Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7—Privacy Law and HIPAA

Similar presentations


Presentation on theme: "Chapter 7—Privacy Law and HIPAA"— Presentation transcript:

1 Chapter 7—Privacy Law and HIPAA
PowerPoint to accompany Law & Ethics For Medical Careers Fourth Edition Judson · Harrison · Hicks Chapter 7—Privacy Law and HIPAA Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display 7-1

2 Privacy Law & HIPAA Objectives
Discuss federal privacy laws that pertain to healthcare Discuss conditions that led to passage of HIPAA Discuss four standards of HIPAA Explain the advantages to uniform transmission standards and code sets

3 Privacy Law & HIPAA Objectives continued
Determine which covered entities must comply with HIPAA provisions Summarize provisions of the Privacy Rule Recognize and dispel some of the myths concerning HIPAA

4 The Constitution and Privacy Laws
Privacy Laws are based on amendments to the U.S. Constitution: First Amendment Freedom of Speech Third Amendment No soldier quartered in private citizen’s home without permission Fourth Amendment Unreasonable search and seizure prohibited

5 The Constitution and Privacy Laws continued
Fifth Amendment Cannot testify against yourself Ninth Amendment Constitutional rights shall not be used to deny other rights retained by the people Fourteenth Amendment Equal protection under the law

6 Federal Privacy Laws Common points in all Federal privacy laws are:
Information collected and stored about individuals shall be limited to what is necessary Access to personal information should be limited to those employees who need to know

7 Federal Privacy Laws continued
Common points continued Personal information may not be released outside the organization without authorization When information is being collected about a person, that person should know and have opportunity to check See Table 7-1 for a list of major federal privacy law

8 Table 7-1

9 Why HIPAA? Healthcare billing has become more complex
Managed care added layer of administrative duties Rising cost of medical malpractice and the cost of doing business Rising cost of healthcare and health insurance

10 HIPAA terms Covered Entities Covered Transactions
Designated record set Notice of Privacy Practices (NPP) Protected Health Information (PHI) State preemption Treatment, payment, and healthcare operations (TPO)

11 Covered Entities People, businesses, or agencies that must comply with HIPAA Standards and Privacy Rule Hospitals Nursing Homes Hospices Pharmacies Physician Practices Dental Practices Other providers of care Health plans (payers) Healthcare Clearing houses

12 Covered Transaction A transaction is an electronic exchange of information between two covered entities Includes claims, patient identifiable information, referrals, authorizations

13 Designated Record Set Records maintained by or for a covered entity including Medical records Billing records Health Plans enrollment, payment, claims adjudication, case management records Any record used by a covered entity to make decisions about an individual

14 Notice of Privacy Practices
Every healthcare provider must provide each patient with a written notice of the provider’s privacy policies The patient is asked to sign an acknowledgment form

15 Protected Health Information (PHI)
Any information that contains one or more patient identifiers that could be used to identify an individual PHI must be protected whether written, spoken or electronically transmitted

16 State Preemption If a state’s privacy laws are stricter than HIPAA, state law takes precedence

17 Treatment, Payment and Healthcare Operations (TPO)
TPO allows providers to provide treatment, disclose PHI for payment, and conduct the necessary business operations within and among other covered entities

18 Business Associates Business associates of covered entities must have contracts/agreements with covered entities guaranteeing that PHI will be safeguarded Business associates include accountants, legal consultants, transcription services, and other similar type services provided to covered entities

19 HIPAA Standards There are four HIPAA standards. A Standard is a general requirement. Standard 1—Transactions & Code Sets Standard 2—Privacy Rule Standard 3—Security Rule Standard 4—National Identifier Standards

20 Standard 1-Transaction & Code Sets
Transaction Requirements Established standards for Electronic Data Interchange (EDI) for transmittal of information Must be used by all covered entities

21 Transactions & Code Sets continued
Local code sets eliminated Four categories of codes Coding systems for diseases (ICD-9) Coding systems for causes of injury, diseases (ICD-9) Actions taken to prevent, diagnose, treat, or manage diseases (CPT-4) Substances, equipment, supplies (HCPCS)

22 Standard 2- Privacy Rule
Patient Health Information (PHI) may be disclosed with permission The permission is a reason for each use and disclosure There are eleven HIPAA defined permissions

23 Standard 2-Privacy Rule Permissions
Disclosure to HHS representative (required) Disclosure to patient (required) Disclosure for treatment, payment, or healthcare operations (TPO) Others’ treatment Personal Representative Disaster Relief Organizations Incidental disclosures Public purposes Authorization from patient De-identified information Limited data set

24 Requirements for Disclosing PHI
Verification of identification of requestor Only the minimum necessary data should be disclosed Patient lists may not be provided to pharmaceutical & survey companies that are marketing services

25 Requirements for Disclosing PHI continued
Psychotherapy notes must have specific written approval from patient. Check for specific exceptions to this requirement Covered entities must have Policies and Procedures consistent with Notice of Privacy Practices (NPP) If state law conflicts with HIPAA, you must follow the law that offers most protection

26 Patients’ Rights Under HIPAA
Patient has right to access and right to copy records Patient has right to request amendments to his/her PHI. Unless provider has grounds to deny, amendments must be made Patient has right to request for an accounting of disclosures of PHI

27 Patients’ Rights Under HIPAA continued
Patient has right to be contacted at places other than work or home Patient has right to request further restriction on who has access. Covered entity may deny request for valid reasons Patient has right to file a complaint

28 Standard 3-Security Rule
Covered entities and business associates must have security plan in place Appropriate measures such as a security officer, passwords, firewalls, encryption, and anti-virus software if necessary

29 Standard 4-National Identifier Standards
Standard is meant to provide a unique number for each provider of care Implementation is still underway

30 Ethics Guide Discussion
In some physician offices, the Privacy/Security Officer is a member of the staff and has other duties. This person is sometimes referred to as the “HIPAA Police”. You personally observe the Security Officer violate basic HIPAA Standards—especially Standard 2. What are you going to do?


Download ppt "Chapter 7—Privacy Law and HIPAA"

Similar presentations


Ads by Google