Health Insurance Portability and Accountability Act (HIPAA) CCAC.

Slides:



Advertisements
Similar presentations
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
Advertisements

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
HIPAA and Privacy An Overview of the New Federal Requirements of the Health Insurance Portability and Accountability Act (HIPAA) Reid Cushman, UM Ethics.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Health Insurance Portability and Accountability Act.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Medical Records in Court: Life after HIPAA North Carolina Conference of Superior Court Judges, October 2003 Presented by Jill Moore, UNC School of Government.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Implementing and Enforcing the HIPAA Privacy Rule.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)
Compliance and Enforcement of the Privacy Rule. HHS/OCR February/March Compliance Date  April 14, 2003 – Compliance for all but small health plans.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA – How Will the Regulations Impact Research?.
HIPAA’s Medical Privacy Standards: The Long and Really Winding Road Michael D. Bell, Esq. Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. Washington,
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Securing Patient-Related Data: The Impact of HIPAA Module VI NUR 603 Russ McGuire.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Health Insurance Portability and Accountability Act.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Human Subjects Update E. Wethington, Chair, UCHS.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
Health Insurance Portability and Accountability Act of 1996
UNDERSTANDING WHAT HIPAA IS AND IS NOT
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA CONFIDENTIALITY
HIPAA Administrative Simplification
Disability Services Agencies Briefing On HIPAA
The HIPAA Privacy Rule and Research
Compliance and Enforcement of the Privacy Rule
Presentation transcript:

Health Insurance Portability and Accountability Act (HIPAA) CCAC

2 Learning Outcomes Define HIPAA Describe Privacy Rule/Covered Entities Define Protected Health Information (PHI) Know When to Use and Disclose PHI Define De-identified PHI Describe Need to Comply With HIPAA

3 What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996 Department of Health and Human Services (DHHS) administers the Act

4 HIPAA Primary Objectives Improve portability and continuity of health insurance coverage Combat waste, fraud and abuse in health care Promote the use of medical savings accounts Improve access to long-term care services Simplify administration of health insurance

5 Why the Need for HIPAA? Advancements in Technology  Allows greater access to protected health information (PHI)  Increased use of electronic transmission of patient data

6 HIPAA Privacy Rule Published in Federal Register December 28, 2000  45 CFR: Part 160: General Administrative Requirements  45 CFR: Part 162: Administrative Requirements  45 CFR: Part 164: Security and Privacy

7 Covered Entities Health Plan Health Care Clearinghouse Health Care Provider

8 Covered Entities Business Associate Hybrid

9 Protected Health Information (PHI) Individually Identifiable Health Information held or transmitted by a covered entity or its business associate  in any form or media  whether electronic, paper or oral

10 Individually Identifiable Health Information Past, present or future physical or mental health condition or payment for provision of health care, or Provision of health care identifying the individual by  Name  Address  Birth date  Social Security Number

11 Electronic  Computer Systems Oral  Formal and Informal Presentations, Discussions Written  Medical Records, Reports, Publications, Letters, Faxes Protected Health Information (PHI)

12 Permitted Uses and Disclosures Without an individual’s authorization:  Treatment, Payment, and Health Care Operations  Opportunity to Agree or Object  Incidental to otherwise permitted use  Public Interest and Benefit Activities  Limited Data Set

13 Permitted Uses and Disclosures May Not use or disclose except either as the:  Privacy Rule permits or requires, or  Individual or personal representative authorizes in writing Must disclose in two situations:  To individuals when requested  DHHS in compliance investigation or review or enforcement action

14 Minimum Necessary Covered entity must:  Make reasonable effort to disclose minimum amount of information to meet the purpose  Develop and implement policies and procedures for reasonable limit  Not use, disclose, or request the entire medical record unless it can justify whole record is reasonably needed for the purpose

15 Individual’s Rights Know who may use and/or disclose PHI and to whom PHI is disclosed and for what purpose Know the duration of the use/disclosure of PHI Revoke the use and/or disclosure of PHI at any time in writing Have access to inspect and obtain a copy of own PHI Provide Written Authorization for use and/or disclosure of PHI

16 Limited Data Set Certain, specified direct identifiers removed Used and disclosed for  Research  Health care operations  Public health purposes Recipient promises safeguards

17 De-Identified Health Information No restrictions on use or disclosure Neither identifies or provides a reasonable basis to identify an individual Two ways to de-identify 1. Formal determination of qualified person 2. Removal of specified identifiers

18 HIPAA Exercise #1 What are specified identifiers?  List on a flipchart

19 Specified Identifiers ________________

20 Specified Identifiers ________________

21 Authorization Who provides? What is included? When is it necessary? Who is involved in the process?

22 Authorization Provided by individual in writing Written in specific terms  May allow use and disclosure by covered entity or third party  Written in plain language

23 Contains specific information  Description of information to be used/disclosed in specific and meaningful fashion  Persons disclosing and receiving  Expiration date or “none”  Right to revoke  Individual’s signature and date Authorization

24 Authorization Covered Entity and Individual Privacy Board Institutional Review Board (Research) Copy provided to individual Examples of required use

25 Authorization Required Psychotherapy Notes Marketing with following exceptions:  Face-to-face between covered entity and individual  Covered entity’s provision of promotional gifts of nominal value If direct or indirect remuneration from a third party, fact must be revealed

26 Authorization in Research Waiver or Authorization Required Review and Approval by a Privacy Board or IRB  Statement identifying Board and Date of Approval  Signed by Chair or designee

27 Privacy Practices Notice Covered entities must provide since April 14, 2003 Notice to contain certain elements Deliver to patients Posted at each service deliver site Available on request On Website

28 Privacy Practices Notice Obtain written acknowledgement from patients of receipt Document reason for failure to obtain written acknowledgement

29 Enforcement of HIPAA Office of Civil Rights (OCR) is responsible Covered entity investigated after a complaint is received Process may include  Investigations and Compliance Reviews

30 Compliance with HIPAA Processes for Filing Complaints Covered Entities to provide  records  compliance reports Cooperate with and permit access to information

31 Penalties General Penalty: $100 per person per violation up to $25,000/year Wrongful Disclosure Penalties  Enforced by Department of Justice  Fined up to $50,000, imprisoned not more than 1 year or both

32 Penalties Wrongful Disclosure Penalties  Fined up to $100,000, imprisoned not more than 5 years or both for obtaining PHI under false pretenses  Fined up to $250,000, imprisoned not more than 10 years for obtaining PHI with intent to sell, transfer, or use for commercial advantage, personal gain or malicious harm

33 HIPAA Exercise #2 Handout in binder Fill in the blanks with the number preceding the correct answer Some numbers may be used more than once

34 Summary HIPAA and the Privacy Rule Covered Entities Responsibilities Individually Identifiable Health Information Use and Disclosure of PHI Authorizations De-Identified PHI Compliance with HIPAA

35 References OCR Privacy Rule Summary Revised 05/03 HIPAA Privacy Rule  Annotated to Reflect August 14, 2002 Modifications; HIPAA Advisory.com/Courtest of William MacBain, MacBain & MacBain, LLC Public Law , August 21, 1996, An Act

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.