Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA OVERVIEW Privacy & Related Issues for Business Officers

Published byChristiana Wiggins Modified over 6 years ago

Similar presentations

Presentation on theme: "HIPAA OVERVIEW Privacy & Related Issues for Business Officers"— Presentation transcript:

1 HIPAA OVERVIEW Privacy & Related Issues for Business Officers
Jill Raines Assistant General Counsel & HIPAA Privacy Official © May not be reproduced without prior permission. 10/17

2 What is HIPAA and Why Do I Care?
$1 Million Question: What is HIPAA and Why Do I Care?

3 HIPAA is… -A federal law -With huge penalties
-That DOES apply to certain departments on graduate and undergraduate campuses. That’s the short version.

4 HIPAA Applies to… Health Care Providers Health Plans
Mental, Physical Research w/ Treatment Protocol Health Plans Benefits (self-funded) Business Associates Your faculty may be signing BA agreements…

5 HIPAA Covers… PHI Individually identifiable health information
created or received by a covered entity Related to past, present, or future physical or mental health or condition; payment for or coverage of those conditions Maintained or transmitted electronically or otherwise; written or spoken

6 WHAT MAKES INDIVIDUAL INFORMATION IDENTIFIABLE (HIPAA DESIGNATED PHI IDENTIFIERS)?
Name Address Dates (except year) Telephone number Fax number , URL, IP addresses Biometrics (finger, voice) Unique identifying number/code/characteristic ** CATCH ALL CATEGORY Social Security Number Account and license numbers Medical record number Health plan/insurance number Device numbers Vehicle numbers Identifying photos

7 HIPAA Requires… Covered Entities and their Health Care Components (HCCs) to Protect PHI from unauthorized access, use, disclosure Provide training to Workforce Members Investigate and mitigate violations Report unsecured breaches of PHI

8 Likely Campus HCCs -Health Services -Athletics??
-Counseling Services -Benefits Office -Certain Support Services: Financial IRB/HRPP Printing Services Audit Compliance Legal Counsel IT Collections Waste Mgmt

9 What PHI is on Your Campus?
Health records Counseling records Medication records and lab reports Employee benefits enrollment information Claims information Billing and payment information Research participant information Correspondence re: patients/enrollees

10 WHEN CAN AN HCC USE OR DISCLOSE PHI?
Required/Permitted by Law For Treatment, Payment, or Operations With Patient Authorization or a BAA (If you aren’t sure, ASK your Compliance Office!)

11 What is Authorization? Authorization is required for use and disclosure of PHI that is not otherwise allowed by HIPAA or required by law. An Authorization must specify a number of detailed elements, including what may be released and to whom. Where is your HIPAA Authorization form?

12 What is a BAA? Business Associate performs a job for or on behalf of an HCC Using the HCC’s PHI Must sign a Business Associate Agreement BEFORE PHI is shared Do you know who your BAs are?

13 Hospital Error Hospital shared PHI with a billing company
Hospital did not have a BAA in place $ 1.55 M Penalty

14 What is NOT PHI…* Worker’s comp documents Employment information
Position required immunizations Return-to-work notes FERPA information Immunizations for programs Excused absence notes Treatment records

15 Why the Asterisk?? If you work in an HCC that PROVIDED the student or employee immunization or treatment, those records MAY BE covered by HIPAA. Understand who your HCCs are. You must understand who created the record and for what purpose to know whether the information is PHI.

16 Privacy Violation or Professionalism Issue?
Business college employee calls in sick; supervisor tells co-worker the details. Health Services employee calls in sick, provider who saw her tells her supervisor the employee won’t be in. Student calls in with flu; professor asks College Clinic if student really has the flu

17 Can You… Ask HR to check an employee’s insurance file to see if the employee is actually ill? Ask Health Services to confirm that an employee actually had an appointment on a particular day? Share a student-athlete’s treatment file with campus PD? With a professor?

18 There ARE Consequences
If you use or disclose PHI and the use or disclosure -was not required/permitted by law -was not for TPO -was not with patient Authorization or under a BAA, you have violated HIPAA.

19 Even When Disclosure or Access is Appropriate Under HIPAA:
All uses and disclosures of PHI are subject to the Minimum Necessary Standard. Definition – least amount of information necessary to accomplish the purpose Note: This standard does NOT limit disclosures made for actual treatment purposes. (Being curious is NOT treatment.)

20 Criminals ARE Covered Hospital called police on a patient suspected of Medicaid fraud Fraud was confirmed; patient was arrested Hospital confirmed identity to the media OCR Penalty: $2.4 M in 2017

21 Snooping Physician Pays
Media reported on local newscaster’s death Physician accessed PHI to see details Physician sentenced to 1 year probation, 60 hours of community service, and fined.

22 The Manager’s Role: When new employees arrive, When employees leave,
No PHI from previous employer Training completed Document access When employees leave, Termination checklist Account for all PHI Account for devices

23 EMPLOYEES ARE INDIVIDUALLY RESPONSIBLE FOR PROTECTING PHI
-Protect PHI in your possession/under your control Paper charts -Patient hand-off sheets Laptops -Films/images Smart phones -Clinic notes -Encrypt electronic devices so they are “Secure” under HIPAA. -“Secure” means the PHI is unusable, unreadable, indecipherable.

24 ARE EMPLOYEES ALLOWED TO TAKE PHI HOME?
Next Stop…Penalty Box Health Plan employee took work home No policy addressing this; no procedure Some accessed PHI after separation Company paid $3.5M in penalties KNOW WHERE YOUR PHI IS! ARE EMPLOYEES ALLOWED TO TAKE PHI HOME?

25 Trash is Treasure – Protect It
Local news station found PHI in dumpster Reported the story Penalty: $125K

26 Encryption is Key Univ of Mississippi Med - $2.75M
Unencrypted laptop, shared passwords Non-Profit Biomedical - $3.9M Unencrypted laptop stolen from car Oregon Health & Sciences - $2.7M Unencrypted laptop, thumb drive, cloud Advocate Health - $5.5M Unencrypted desktops and laptops stolen

27 2017 Penalties…to date $17M+ to date Unencrypted laptops/devices
Sharing with unauthorized recipients Not terminating access to PHI when employee no longer needs access

28 Violation Categories and Penalty Amounts
Monetary Penalties Violation Categories and Penalty Amounts Category (HITECH § 1176(a) (1)) Each Violation All such violations (identical violation/year) (A) Did not know $100 - $50,000 $1.5 million (B) Reasonable cause $ $50,000 (C)(i) Willful neglect (corrected) $10,000 - $50,000 (C)(ii) Willful neglect $50,000+ $1.5 million (not corrected)

29 Criminal Penalties Fines may be imposed against the University and individual work force members (Note that “work force members” include employees, trainees, students, and volunteers.) Individual work force members may be imprisoned for up to 10 years

30 Take Advantage Of the Safe Harbor
Violations that are reported to, managed, and closed by the Privacy Official within 30 days = no penalties or fines may be imposed against you or the University Sorry – no safe harbor for criminal acts or deliberate disregard for the law… Report ASAP so the Safe Harbor can be used!!

31 For Your Information……
Office for Civil Rights - HIPAA.com -

32 *** The End ***

Download ppt "HIPAA OVERVIEW Privacy & Related Issues for Business Officers"

Similar presentations

HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.

The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Similar presentations

Ads by Google