1. HIPAA A Patient’s Business is not Everybody’s Business Tracy Stibick, BA MHA 390: Capstone Dr. David Cole October 6, 2011

2. KEY WORDS Covered Entities: a health care plan, provider or clearinghouse. PHI – Personal Health Information EHR – Electronic Health Record EDI – Electronic Data Interchange EOB – Explanation of Benefits

3. PURPOSE of TRAINING To stress the importance of HIPPA Regulations To comply with HIPAA Regulations

4. WHAT IS HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act of 1996 Also known as The Privacy Rule HIPAA regulates how “Covered Entities” can use and/or disseminate patient information Two rules under HIPAA: Security Rule – sets standards for the security of EHRs Patient Safety Rule – protects identifiable patient information from being used to analyze events and improve patient safety

5. HIPAA BACKGROUND Increase of EDI caused concerns regarding portability and transferability of patient information Concerns also grew for those with pre-existing conditions and the ability to be covered by health insurance

6. WHY IS IT IMPORTANT EDI - Increases efficiency, effectiveness and cost savings thus, protection from identity theft was necessary Ethically, it is the right thing to do A Patient’s business is not everybody’s business

7. WHO HAS TO FOLLOW THE LAW & WHAT INFORMATON NEEDS PROTECTION? Everyone needs to comply with HIPAA regulations PHIs need to be secure, such as Name, address, phone number, date of birth, age, and/or email address Medical information such as diagnosis, lab tests and results, prescriptions Billing history such as claims, referrals, and EOBs

8. HOW DOES HIPAA AFFECT ME AND MY JOB One can only look, use, give or talk about a person’s PHI if it is required to perform your job. Ask yourself this question: Does my job require me to do this? HIPAA will affect you if you deal directly with patients or have access to their PHI as part of your job.

9. PENALTIES FOR NON-COMPLIANCE Can result in civil and criminal penalties Unknowingly can result in a minimum penalty of $100 fine per violation with an annual maximum of $25,000 for repeat violation or a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violations Violations due to willful neglect can result in a minimum of a $1000 fine per violation with an annual Maximum of $100,000 for repeat violations and a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violations

10. PENALTIES FOR NON-COMPLIANCE Willful neglect but with corrective actions taken can result in a minimum of a $10,000 fine per violation with an annual Maximum of $250,000 for repeat violations and a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violations Willful neglect without corrective actions can result in a minimum of a $50,000 fine per violation with an annual Maximum of $1.5 Million for repeat violations and a maximum penalty of $50,000 per violation with an annual maximum of $1.5 Million for repeat violations

11. PENALTIES FOR NON-COMPLIANCE Covered Entities and individual who willfully violate HIPAA can be imprisoned from 1 to 5 years.

12. CONTACT INFORMATION Your Supervisor Your HR Department A Privacy Officer Additional information can be found on the US Department of Health and Human Services website http://www.hhs.gov/ocr/privacy/

13. CERTIFICATION OF COMPLETION On this ______ day of October, ______________________ has successfully completed HIPAA training for the period October 6, 2011 through to October 5, 2012. Tracy Stibick,BA