HIPAA regulates how patient health information can be used and shared. It aims to protect Personal Health Information (PHI) such as names, medical diagnoses, and billing histories. Covered entities like health plans and providers must follow HIPAA's rules. Non-compliance can result in civil and criminal penalties including fines and imprisonment. The training stresses that a patient's private information is just that - private - and outlines who must follow HIPAA, what information it protects, how it affects jobs, and penalties for violations.

1. HIPAAA Patient’s Business is not Everybody’s BusinessTracy Stibick, BAMHA 390: CapstoneDr. David ColeOctober 6, 2011

2. KEY WORDSCovered Entities: a health care plan, provider or clearinghouse.PHI – Personal Health InformationEHR – Electronic Health RecordEDI – Electronic Data InterchangeEOB – Explanation of Benefits

3. PURPOSE of TRAININGTo stress the importance of HIPPA RegulationsTo comply with HIPAA Regulations

4. WHAT IS HIPAA?HIPAA stands for the Health Insurance Portability and Accountability Act of 1996Also known as The Privacy RuleHIPAA regulates how “Covered Entities” can use and/or disseminate patient information Two rules under HIPAA:Security Rule – sets standards for the security of EHRsPatient Safety Rule – protects identifiable patient information from being used to analyze events and improve patient safety

5. HIPAA BACKGROUNDIncrease of EDI caused concerns regarding portability and transferability of patient informationConcerns also grew for those with pre-existing conditions and the ability to be covered by health insurance

6. WHY IS IT IMPORTANTEDI - Increases efficiency, effectiveness and cost savings thus, protection from identity theft was necessaryEthically, it is the right thing to doA Patient’s business is not everybody’s business

7. WHO HAS TO FOLLOW THE LAW & WHAT INFORMATON NEEDS PROTECTION?Everyone needs to comply with HIPAA regulations PHIs need to be secure, such asName, address, phone number, date of birth, age, and/or email addressMedical information such as diagnosis, lab tests and results, prescriptionsBilling history such as claims, referrals, and EOBs

8. HOW DOES HIPAA AFFECT ME AND MY JOBOne can only look, use, give or talk about a person’s PHI if it is required to perform your job.Ask yourself this question: Does my job require me to do this? HIPAA will affect you if you deal directly with patients or have access to their PHI as part of your job.

9. PENALTIES FOR NON-COMPLIANCECan result in civil and criminal penalties Unknowingly can result in a minimum penalty of $100 fine per violation with an annual maximum of $25,000 for repeat violation or a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violationsViolations due to willful neglect can result in a minimum of a $1000 fine per violation with an annual Maximum of $100,000 for repeat violations and a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violations

10. PENALTIES FOR NON-COMPLIANCEWillful neglect but with corrective actions taken can result in a minimum of a $10,000 fine per violation with an annual Maximum of $250,000 for repeat violations and a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violationsWillful neglect without corrective actions can result in a minimum of a $50,000 fine per violation with an annual Maximum of $1.5 Million for repeat violations and a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violations

11. PENALTIES FOR NON-COMPLIANCECovered Entities and individual who willfully violate HIPAA can be imprisoned from 1 to 5 years.

12. CONTACT INFORMATIONYour SupervisorYour HR DepartmentA Privacy OfficerAdditional information can be found on the US Department of Health and Human Services website http://www.hhs.gov/ocr/privacy/

13. CERTIFICATION OF COMPLETIONOn this ______ day of October, ______________________ has successfully completed HIPAA training for the period October 6, 2011 through to October 5, 2012. Tracy Stibick,BA