Table of Contents

Lessons 1. Introduction to HIPAA Go Go 2. Privileged Communication Go Go 3. Medical Records Go Go 4. Technology Go Go

Table of Contents  Protect patients and their personal health information  Became law in 1996

Table of Contents  Four main purposes of HIPAA

Table of Contents  Privacy Rule  Detailed instructions for handling and protecting information

Table of Contents  EMR  Created security and privacy issues  Security Rule to keep records secure

Table of Contents  Security Rule sets safeguards for electronic records

Table of Contents  Transaction and Code Set Rule ◦ Set national standard ◦ Simplified claims process

Table of Contents  Health Insurance Access, Portability, and Renewability

Table of Contents  Privileged communication is information that is shared within a protected relationship.  These relationships include physician and patient, attorney and client, and clergy and counselee.  Under most circumstances, privileged communication cannot be disclosed.

Table of Contents  The Privacy Rule ◦ Protect private patient information

Table of Contents  Privacy Terms

Table of Contents  Authorization ◦ Permission given in order to share health information

Table of Contents  Patient rights ◦ Right to Notice of Privacy Practices ◦ Right to request restrictions on certain uses of protected health information ◦ Right to request confidential communications

Table of Contents  Patient rights ◦ Right to access a copy of protected health information ◦ Right to request an amendment of health information ◦ Right to receive an accounting of the sharing of health information

Table of Contents  Medical facility responsibilities  Release of Information

Table of Contents  Disclosure without authorization  Disclosure allowed without authorization

Table of Contents  Emotional abuse includes excessive demands, insults, humiliation, stalking, threats, and lack of affection and support.  Physical abuse includes any physical mistreatment or violence, as well as inappropriate restraint and withholding physical care.  Sexual abuse includes using sexual gestures, suggesting sexual behavior, and unwanted sexual touching or acts.

Table of Contents  Patient statements  Unexplained injuries, such as bruises, abrasions, fractures, bite marks, and burns  Unreasonable explanations for injuries  Malnutrition and dehydration  Poor personal hygiene  Pain or bruising in the genital area  Unexplained genital infections  Emotional problems, such as anxiety, depression, aggressiveness, changes in appetite, problems at school or work

Table of Contents  Breach – Improper release of confidential information  Effects patient, person responsible for the breach and the facility  Consequences for a breach can vary in severity  For patients - range from a slight annoyance to identity theft and social avoidance  For the responsible person - range from a disciplinary action to being fired, losing a license, & legal/civil actions  For the facility – range from additional paper work to legal/civil action and a loss of customers.

Table of Contents  Personal information, such as full name, phone number, address, work number and address, birth date, social security number, and marital status  Medical history  Description of symptoms  Diagnoses  Treatments  Prescriptions and refills  Records of patient’s telephone calls  Name of legal guardian  Name of power of attorney  Notes about copies of medical records

Table of Contents  Medical records belong to health care providers, but patients have the right to see and obtain a copy of their records.  Patients with mental illness may not have the right to see their medical records.  If a patient’s employer or prospective employer pays for a job-related physical examination, the employer, not the patient, has the right to see and obtain a copy of the records.

Table of Contents  Medical records must be complete, legible, and timely.  All information in records must be objective and the information must be initialed and dated.  Errors should never be erased or covered with correction fluid. Instead, a single line should be drawn through an error so that the error is still readable.

Table of Contents  Advantages: ▫Instant access ▫Remote access to up-to- date information ▫Simultaneous access ▫Decreased time to record information ▫Legible ▫Better organization ▫Flexible data layout ▫Automated checks and reminders ▫Increased privacy and decreased tampering, destruction, and loss due to required authorization

Table of Contents  Disadvantages: ▫Additional hardware, software, and licensing costs ▫Resistance to giving up paper records ▫Difficult data entry ▫Training ▫Computer downtime, such as unexpected failure or routine servicing ▫Confidentiality and security concerns, such access of information to unauthorized individuals

Table of Contents  Limit individuals who have access to records by using passwords, fingerprints, voice recognition, and eye patterns.  Require codes to access specific information.  Place monitors in areas where others cannot see the screen.  Do not leave monitors unattended while confidential information is on the screen.  Do not send confidential information by .  Back up data.  Constantly monitor and evaluate the use of electronic medical records.

Table of Contents  Printers: ▫Do not leave printers unattended while printing confidential information. ▫Do not print confidential information on printers that are shared by unauthorized individuals. ▫Do not print confidential information on wrong printers. ▫Make sure to collect printouts of confidential information from printers. ▫Do not throw unneeded printouts of confidential information in trash cans. Instead, these should be shredded.

Table of Contents  Copiers: ▫Do not copy confidential information if unauthorized individuals are in the area and can see the information. ▫Do not leave copiers unattended while copying confidential information. ▫If a paper jam occurs, be sure to remove the copies that caused the jam from the copier. ▫Make sure to collect all copies of confidential information as well as the original from the copier. ▫Do not throw unneeded copies of confidential information in trash cans. Instead, these should be shredded.

Table of Contents  Fax Machines: ▫Contact the receiver and verify the fax number before faxing confidential information. ▫Do not fax confidential information to unauthorized individuals. ▫Attach a cover sheet that contains a confidentiality statement. ▫Do not fax confidential information if unauthorized individuals are in the area and can see the information. ▫Do not leave fax machines unattended while faxing confidential information. ▫Do not throw unneeded faxes of confidential information in trash cans. Instead, this should be shredded.

Table of Contents  Telephones: ▫Do not use patients’ names if unauthorized individuals are in the area and can overhear. ▫When leaving messages, simply ask patients to return the call. Do not speak about any confidential information.