Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Information Privacy and Accountability Act

Published byMargaretMargaret Ashlyn Williamson Modified over 9 years ago

Similar presentations

Presentation on theme: "Health Information Privacy and Accountability Act"— Presentation transcript:

1 Health Information Privacy and Accountability Act
HIPAA Health Information Privacy and Accountability Act

2 What is HIPAA In 1996 Congress passed Health Information Privacy and Accountability Act Full compliance required since 10/16/03 Mandates Federal privacy protections for individual identifiable health information Primary purpose was to provide insurance coverage for workers who change jobs The Security, Privacy, and standards for electronic transactions are part of the Act Health insurance portability and accountability act

3 Cost American Hospital Association estimates costs to be 22.5 billion dollars over the first 5 years Physical changes to departments Staff training State law vs. Federal – most restrictive law takes precedence

4 Protected Health Information
Created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university or healthcare clearinghouse in normal course of business Relates to past, present or future physical or mental health or condition of an individual Relates to provision of healthcare to an individual Past, present or future payment for provision of health care to an individual

5 What is considered Protected Health Information (PHI)?
Name Name of Relatives/Household Medical Record Number Address Employer Account/Health Plan Number SSN Telephone Numbers Vehicle or Other Device Serial Number Fingerprint Fax DOB Photograph address Certificate/License Number

6 De-Identified Health Information
No restrictions on use or disclosure of de-identified health information Does not identify the individual Does not provide a reasonable means to ID a person

7 How Do I De-Identify Health Information?
Formal determination by a qualified statistician Removal of specific identifiers of individual and that individual’s family, household members, employer

8 When can I disclose PHI without the person’s authorization?
When sharing information with that person Information may be disclosed to doctors, nurses, technicians, health care providers and hospital personnel who are involved in the patient’s care Use for billing, treatment, or other health care operations Facility directory – includes name, location in the facility and general condition An individual may give informal permission to discuss with family, relatives or other identified people PHI directly relevant to that person’s involvement in the individual’s care or payment for care i.e. a pharmacist can give a filled prescription to a person acting on behalf of the patient Health care operations: CQI studies, competency assurance activities, case management and care coordination, audits, legal services, compliance programs, fraud investigations, risk management, business planning, etc

9 When can I disclose PHI without the person’s authorization?
When required by federal or state law: Public Health Law enforcement agencies Appropriate government agencies In response to a court order or subpoena Health Oversight Agencies: for legally authorized audits, investigations, inspections, licensure, etc. To report child/elder abuse or neglect or domestic violence Health care operations: CQI studies, competency assurance activities, case management and care coordination, audits, legal services, compliance programs, fraud investigations, risk management, business planning, etc

10 When can I disclose PHI without the person’s authorization?
Law enforcement purposes: criminal investigations, identify or locate a suspect, fugitive, or missing person alert regarding death of a person PHI is evidence of a crime that occurred on its premises emergency situation where the health care provider needs to communicate to law enforcement regarding location, nature, and perpetrator of the crime Health care operations: CQI studies, competency assurance activities, case management and care coordination, audits, legal services, compliance programs, fraud investigations, risk management, business planning, etc

11 When can I disclose PHI without the person’s authorization?
Coroners, Funeral Directors, Medical Examiners for identification purposes Facilitate organ donation Some research Threat to health or safety – to either person or public Essential Government Functions: national security, medical suitability for service, health and safety of inmates or employers in correctional facilities, eligibility for enrollment in government benefit programs When consulting with other health care providers about a patient’s treatment

12 All Other Disclosure of PHI Must have Authorization from Person

13 Minimum Necessary Key aspect of the privacy law
Make reasonable effort to disclose and/or request only that information which is needed to effectively treat, receive payment, or conduct business DME example Wheelchair ordered – only include that medical info needed related to the use of the wheelchair

14 HOW WILL HIPAA IMPACT YOUR PT PRACTICE?

15 Privacy Practice Notice
Notice of privacy practices must be provided to patient no later than the first service encounter Notice must include the following: Ways your clinic may use and disclose PHI How your clinic will protect the patient’s privacy, legal requirements to protect privacy, and written notice of privacy practice including individual rights including right to complain to HHS Posted notice that is clearly visible to all patients Patient must sign that notice was provided, reviewed or received – recommend have the patient sign the actual notice

16 Safeguards to implement
Speak quietly while discussing patient’s treatment/condition in waiting room with family members or patient Avoid using patient’s name in public hallways Lock all file cabinets, record/chart rooms – limit access to these keys to only staff that need access to records Lock staff offices when empty Computer disc when not in use should be locked up in desks, cabinets or disc storage Computers should be only accessed by appropriate staff (via passwords)

17 Safeguards to implement
Patient sign in sheets should not include reason for visit OK to call out patient’s name in waiting rooms – limit information shared Keeping charts outside exam room or at bedside allowable as long as access limited to information – face chart to wall or face down on bed, limit access to exam/treatment areas by staff or by escorting non- employees Leaving messages for patients on their answering machines is ok – but limit what you disclose Shred documents containing PHI before throwing out Keep all privacy policies, records, complaints, other activities related to HIPAA for at least 6 years

18 You do not have to Retrofit your clinic with sound proof rooms – curtains or cubicles may constitute reasonable safe guard Discussing details of patient’s treatment in a “gym” allowable as long as detailed discussions occur in more private setting Get consent from patient when consulting on a patient’s treatment with another provider You are asked for your opinion about a treatment of a patient who is not yours by another PT – no need to get consent from patient about sharing PHI

19 What happens if patient refuses to sign notice?
Document your efforts to get signature Document why patient would not sign

20 THE PATIENT HAS RIGHT OF ACCESS TO ALL THEIR DESIGNATED RECORD SET – ANY RECORDS WITH PHI
YOU SEND NOTICE TO COLLECTION AGENCY WITH PHI INCLUDED – PATIENT HAS RIGHT TO SEE THAT LETTER CAN CHARGE REASONALBE COPYING COSTS TO PATEINT

21 Designated Record Set Group of records maintained by CE used in whole or part to make treatment decisions Providers medical and billing records about an individual’s health plan enrollment, payment, claims adjustment, case management records

22 Restriction Request Patients have the right to request your clinic restrict who gets or how PHI is used Your clinic does not have to agree to additional restrictions requested by patient If you do agree – your agreement is legally binding Patients have the right to request their information be amended Ex: patient wants his bills sent to a PO box not home address – and you agree but then send bills to home address – you are in violation of HIPAA

23 What about minors? Most cases parents are personal representatives for minor children Professional judgment is allowable (if made by a licensed health provider) if state law is silent about sharing information with parents

24 What happens if you violate HIPAA?
$100 fine per failure to comply with a requirement Not to exceed $25,000 for multiple violations of same rule in calendar year No fine if violation due to reasonable cause and did not involve willful neglect and if corrected within 30 days of knowledge of violation

25 What happens if you violate HIPAA?
Knowingly obtain or discloses PHI in violation of HIPAA – fine up to $50,000 and one year in prison Fine increases to $100,000 and 5 years in prison if involves false pretense Increases to $250,000 and 10 years in prison if involves selling and transfer of PHI for profit, commercial advantage, personal gain or malicious harm

Download ppt "Health Information Privacy and Accountability Act"

Similar presentations

Protecting Patient Privacy:

Protecting Patient Privacy:
Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.

Responding to Subpoenas and Law Enforcement Demands for PHI: An Overview Janet A. Newberg Chair, Health Law Section Felhaber Larson Fenlon & Vogt, P.A.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.

HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

Similar presentations

Ads by Google