HIPAA 101 Education
WHAT IS HIPAA???
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act A “Patients’ Rights” Law A “Patients’ Rights” Law Enacted by Congress to protect patient’s privacy Enacted by Congress to protect patient’s privacy
THE PRIVACY RULE The right to access, inspect, copy and request changes to medical records The right to access, inspect, copy and request changes to medical records The right to say who sees their medical records and who doesn’t The right to say who sees their medical records and who doesn’t The right to request a list of exactly who has seen their medical records The right to request a list of exactly who has seen their medical records The right to confidential communication about their health The right to confidential communication about their health
CONFIDENTIALITY
PROTECTED HEALTH INFORMATION P.H.I., for short P.H.I., for short Information about a patient’s condition, treatment or payment Information about a patient’s condition, treatment or payment
Protected Health Information (P.H.I.) includes: Medical Records Medical Records Arm Bracelets Arm Bracelets Pharmacy Orders Pharmacy Orders Conversations about Patient Health Conversations about Patient Health Dietary Cards Dietary Cards I.V. Bags and Meds I.V. Bags and Meds Payment and Insurance Records Payment and Insurance Records
PROTECTING P.H.I. Place all medical records in a secure location. Place all medical records in a secure location. Shred or destroy all reports material like arm bracelets and I.V. bags. Shred or destroy all reports material like arm bracelets and I.V. bags. Escort all patients and visitors through departmental areas. Escort all patients and visitors through departmental areas. Store P.H.I documents under lock and key when you leave the area. Store P.H.I documents under lock and key when you leave the area.
PROTECTING P.H.I. continued…. Lock perimeter doors so that patients and visitors have to use main entrances. Lock perimeter doors so that patients and visitors have to use main entrances. Don’t discuss a patient outside the treatment area. Don’t discuss a patient outside the treatment area. Don’t leave sensitive computer files up on your computer screen. Don’t leave sensitive computer files up on your computer screen. Never share your password with anyone! Never share your password with anyone!
You can share P.H.I. for three purposes: 1. TREATMENT – when talking to co- workers in the treatment area. 2. PAYMENT – when filing an insurance claim or discussing payment options. 3. OPERATIONS – for purposes such as audits, customer services, quality improvements and grievance resolution.
TREATMENT, PAYMENT and OPERATIONS: T.P.O. for short. P.H.I. cannot be shared for any other reason without written authorization from the patient.
Questions? Ask your supervisor or manager. See your facility’s Privacy Officer.
HIPAA Review: You can share Protected Health Information (P.H.I.)… …for Treatment, Payment and Operations (T.P.O.) only!
Limit the P.H.I. Shared to: THE “MINIMUM NECESSARY” You are responsible for limiting the information you receive to only what is required to do your job.
ER Evaluation Hospital Admissio n Pharmacy Managed Care/Case Management Care Delivery / Treatment/…… Peer Evaluation/ JCAHO Review Documentation, Billing/Collection Lab/Radiology / The “Minimum Necessary” Each department must determine what the “minimum necessary” means.
The Privacy Rule Keep Protected Health Information (P.H.I.) confidential. Keep Protected Health Information (P.H.I.) confidential. Share P.H.I. for Treatment, Payment and Operations (T.P.O.) only. Share P.H.I. for Treatment, Payment and Operations (T.P.O.) only. Only share the “minimum necessary” as set by your department Only share the “minimum necessary” as set by your department
Privacy Pledges are given to every patient. Privacy Pledges are also posted on bulletin boards and on the Covenant Health website.
Fines and Penalties for Non- Compliance Wrongful Disclosure of Health Information Simple disclosure – fines up to $50,000 and/or 1 year in prison Disclosure under false pretenses – fines up to $100,000 and/or 5 years in prison Disclosure with intent to sell or use – fines up to $250,000 and/or 10 years in prison
Fines and Penalties for Non-Compliance Non-Compliance with Requirements $100 per violation to a maximum of $25,000 per requirement per year 80+ requirements (and counting) would add up to over $2 million in penalties per year!
How do we become HIPAA compliant? Adjust the way we think and how we do our jobs Adjust the way we think and how we do our jobs Become more aware of privacy issues Become more aware of privacy issues Pay close attention to trainings Pay close attention to trainings Ask questions Ask questions Develop a constant consideration for our patients’ feelings and need for privacy Develop a constant consideration for our patients’ feelings and need for privacy
Help make HIPAA happen!
Place items in your work area in a secure place. When discussing P.H.I. – keep your voice down. Use extreme caution sending out faxes – use a cover sheet and verify numbers. Don’t talk about P.H.I. outside the treatment area. Bring non-compliant actions to your co- workers attention. Dispose of all P.H.I. properly by shredding. Protect your patient’s information as if it were your own!!
Timeline to HIPAA Compliance HIPAA Privacy Start Now! THE CLOCK IS TICKING… Compliance with the Privacy Rule must be complete by April 14, 2003! NOTE: Other final rules are expected to be released throughout 2002 and NOTE: Other final rules are expected to be released throughout 2002 and 2003.
MAKE HIPAA A HABIT!
TAKE THIS QUICK HIPPA QUIZ
P.H.I. stands for : 1. A pretty hairy individual 2. Post hypnotic insomnia 3. Protected Health Information
If you see P.H.I. lying on a counter, you should: 1. Leave it there. 2. Throw a hissy fit. 3. Pick it up and put it in a secure location and remind others to do the same.
When disposing of P.H.I., you should: 1. Wad it up and throw it into the nearest trashcan. 2. Shred it or place it in the appropriate shred or destruction bin. 3. Tear it into several pieces before putting it in a trash can.
Patients will be informed of their privacy rights by: 1. A daily announcement over the PA system. 2. A special messenger. 3. A privacy pledge given at registration.
Failure to protect patient privacy could mean: 1. You are a bad, bad, person. 2. A free vacation in the Bahamas. 3. Big fines and/or prison time.
P.H.I. may be shared without a patient’s authorization for which of the following? 1. Patient’s attorney. 2. Newspaper reporter. 3. Treatment, Payment and Operations.
If you have questions about HIPAA rules, you should ask: 1. Oprah and/or Dr.Phil. 2. Your friends and/or family. 3. Your supervisor and/or Privacy Officer.
That’s it! Complete your documentation form and give it to your supervisor!