Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Compliance and HIPAA Privacy RVHIMA Spring 2016 Meeting Joshua A. Lenavitt, MHA Regional Director of Compliance and Privacy Baptist.

Published byBasil Bailey Modified over 8 years ago

Similar presentations

Presentation on theme: "An Introduction to Compliance and HIPAA Privacy RVHIMA Spring 2016 Meeting Joshua A. Lenavitt, MHA Regional Director of Compliance and Privacy Baptist."— Presentation transcript:

1 An Introduction to Compliance and HIPAA Privacy RVHIMA Spring 2016 Meeting Joshua A. Lenavitt, MHA Regional Director of Compliance and Privacy Baptist Health Louisville/La Grange

2 Disclaimer This presentation is for general education purposes only. The information contained in these materials, lecture, ideas and concepts presented is not intended to be, and is not, legal advice or even particular business advice relevant to your personal circumstances. The laws and regulations presented in this lecture are open to interpretation. 2

3 Disclaimer Continued I am not a lawyer… I know several lawyers… They were not available today… That’s why you have me today! 3

4 Objectives Define Compliance and discuss in terms of Ethics and Values Gain an understanding of basic HIPAA (Health Insurance Portability and Accountability Act) law, Discuss protection of Protected Health Information (PHI) and Identity Theft/Red Flags Briefly discuss Social Media and Healthcare Discuss Texting of PHI 4

5 Compliance How would you define Compliance? 5

6 What is Compliance? Compliance may be described as….. Adhering to federal and state laws Following policies and rules Monitoring medical documentation and billing practices Observing the HIPAA Privacy Rule 6

7 What is Ethics? Ethics may be described as ….. Core beliefs and convictions Values about what is right and good Doing the right thing 7

8 Compliance & Ethics Taken together, they define the essence of the Corporate Responsibility A values-based culture that guides our actions in the workplace so that our daily activities are performed with honesty, integrity, and in support of organizational Mission, Vision and Values Statements. 8

9 Quick Poll – TRUE or FALSE? FRAUD is a deception, a hoax, or a lie that is made for personal or corporate gain. TRUE 9

10 Industry and Governmental news A dialysis center illegally paid physicians for referrals and settled with the government for $389 million. A hospital allegedly submitted false or fraudulent claims for doing unnecessary heart procedures and settled with the government for $16.5 million. A clinic operator fraudulently billed Medicare for medications that were never given to patients, or were at incorrect dosages, or were unnecessary. A plea agreement included re-payment of $12 million. 10

11 Health and Human Services (HHS), Office of Civil Rights (OCR) in Action Starting in January of 2016, HHS, OCR started issuing monthly messages as it relates to HIPAA and PHI. The subject matter to date includes: –Patients’ right to access health information and clarifies appropriate fees for copies –Understanding Some of HIPAA’s Permitted Uses and Disclosures –Improper disclosure of research participants’ protected health information results HIPAA settlement http://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html 11

12 HIPAA 12

13 HIPAA The Office for Civil Rights enforces the HIPAA Privacy Rule: HIPAA – Health Insurance Portability and Accountability Act of 1996 –Security Rule, national standards for the security of electronic protected Health information (published in 2003) –Breach Notification Rule, requires covered entities to provide notification of HIPAA breaches (published in 2009) HITECH – Health Information Technology for Economic and Clinical Health Act, 2009 HIPAA Final Omnibus Rule 2013 http://www.hhs.gov 13

14 What is PHI? Protected Health Information (PHI) can be in any form (electronic, paper, or oral), and includes: 1)Demographic data 2)Past / present / future physical or mental health or condition(s) 3)The provision of health care to the individual 4)The past, present, or future payment for the provision of health care services 14

15 Permitted Uses of PHI Treatment Payment –Audits / Requests from payors –Worker’s compensation Healthcare operations –Quality Assessments –Business Management, such as customer service and resolution of grievances 15

16 Quick Poll – TRUE or FALSE? HIPAA was not designed to interfere with patient care. TRUE The HIPAA Privacy Rule allows medical staff to access information necessary for patient treatment. 16

17 Quick Poll – TRUE or FALSE? Under the HIPAA Rules, we must protect our patients’ information (PHI) which includes: - Name, address, and phone number - Social Security number - Insurance information - Medical record or account number - Patient’s picture TRUE 17

18 Identity Theft Identity Theft Prevention Programs are designed to detect, prevent and mitigate identity theft. Definitions Identity Theft – fraud committed or attempted using the identifying information of another person without authority. Red Flag – a pattern, practice or specific activity that indicates the possible existence of identity theft. 18

19 Identity Theft Identification of Relevant “Red Flags” The presentation of suspicious documents. The presentation of suspicious personal identifying information. Suspicious activity related to a covered account. Complaint or question is received from a patient based on their receipt of suspicious documents. Notice of address discrepancy. 19

20 Our Responsibilities Obtain the patient’s permission before discussing PHI in the presence of visitors (including family members). Refer all requests for medical records to the Health Information Management (HIM) Department or your organizations Release of Information Office. Refrain from casual conversation. Hold discussion of PHI in confidential and secure areas. Do not leave charts, files, or computer screens open and within public view. 20

21 Our Responsibilities (cont.) Never share passwords. Always lock your computer when stepping away from your work station. Do not email PHI from work to your personal email address. Do not text PHI unless using a secure and approved platform. 21

22 Our Responsibilities (cont.) PHI should not be taken off Baptist property unless secure transport is approved by your manager. Do not leave messages concerning a patient’s condition or test results on a patient’s voicemail. Report suspicious behavior, people, or situations to your manager, security, or the compliance officer. 22

23 Quick Poll – TRUE or FALSE? Employees are encouraged to share medical advice with patients and families via social media (such as Facebook, Twitter, blogs). FALSE 23

24 24

25 Social Media General Guidance Use caution when having online social contact with patients, former patients, and their family members. Avoid posts related to work as these discussions also have the potential to inadvertently disclose PHI. At Baptist Health, we do not use or post patient information or pictures without prior approval from Executive Management. 25

26 Texting of PHI Healthcare providers and covered entities should be aware of the potential consequences under HIPAA for unsecure and/or misdirected text messages. Baptist Health has a policy that governs the use of text messaging as a means of communicating PHI between providers. –Only a secure application is acceptable i.e.. Tiger, MicroBloggingMD, etc. 26

27 Key Takeaways Compliance impacts all functional areas of the hospital or organization. We all have a responsibility to carry out our activities in a manner that is ethical, legal, and in support of the behaviors outlined in your organizations standards of conduct, professional organizations guidelines, and laws. Let someone know if you have a compliance question or concern. When you speak up, we have an opportunity to improve our programs and resolve issues before they become more serious. 27

28 Joshua Lenavitt Regional Director of Compliance and Privacy Baptist Hospital Louisville & La Grange (502) 779-1073 phone joshua.lenavitt@bhsi.com 28

Download ppt "An Introduction to Compliance and HIPAA Privacy RVHIMA Spring 2016 Meeting Joshua A. Lenavitt, MHA Regional Director of Compliance and Privacy Baptist."

Similar presentations

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations

Ads by Google