Presentation is loading. Please wait.

Presentation is loading. Please wait.

WELCOME.

Published by지인 곽 Modified over 5 years ago

Similar presentations

Presentation on theme: "WELCOME."— Presentation transcript:

1 WELCOME

2 Health Insurance Portability and Accountability Act (HIPAA) Training Privacy Rule Security Rule

3

4 The HIPAA Privacy Rule and Protected Health Information
The HIPAA privacy rule, in the employment context, gives employees rights over how their health information may be used or disclosed and protects the unauthorized disclosure of certain medical information known as protected health information (PHI). The HIPAA privacy rule requires covered entities to handle PHI very cautiously. It establishes limitations on who can view and receive your health information, whether it is in an electronic, written or oral form. The U.S. Department of Health and Human Services (HHS) enforces the HIPAA privacy rule.

5 THE CONCEPTS HIPAA – sets national standard for protection of
certain health information Use and Disclosure of Protected Health Information (PHI) Covered Entities – subject to HIPAA Privacy Rule

6 Concepts – Privacy Rule
Bring Balance – information properly protected while allowing flow of information needed. Flexible and comprehensive.

7 Concepts – Privacy Rule
Also enforced by Federal Government - Department of Health and Human Services (HHS) Office of Civil Rights (OCR),

8 Who Must Comply? Entities that must follow the HIPAA privacy rules are called “covered entities.” Covered entities include the following: Health care providers Those that transmit health information electronically either directly or through a business associate, including those that furnish and bill for—and are paid for—health care services, such as doctors, dentists, hospitals, nursing homes and pharmacies. Health care clearinghouses Health care management organizations that process nonstandard health information into a standard or vice versa, such as billing services.

9 Who Must Comply? (cont.) Covered entities also include the following: Health plans Individual and group, government and church sponsored and multi-employer plans that provide or pay cost of medical care

10 The HIPAA Privacy Rule and Protected Health Information (PHI)
PHI: Individually Identifiable - any form or media Relates to past, present or future: physical or mental health condition of an individual Health care to the individual Payment for provision of health care Identifies or reasonably believe can be used to identify an individual (e.g., name, address, birth date, Social Security number, account number). Is in the possession of or has been created by covered entities.

11 The HIPAA Privacy Rule and Protected Health Information (PHI) (cont.)
PHI may be included in: Health care claims or encounter information. Health care payment and remittance advice. Coordination of benefits. Health care claim status. Enrollment or disenrollment in a health plan. Eligibility for a health plan. Health plan premium payments. Referral certification and authorization.

12 The HIPAA Privacy Rule and Protected Health Information (PHI)
No restriction on use of De-Identified Information

13 The HIPAA Privacy Rule and Protected Health Information (PHI)
Use of PHI Written Authorization or Rule Permits Sharing PHI: To Individual Treatment, Payment and Health Care Operations Incident to Otherwise Permitted Use Opportunity to Agree or Object Public Interest and Benefit Activities

14

15 The HIPAA Privacy Rule and Protected Health Information (PHI)
Minimum Necessary Rule – reasonable efforts to use, disclose and request. (Policy and Procedure) Reasonable Reliance Folks Exceptions: Health Care Provider – Treatment Individual/PR Authorization Disclose by Law/Rule

16 Business Associates Person or entity that performs certain functions on behalf of or to a covered entity, and Involves use or disclosure of PHI Ex: claims processing, data analysis, utilization review and billing Need Business Associate Agreement

17 Employer Role Examples – As an employer - appropriate to obtain and use personal health information in the employer role: An employer requests a doctor’s note from employees after they return from an absence, consistent with the company’s policies or practices. An employer obtains medical information from employees to administer leave programs such as the Family and Medical Leave Act (FMLA), requests for Americans with Disabilities Act (ADA) accommodation, workers’ compensation, wellness programs and health insurance (e.g., employers may use health information that excludes PHI for amending plans or obtaining bids for health insurance).

18 Employer Role (cont.) An employer includes employee names and injury information on Occupational Safety and Health Administration (OSHA) logs. An employer obtains information from medical providers related to drug tests and fitness-for- duty exams. An employer corresponds with workers’ compensation carriers and health care providers in the administration of a workers’ compensation claim.

19 COUNTY RESPONSIBILITIES
Have written PHI policy and procedures. Access and Use Disclosures and Requests Establish administrative, technical and physical safeguards to protect the privacy of PHI. Designate a privacy officer.

