Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Published bySage Threadgill Modified over 10 years ago

Similar presentations

Presentation on theme: "Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law."— Presentation transcript:

1 Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

2 Copyright Eastern PA EMS Council February 2003 Committee Members This program and information is the result of the hard work of the following committee members: Don DeReamus – Chairperson Barry AlbertsonJoseph Panczer Andrew BrownSuzanne Raftery Barbara ConradBarbara Ruch James ConradRuth Weber Rose ConradJackie Wenzel Michael La BarLarry Wiersch

3 Copyright Eastern PA EMS Council February 2003 HIPAA It is a Federal law passed in 1996. It specifies what is required to protect the privacy of personally identifiable health care information.

4 Copyright Eastern PA EMS Council February 2003 Time Lines for HIPAA Compliance Three separate and independent timelines required for HIPAA compliance.

5 Copyright Eastern PA EMS Council February 2003 Time Lines for HIPAA Compliance Three separate and independent timelines required for HIPAA compliance. Privacy Rule compliance required by April 14, 2003

6 Copyright Eastern PA EMS Council February 2003 Time Lines for HIPAA Compliance Three separate and independent timelines required for HIPAA compliance. Transaction Code Set Rules (TCS) compliance required by October 16, 2002 or October 16, 2003 if you filed for an extension

7 Copyright Eastern PA EMS Council February 2003 Time Lines for HIPAA Compliance Three separate and independent timelines required for HIPAA compliance. Security Rule compliance deadline April 21, 2005

8 Copyright Eastern PA EMS Council February 2003 Covered Entities To be considered a covered entity, the organization must be either a health care provider, a health plan, or a health care clearinghouse. Covered entities provide services directly to the patient.

9 Copyright Eastern PA EMS Council February 2003 An ambulance service is considered to be a health care provider. Covered Entities

10 Copyright Eastern PA EMS Council February 2003 Covered Entities To be considered a covered entity, you must engage in electronic transactions. This includes billing.

11 Copyright Eastern PA EMS Council February 2003 Protected Health Information (PHI) When PHI enters an organization, whether it is from a patient, a bystander, a friend, a family member or a dispatch agency, all privacy and security rules apply.

12 Copyright Eastern PA EMS Council February 2003 What is PHI? Individually identifiable information Information regarding past, present, or future physical or mental health

13 Copyright Eastern PA EMS Council February 2003 What is PHI? Information regarding provision or payment of care to an individual. Includes any material that is written, verbal, electronic, scanned, photographic, etc.

14 Copyright Eastern PA EMS Council February 2003 Examples of PHI Patient care reports (PCRs) Dispatch records Billing information Incident reports with patient information. Physician Certifications

15 Copyright Eastern PA EMS Council February 2003 Three Allowed Uses of PHI Treatment Payment Health Care Operations These are allowed without prior patient authorization.

16 Copyright Eastern PA EMS Council February 2003 Treatment You may share PHI with other health care providers involved in treating the patient. First Responders may share patient information while on the scene. You may share information with emergency department personnel without the patient’s permission. Facilities may share information to providers for treatment purposes.

17 Copyright Eastern PA EMS Council February 2003 Payment Providers may use PHI to send invoices and file claims. Emergency Departments may supply “face sheet” information to services for billing purposes.

18 Copyright Eastern PA EMS Council February 2003 Operations QA/CQI, internal audits Patient names and addresses must be omitted if using PHI for research or education.

19 Copyright Eastern PA EMS Council February 2003 Business Associates A business associate is a person or an entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a covered entity.

20 Copyright Eastern PA EMS Council February 2003 Business Associates Covered entities must have formal “business associate” agreements in place with business associates to meet compliance guidelines under HIPAA.

21 Copyright Eastern PA EMS Council February 2003 Business Associates Examples of business associates are: collection agencies billing companies computer software companies that may have access to PHI legal counsel, etc.

