Week 1 discussion 2 hipaa and privacy training


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Week 1 discussion 2 hipaa and privacy training

  1. 1. HIPAA & Privacy Training Veronica Gill MHA 690 November 3, 2011
  2. 2. What is HIPAA? <ul><li>Health Insurance Portability and Accountability Act of 1996 </li></ul><ul><li>Contains five provisions designed to: assure portability of health insurance, decrease healthcare fraud and abuse, guarantee security and privacy of patient health information, enforce standards for health information, set standards for EDI transactions </li></ul><ul><li>Administered by Department of Health and Human Services. </li></ul>
  3. 3. HIPAA Privacy Rule <ul><li>Title II of HIPAA required DHHS to establish national standards for: </li></ul><ul><ul><li>Transaction standards </li></ul></ul><ul><ul><li>Standard code sets </li></ul></ul><ul><ul><li>Unique health identifiers </li></ul></ul><ul><ul><li>Security </li></ul></ul><ul><ul><li>Privacy </li></ul></ul>
  4. 4. <ul><li>HIPAA was created due to the misuse of identifiable health information, such as: </li></ul><ul><li>A person stole computer disks with lists of HIV patients </li></ul><ul><li>A trustee/banker gained access to patients’ medical records and called in mortgages for those with cancer </li></ul><ul><li>The press gained access to psychiatric records about famous people and published these facts </li></ul>
  5. 5. Accountability <ul><li>Accountability is also known as Fraud Enforcement. </li></ul><ul><li>Federal Government has increased authority to penalize people and entities that violate the HIPAA regulations </li></ul><ul><li>Individuals and organizations will be subject to the full extent of the HIPAA sanctions </li></ul>
  6. 6. HIPAA Focus Areas <ul><li>Electronica Data Interchange </li></ul><ul><li>Privacy </li></ul><ul><li>Security </li></ul>
  7. 7. Electronic Data Interchange (EDI) <ul><li>Focuses on establishing national standards for electronic transfer of healthcare information, including the creation of uniform transaction standards, code sets and national identifiers for providers, health plans and employers. </li></ul>
  8. 8. Privacy <ul><li>Focuses on defining boundaries on medical record use and release, penalties for misuse of patient information, appropriate and inappropriate disclosures of information and appropriate access for information about self. </li></ul>
  9. 9. Security <ul><li>Focuses on administrative, physical and technical safeguards that keep patient information safe </li></ul>
  10. 10. What does this mean? <ul><li>Providers, health plans and certain other organizations may not use or disclose your health information for purposes unrelated to providing you healthcare, managing their obligations under state and federal law or unless you specifically authorize them to do so. </li></ul>
  11. 11. <ul><li>HIPAA standards apply only to: </li></ul><ul><li>Health care providers who transmit any health information electronically in connection with certain transactions </li></ul><ul><li>Health plans </li></ul><ul><li>Health care clearinghouses </li></ul>
  12. 12. What is protected by Privacy Rule? <ul><li>Protected Health Information (PHI) defined as: </li></ul><ul><li>Individually identifiable health information that is transmitted or maintained in any form or medium by a Covered Entity or its Business Associate </li></ul>
  13. 13. Who is a Covered Entity? <ul><li>Health care providers who transmit any health information electronically in connection with certain transactions </li></ul><ul><li>Health plans </li></ul><ul><li>Health care clearinghouses </li></ul>
  14. 14. Who is a Business Associate? <ul><li>A person who performs a function or activity on behalf of, or provides services to, a Covered Entity that involves Individually Identifiable Health Information </li></ul>
  15. 15. What is Individually Identifiable Health Information? <ul><li>Health information, including demographic information </li></ul><ul><li>Relates to an individual’s physical or mental health or the provision of or payment for health care </li></ul><ul><li>Identifies the individual </li></ul>
  16. 16. Uses & Disclosures of PHI <ul><li>The General Rule is that a Covered Entity may not use or disclose PHI, except as permitted or required by Privacy Rule </li></ul>
  17. 17. Permitted Uses and Disclosures <ul><li>To the individual </li></ul><ul><li>For treatment, payment and health care options (TPHO) </li></ul><ul><li>Give the individual opportunity to agree or object to disclosure of name, location, general condition, religious affiliation </li></ul>
  18. 18. <ul><li>For Public Policy purposes </li></ul><ul><li>“ Incident to” rule permits uses/disclosures incident to an otherwise permitted use or disclosure if minimum necessary & safeguard standards are met </li></ul>
  19. 19. What is Minimum Necessary? <ul><li>Covered entities must make reasonable efforts to limit the use or disclosure of, and requests for, PHI to minimum amount necessary to accomplish intended purpose </li></ul>
  20. 20. How to stay compliant <ul><li>Determine if you are a covered entity </li></ul><ul><li>Identify Business Associate (BA) relationships and enter BA agreements </li></ul><ul><li>Review current PHI practices and determine if any changes are needed </li></ul><ul><li>Develop an authorization form for future use </li></ul>
  21. 21. <ul><li>Develop and provide a Notice and Acknowledgement form </li></ul><ul><li>Develop a system to track and account for disclosures </li></ul><ul><li>Designate a Privacy Officer and contact person or office </li></ul><ul><li>Design and implement Policies and Procedures </li></ul>
  22. 22. <ul><li>Develop and implement systems to safeguard PHI </li></ul><ul><li>Train workforce </li></ul><ul><li>Check the Rule for particular requirements to continue to remain compliant </li></ul>