20 County responsibilities
Train employees on the HIPAA privacy rule. Provide a process for filing complaints.

21 NOTICE TO Employees Notice of Privacy Practices Notice to:
Ways County may use and disclose PHI County’s duties protect privacy The Individual’s Rights Complaint process for violations with POC Notice to: New Enrollees Reminder to existing employees every three years can request copy of notice

22 Employee Rights Employees have a right to:
Request a copy of their medical records (reasonable fee for copying and mailing records). Restrict who can obtain their PHI – no county obligation. Amendment - Change incorrect information Request a report of when and why PHI was used. Disclosure Accounting Exemptions – no accounting required Treatment/payment/health care operations To individual/PR Authorization and permitted Law enforcement/corrections/national security

23 Employee Rights Employees have a right to:
Choose alternate confidential communication methods. File complaints. No retaliation by Employer. Can’t require employee to waive rights.

24 The HIPAA SECURITY Rule and Protected Health Information (PHI)

25 The HIPAA SECURITY Rule and Protected Health Information (PHI)
CONCEPTS Same goals and objectives as Privacy Rule – Balance and Flexibility Applies to PHI the county creates, receives, maintains or transmits in Electronic Form (e-PHI)

26 The HIPAA SECURITY Rule and Protected Health Information (PHI)
General Rules Ensure confidentiality, integrity and availability of e- PHI

27 The HIPAA SECURITY Rule and Protected Health Information (PHI)
General Rules 2. Identify and Protect against reasonably anticipated threats to security and integrity of the e-PHI. 3. Protect against reasonably anticipated impermissible uses and disclosure.

28 The HIPAA SECURITY Rule and Protected Health Information (PHI)
General Rules 4. Ensure compliance by the workforce.

29 The HIPAA SECURITY Rule and Protected Health Information (PHI)
General Rules – Do not Dictate which security measures to use. County required to consider: 1. Size, complexity and capabilities; 2. Technical, hardware, and software infrastructure; 3. Cost of Security Measures and 4. Likelihood and possible impact of potential risks to e-PHI.

30 The HIPAA SECURITY Rule and Protected Health Information (PHI)
REQUIRED TO PERFORM RISK ANALYSIS Includes but is not limited to evaluation of: * Evaluate likelihood and possible impact of potential risks to e-PHI. * Implement appropriate security measures to address risks * Document chosen security measures and rationale * Maintain continuous reasonable measures On-going process – review and re-evaluation

31 The HIPAA SECURITY Rule and Protected Health Information (PHI)
Administrative Safeguards On-going review and re-evaluation Designate a Security Officer - e-PHI Limit uses and disclosures to minimum necessary Workforce training

32 The HIPAA SECURITY Rule and Protected Health Information (PHI)
Physical Safeguards Limit facility access and control Workstation and Device Security Examples?:

33 The HIPAA SECURITY Rule and Protected Health Information (PHI)
Technical Safeguards Access Controls – only authorized persons Audit Controls – software and technical policies to record and examine activity on systems that have e-PHI Integrity Controls – policies and procedures ensure e-PHI not altered or destroyed Transmission Security – protect information transferred over electronic network

34

35 HIPAA Privacy Violations
Violations of the HIPAA privacy rule may result in: Minimum civil penalties of $100 per violation. Maximum civil penalties of $1.5 million per year. Notice/Appeal Criminal penalties: Knowing offenses - $50,000 and 1 year False Pretenses - $100,000 = 5 year Intent to Sell/Transfer $250,000 = 10 years Lawsuits.

36 Top Ten Violations 1. Keeping unsecured records – locked/passwords
2. Unencrypted data – stolen/lost device – not strict requirement but highly recommended 3. Hacking – firewalls/anti-virus 4. Loss/Theft of Devices 5. Lack of Employee Training

37 Top Ten Violations 6. Gossiping – PHI
7. Employee Dishonesty – snooping 8. Improper disposal of records 9. Unauthorized Release of Info 10. 3rd party disclosure

38 Skagit County 2014 Settlement - $215,000
14 days – ePHI was accessible on its public server Didn’t notify those effected of breach Insufficient policies, procedures to detect, prevent, contain and correct Failure to implement and maintain policies and procures to ensure compliance Failure to provide security awareness training to worforce

39 Training - Policies - Procedures
QUESTIONS? Training - Policies - Procedures

Download ppt "WELCOME."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.

HIPAA The Hidden Beast June Kissinger Director, Risk Management Support Services March 12, 2003.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

Similar presentations

Ads by Google