22 Copyright Eastern PA EMS Council February 2003 Business Associates In other words, business associates are those entities that do not perform services directly to the patient but instead provide services to covered entities

23 Copyright Eastern PA EMS Council February 2003 Privacy Rule-What Is Required? o Designation of a privacy officer o Securing of patient records and limiting access so that they are not available to those personnel who do not have a “need to know”

24 Copyright Eastern PA EMS Council February 2003 Examples of Security Safeguards Include a confidentiality statement on all e-mails, fax cover sheets and web pages.  Web page notices must be printable. Keep patient care reports restricted.

25 Copyright Eastern PA EMS Council February 2003 Keep fax machines which receive PHI in a secure location and limit access. Obtain reasonable assurances that those who receive your faxes do the same. Examples of Security Safeguards

26 Copyright Eastern PA EMS Council February 2003 What is the Transaction Code Set Rule? (TCS)  Requires providers to submit electronic claims in an approved format.  Requires payers to accept transactions that are submitted in the standard formats.

27 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Conduct a “gap analysis”. Identify existing privacy related policies and procedures and review them for accuracy and compliance.

28 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Adopt a formal privacy practice. You may use samples from any source, but make sure you have all policies, forms, and agreements reviewed by your attorney.

29 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Develop and provide a notice to each patient concerning your privacy practices and make good faith effort to obtain a signed acknowledgement from the patient that he or she has received it.

30 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Develop a policy that protects PHI and distribute only the necessary parts of the PHI to entities that have a “need to know”.

31 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Identify all members of your organization who need to access Protected Health Information (PHI) by their job descriptions and identify what parts of PHI they need to access. Develop a policy that contains this specific information.

32 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Develop a policy that allows patients or their designated representatives access to their PHI

33 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Develop a Designated Record Set which will determine what information is released when it is requested.

34 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Develop a policy that identifies the method by which a patient or designee may amend their PHI.

35 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Identify business associates. Develop and execute business associate agreements. Coordinate with vendors.

36 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Appoint a privacy officer. This person may have other duties within the organization.

37 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Ensure that all required HIPAA policies, procedures and agreements have been developed.

38 Copyright Eastern PA EMS Council February 2003 The Steps to HIPAA Compliance Provide HIPAA training to all members of the organization by April 14, 2003. These members may include, but are not limited to: crew members, office personnel, board of directors, administrative personnel, etc.

39 Copyright Eastern PA EMS Council February 2003 Continued Compliance Monitor and revise policies as needed.

40 Copyright Eastern PA EMS Council February 2003 Very Important You must not only safeguard written PHI, but also verbal PHI! There must be a written policy banning all inappropriate banter about specific patients. Penalties for such behavior must be included in the policy.

41 Copyright Eastern PA EMS Council February 2003 What You Must Have!

42 Copyright Eastern PA EMS Council February 2003 - Notice of Privacy Practices - Business Associate Agreements - Accounting Log - “Minimum Necessary” Policies - Who needs access to what? You MUST Have

43 Copyright Eastern PA EMS Council February 2003 - Designated Record Set Policy - Policy regarding uses and disclosures - Training documents You MUST Have

44 Copyright Eastern PA EMS Council February 2003 - Amendment forms - Written designation of privacy officials - Documents regarding any penalties given for privacy violations You MUST Have

45 Copyright Eastern PA EMS Council February 2003 What Would It Be Nice to Have?

46 Copyright Eastern PA EMS Council February 2003 - Privacy officer job description - Request for access form - Request for amendment form - Request for restriction form You Should Have

47 Copyright Eastern PA EMS Council February 2003 You Should Have -Complaint policy -Password authorization form -Record release policy -Confidentiality policy

48 Copyright Eastern PA EMS Council February 2003 If you choose to use sample forms, agreements or policies from any source, review each of them with your attorney.

Download ppt "Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law."

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Anne Arundel County Fire Department

Anne Arundel County Fire Department
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
The HIPAA Privacy Training Video for EMS Field Providers

The HIPAA Privacy Training Video for EMS Field Providers
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.

Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.
Presents: Weekly HIPAA Teleconference Revised 10-16-02.

Presents: Weekly HIPAA Teleconference Revised
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

Similar presentations

Ads by Google