1. HIPAA OBJECTIVES  Define HIPAA  Define PHI  Use of PHI  Your rights  Your responsibilities

2. HIPAA  HEALTH  INSURANCE  PORTABILITY and  ACCOUNTABILITY  ACT

3. Components of HIPAA  Insurance portability – Insures individuals moving from one health plan to another will have continuity of coverage and will not be denied coverage under pre-existing-condition clauses.  Fraud enforcement (accountability) – Significantly increases the federal government’s fraud enforcement authority in many different areas.  Administration simplification – the most significant part of the legislation

4. Easy to share.Easy to misuse.

5.  Knowingly releasing patient information –1 year jail sentence and $50,000 fine  Gaining access to health information under false pretences –five-year jail sentence and $100,000 fine  Releasing patient information with harmful intent or selling information –10-year jail sentence and $250,000 fine

6. Confidential = Identifiable Information  Names  Addresses  Employers  Relatives’ names  Dates of birth  Telephone and fax numbers  E-mail addresses

7. Confidential = Identifiable Information Continued  Social Security numbers  Medical record numbers  Member or account numbers  Certificate numbers  Voice prints  Finger prints  Photos  Codes  Any other characteristic, such as occupation, which may identify individual CONFIDENTIAL!

8. PHI  Protected  Health  Information PASSWORD

9. Ways to Protect Patient Privacy  Do I need to know this to do my job?  Do not pass it on.

10. Ways to Protect Patient Privacy –Close patient room doors to discuss treatments & administer procedures. –Close curtains & speak softly in semi-private rooms when discussing treatment & administering procedures. –Avoid discussions about patients in elevators & cafeteria lines. –Do not leave messages regarding conditions or test results on answering machines or with anyone other than patient. –Avoid paging patients using information that could reveal their health issues.

11. Rules for Use  Treatment  Payment  Healthcare Operation  Authorization from individual patient  Disclose information to patient  Incidental disclosures are permitted

12. Reasons to Release PHI Without Authorization  State health agencies require providers to report to them when patients have certain communicable diseases, even if patient doesn’t want it reported  The FDA requires providers to report certain information about medical devices that break or malfunction  Some states require physicians and other caregivers who suspect child abuse or domestic violence to report it to police

13. Reasons Continued  Police have the right to request certain info about patients to determine whether they are suspects in criminal investigation or to assist in locating a missing person, material witness or suspect  Courts have the right to order providers to release patient information  Providers must report cases of suspicious deaths or suspected crime victims

14. Privacy Rules Provide You As A Client New Rights  Notice of privacy  Right to restrict use & disclosure of PHI  Right to have PHI communicated by alternate means  Right to amend PHI  Accounting of disclosures of PHI  Right to access PHI

15. Your Responsibilities  Understand PHI  Know rules  Know how to implement in your department  Reporting violations

16. CAN’T HAVE PRIVACY WITHOUT SECURITY

17. Questions?