A Shared Responsibility

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Component 1: Introduction to Health Care and Public Health in the U.S. Unit 6: Regulating Health Care Lecture 4 This material was developed by Oregon Health.
JCAHO –A HIPAA Business Associate National HIPAA Summit
The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
1 Targeted Case Management (TCM) Changes Iowa Medicaid Enterprise October 14, 2008.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA AWARENESS TRAINING
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Minimum Necessary Standard Version 1.0
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA PRIVACY AND SECURITY AWARENESS.
Health Insurance Portability and Accountability Act (HIPAA)
Confidentiality and Drug Courts Carson Fox Esq. Steve Hanson M.S. Ed.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HealthBridge is one of the nation’s largest and most successful health information exchange organizations. Tri-State REC: Privacy and Security Issues for.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
HIPAA Privacy Rule Training
HIPAA PRIVACY & SECURITY TRAINING
UNDERSTANDING WHAT HIPAA IS AND IS NOT
10 Patient Confidentiality and HIPAA
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Health Advocate HIPAA Privacy Information
Presentation transcript:

Privacy and Security In an Evolving Environment Dialogue on Diversity May 15th, 2013 Laura E. Rosas, JD, MPH Office of the Chief Privacy Officer

A Shared Responsibility Privacy and Security: A Shared Responsibility Government: Establish, enforce, coordinate, and communicate affordable and workable Privacy & Security regulations Providers: Understand Privacy & Security requirements, establish and promote Privacy & Security policies and practices, train and monitor staff, and manage risk Vendors: Integrate easy-to-use Privacy & Security features into products and provide updates as regulations evolve Patients: Understand rights and basic means used to secure PHI

Origins of Medical Privacy “What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.” Hippocrates , c. 460 BC - 370 BC

Patient Privacy and Patient Safety “The treatment that a patient receives can be greatly affected by what the patient chooses to disclose to their physician.” - Annals of Family Medicine, 2008 Medical confidentiality protections are meant to encourage disclosure…” - Archives of Internal Medicine, 2005

Privacy and Security in Practice Use technology that has privacy and security built into the technology Privacy and Security are considered as part of physical environment, patient care, and all communications Have Privacy and Security checkups and communicate results to all Training, is regular updated and an essential part of the overall strategic plan

Key Federal Health Information Privacy Laws HIPAA Privacy and Security Rules Health Insurance Portability and Accountability Act of 1996, as amended by. . . Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 State Laws that are more restrictive are not pre-empted by HIPAA 5

HIPAA Privacy Rule: General Overview Set a federal floor for protecting health information Apply to many, but not all, key actors in health care system Limit how key actors may use and disclose individually identifiable health information they receive or create (“protected health information”) Give individuals rights with respect to their protected health information (right to request restriction if paid in full) Impose administrative requirements Require breach notification Establish civil and criminal penalties http://www.acpinternist.org/archives/2003/09/privacy.htm 6

Who Must Comply with HIPAA Privacy Rule? Covered entities Health plans Health care clearinghouses Process health information into and/or out of HIPAA standard format Health care providers that electronically transmit health information in connection with a HIPAA-specified covered transaction Essentially those related to processing claims for health care Business associates (certain provisions) Business Associates – Post HITECH Business associates must follow administrative, physical and technical safeguards of HIPAA Security Rule Follow use and disclosure limitations of HIPAA Privacy Rule Subject to same civil and criminal penalties as covered entities

Who Is a Business Associate (BA)? Perform certain functions or activities on behalf of a covered entity that involve the use or disclosure of PHI including: Data analysis Data aggregation Claims processing Quality assurance Legal services Accounting Others specified claims processing, data analysis, quality assurance, billing, and benefit management

Mobile Health Research & Education Provider Adoption of Mobile Devices in the U.S. Health Care Community

Scenario #1 You are a physician consulting on the case of a 79 year-old woman with recent surgery for a broken hip and suspected dementia. After seeing the patient, her daughter-in-law wishes to speak with you about her condition.

