ul></ul><ul><ul><li>Identifies, or can be used to identify the individual </li></ul></ul>
  7. 7. PHI Examples <ul><li>Name </li></ul><ul><li>Address </li></ul><ul><li>Name of Employer </li></ul><ul><li>Any date (birth, admit date, discharge date) </li></ul><ul><li>Telephone and Fax numbers </li></ul><ul><li>Email address </li></ul><ul><li>Social Security Number </li></ul><ul><li>Medical Records </li></ul>
  8. 8. When is it acceptable to use a patient’s PHI? <ul><li>Treatment of the patient, including appointment reminders </li></ul><ul><li>Payment of health care bills </li></ul><ul><li>Business and management operations </li></ul><ul><li>Disclosures required by law </li></ul><ul><li>Public Health and other governmental reporting </li></ul>
  9. 9. Protect the Privacy of the Patient’s PHI <ul><li>Look at a patient’s PHI only if you need it to perform your job </li></ul><ul><li>Use a patient’s PHI only if you need it to perform your job </li></ul><ul><li>Give a patient’s PHI to others only when it’s necessary for them to perform their jobs </li></ul><ul><li>Talk to others about a patient’s PHI only if it is necessary to perform your job, and do it discreetly </li></ul>
  10. 10. Sharing PHI <ul><li>Refrain from discussing PHI in public areas unless doing so is necessary to provide treatment </li></ul><ul><li>Medical and support staff should take care of sharing PHI with family members, relatives, or personal representatives of patients. Information cannot be disclosed unless the patient has had an opportunity to agree with or object to the disclosure </li></ul><ul><li>Personal representatives are those individuals who are able to make healthcare decisions on behalf or the patient </li></ul>
  11. 11. Opportunity for Individual to Agree or Object
  12. 12. Notice of Privacy Practices <ul><li>Must give individual opportunity to restrict or prohibit (can be oral) the use or disclosure of name, location, general condition, and religious affiliation for: </li></ul><ul><ul><li>Disclosure to persons who request the individual by name (except religion) </li></ul></ul><ul><ul><li>Disclosure to clergy </li></ul></ul><ul><li>Emergency exception </li></ul>
  13. 13. Health Center Notice of Privacy Practices <ul><li>You can find the Notice of Privacy Practices on the Health Center web site under “Services” </li></ul>Services Staff Wellness Flu Virus Information
  14. 14. Family, Friends, and Advocates <ul><li>Must give individual opportunity to agree or object: </li></ul><ul><ul><li>May disclose PHI relevant to person’s involvement in care or payment to family, friends, or others identified by individual </li></ul></ul><ul><ul><li>May notify of individual’s location, condition, or death to family, personal representatives, or another responsible for care </li></ul></ul><ul><li>When individual is not present or incapacitated: </li></ul><ul><li>Above uses and disclosures are permissible using professional judgment to determine if in best interest of individual </li></ul>
  15. 15. Public Policy Uses and Disclosures
  16. 16. Public Policy Purposes <ul><li>(a) As required by law </li></ul><ul><li>(b) For public health </li></ul><ul><li>(c) About victims of abuse, neglect or domestic violence </li></ul><ul><li>(d) For health oversight activities </li></ul><ul><li>(e) For judicial & administrative proceedings </li></ul><ul><li>(f) For law enforcement purposes </li></ul>
  17. 17. Public Policy Purposes (2) <ul><li>(g) About decedents (to coroners, medical examiners, funeral directors) </li></ul><ul><li>(h) For cadaver organ, eye or tissue donations </li></ul><ul><li>(i) For research purposes </li></ul><ul><li>(j) To avert a serious threat to health or safety </li></ul><ul><li>(k) For specialized government functions (military, veterans, national security, protective services, State Dept., correctional </li></ul><ul><li>(l) For workers’ compensation </li></ul>
  18. 18. Investigations & Compliance Reviews <ul><li>The Office of Civil Rights (OCR) may investigate complaints </li></ul><ul><li>OCR may conduct compliance reviews to determine whether Covered Entities are in compliance </li></ul>
  19. 19. Filing Complaints <ul><li>Any person or organization may file complaint with OCR by mail or electronically </li></ul><ul><ul><li>Only for possible violations occurring after compliance date </li></ul></ul><ul><ul><li>Complaints should be filed within 180 days of when the complainant knew or should have known that the act or omission occurred </li></ul></ul><ul><li>Individuals may also file complaints with Covered Entity </li></ul>
  20. 20. Complaint Process <ul><li>Informal review may resolve issue fully without formal investigation </li></ul><ul><ul><li>Many complaints will be resolved at this stage </li></ul></ul><ul><li>If not, begin investigation </li></ul><ul><ul><li>Voluntary resolution yet possible </li></ul></ul><ul><li>Technical Assistance </li></ul>
  21. 21. Civil Monetary Penalties (CMPs) <ul><li>CMPs can be imposed by OCR: </li></ul><ul><ul><li>$100 per violation </li></ul></ul><ul><ul><li>Capped at $25,000 for each calendar year for each identical requirement or prohibition that is violated </li></ul></ul><ul><li>Covered Entity has a right to notice and a hearing before a CMP becomes final </li></ul>
  22. 22. Employee Obligations <ul><li>Do not disclose PHI without patient authorization </li></ul><ul><li>If there is an unauthorized disclosure of PHI contact OCR immediately </li></ul>
  23. 23. Information <ul><li>Indiana State Department of Health Office of Technology and Compliance : http://www.in.gov/isdh/23500.htm </li></ul><ul><li>U.S. Department of Health & Human Services and the Office of Civil Rights: http://www.hhs.gov/ocr/privacy/ </li></ul>

×