In Response…. In response you: Ask to have the patient’s son, her spouse contact you Speak with the patient and check the patient’s EHR for any restrictions on speaking to particular family members. If not, use your professional judgment in discussing the patient’s condition with the daughter-in-law. Tell the patient that you appreciate her concern, however due to the HIPAA Privacy Rule you cannot share any information with her Consult with the patient first, and if the patient provides written authorization, then you can speak with the daughter-in-law  

Answer: Scenario #1 In response you: Ask to have the patient’s son, her spouse contact you Speak with the patient and check the patient’s EHR for any restrictions on speaking to particular family members. If not, use your professional judgment in discussing the patient’s condition with the daughter-in-law. Tell the patient that you appreciate her concern, however due to the HIPAA Privacy Rule you cannot share any information with her Consult with the patient first, and if the patient provides written authorization, then you can speak with the daughter-in-law  

Scenario #2 A 26 year-old male patient has come to see you for a suspected sexually transmitted infection. After reaching a diagnosis and writing a prescription, the patient tells you that he will pay for the visit in full and requests that the information related to the visit not be disclosed to his insurance company.

In Response… “I’m sorry but the HIPAA Privacy Rule requires the information be transmitted to the insurance company regardless of whether you pay in full.” “Yes, but for each related transaction you will need to inform those organizations separately. For example, if you do not want the pharmacy to bill your insurance company you will need to inform them separately.” “No, state law requires that we inform your insurance company” “Yes, and we will ensure that any other information related to this visit, for example, your pharmacy, is also informed to ensure that the information is not sent to your insurance company.

Answer: Scenario #2 “I’m sorry but the HIPAA Privacy Rule requires the information be transmitted to the insurance company regardless of whether you pay in full.” “Yes, but for each related transaction you will need to inform those organizations separately. For example, if you do not want the pharmacy to bill your insurance company you will need to inform them separately.” “No, state law requires that we inform your insurance company” “Yes, and we will ensure that any other information related to this visit, for example, your pharmacy, is also informed to ensure that the information is not sent to your insurance company.

Scenario #3 You are a pediatrician seeing a 16 year-old girl for a physical. Just as you are finishing the exam, she informs you that she is sexually active, and requests a prescription for birth control pills. However, she does not want her parents to know and she requests that you keep this information and the prescription confidential. You practice in a jurisdiction that allows minors to consent to their care for the purposes of family planning.

In Response: You provide the prescription but tell her that you are required by law to inform her parents of the prescription You provide the prescription and note in the EHR that this information should not be disclosed to the parents without the patient’s authorization. You provide the prescription, but tell the patient that you will need to inform the parents due to the practice’s liability insurance You do not provide the prescription as it is against the practice’s policy to provide minor care without the parent’s consent.

Answer: Scenario #3 You provide the prescription but tell her that you are required by law to inform her parents of the prescription You provide the prescription and note in the EHR that this information should not be disclosed to the parents without the patient’s authorization. You provide the prescription, but tell the patient that you will need to inform the parents due to the practice’s liability insurance You do not provide the prescription as it is against the practice’s policy to provide minor care without the parent’s consent.

Mobile Health Research & Education Take the Steps to Protect and Secure Health Information When Using a Mobile Device The resource center HealthIT.gov/mobiledevices was created to help providers and professionals: Protect and Secure health information when using mobile devices regardless of whether the mobile device is personally owned, bring your own device (BYOD) or provided by an organization Mobile devices offer tremendous convenience and accessibility, but also present security issues – secure your devices and access our resources at healthit.gov/mobile devices

Helping Providers Integrate Privacy and Security into Their Culture Designed to help health care practitioners and practice staff understand the importance of privacy and security of health information at various implementation stages Developed with assistance from the American Health Information Management Association (AHIMA) Foundation, with input from OCR and OGC Available at: http://www.healthit.gov/providers-professionals/ehr-privacy-security 20 20

Security Video Game Released September 2012 Training Materials: Security Video Game Released September 2012 We are working on other activities to assist providers… 21 21

HHS Office for Civil Rights (OCR): Policy Guidance/Compliance Tools What’s in the Works: Fact Sheets/Q&A on new provisions Breach Risk Assessment Tool Minimum Necessary Guidance Better Compliance Tools for Small Entities Adaptation of SAG Training for Covered Entities Expanded Consumer Materials/Videos

We are all responsible for creating a culture where privacy and security are respected and valued.

Conclusion Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.