• No results found

HIPAA OVERVIEW ETSU 1

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "HIPAA OVERVIEW ETSU 1"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

HIPAA OVERVIEW

ETSU

1

(2)

What is HIPAA?

Health Insurance

Portability and Accountability

Act.

2

(3)

PURPOSE - TITLE II

ADMINISTRATIVE SIMPLIFICATION

To increase the efficiency and

effectiveness of the entire health care

system through:

 The electronic exchange of information

 The standardization of that information

To enhance the security and privacy of

Protected Health Information (PHI)

throughout the entire health system

3

(4)

PRIVACY RULE:

WHAT DOES IT DO?

HIPAA regulates the use or disclosure of

Protected Health Information (PHI)

4

(5)

WHAT IS PHI?

Health and demographic information about an

individual that is transmitted or maintained in

any medium where the information:

Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

Relates to the past, present, or future

Physical or mental health condition of an individual, or

Provision of health care to an individual, or

Payment for the provision of health care to an individual

5

(6)

INDIVIDUAL IDENTIFIERS

1.

2.

3.

4.

5.

Name

Geographic subdivisions smaller than a State

- Street Address

City

County

Precinct

Zip Code & their equivalent geocodes, except for the initial three digits

Dates, except year

- Birth date

Admission date

Discharge date

Date of death Telephone numbers Fax number

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

18.

E-Mail Address

Social security numbers Medical record numbers

Health plan beneficiary numbers Account numbers

Certificate/license numbers

Vehicle identifiers and serial numbers, including license plate numbers

Device identifiers and serial numbers Web universal resource locations (URLs)

Internet Protocol (IP) address numbers Biometric identifiers, including finger and voice prints

Full face photographic images and any comparable images

Any other unique identifying number,

6

characteristic, or code

(7)

PERMITTED USES & DISCLOSURES

HIPAA permits the use or disclosure only

for the following purposes:

Treatment

Payment

Health Care Operations

(These are referred to as “TPO”)

7

(8)

MANDATED USES & DISCLOSURES

HIPAA mandates the disclosure of PHI for

certain purposes such as:

 Health oversight activities

 Judicial and administrative proceedings

 Law enforcement purposes

 Organ donation

All other uses or disclosures require an

authorization

8

(9)

HEALTH CARE OPERATIONS

Any of the following activities of a Covered Entity:

Quality assessment and improvement and population- based activities

Peer review and credentialing activities

Underwriting, premium rating, and other activities related to the creation, renewal, or replacement of a contract of health insurance

Medical review, legal services, and auditing

Business planning and development

Business management and general administrative activities

9

(10)

AUTHORIZATION

Authorization must be obtained for ALL uses and disclosures other than TPO or those mandated under law

Authorizations must include:

 A description of the information to be disclosed

 The name of the person or entities to whom the information will be disclosed

 An expiration date

 Information regarding right to revoke

 Date and signature

10

(11)

PRIVACY NOTICE

Privacy Notices Must:

Be in plain language

Contain a description and example of TPO

Contain a description and example of other uses and disclosures not requiring Authorization

Include statements about an individual’s rights

Include statements about the Covered Entity’s duties

Describe the complaint process

Provide other specific requirements 11

(12)

MINIMUM NECESSARY

A requirement that only “minimum

necessary disclosures” may be made to

accomplish the intended purpose of the

use, disclosure, or request for PHI.

12

(13)

MINIMUM NECESSARY

Internal Requirements:

Identify workforce who need to access PHI

For each class, category or person identified, limit access based on need-to-know

External Requirements:

Limit access to what is needed to accomplish the purpose for which the request was made

Each request that is non-routine should be

reviewed to determine whether it is reasonably

13

necessary

(14)

RESEARCH

To use or disclose PHI for research

purposes, Covered Entities must

obtain either:

Written authorization from the research subject.

Permission from the Institutional Review Board (IRB) or Privacy Board to waive the authorization

.

14

(15)

IRB WAIVER OF AUTHORIZATION

The following criteria must be met before

the IRB can waive the patient authorization

requirement for research:

Use of PHI will pose minimal risks to the subject’s welfare and privacy rights.

Research can not practically be conducted without the waiver or access to PHI.

Covered entity must protect PHI from inappropriate use or disclosure.

Researcher must provide written assurances that PHI will not be reused or disclosed, except as required by law.

15

(16)

INDIVIDUAL RIGHTS

Individuals have the right to:

Receive written notice of privacy practices

Request restrictions on uses & disclosures

Access, inspect & copy their PHI

Request amendment or correction of their PHI

Receive an accounting of disclosures of their PHI (except those related to treatment, payment, &

operations)

16

(17)

ADMINISTRATIVE REQUIREMENTS

Designate a privacy officer with primary

responsibility for ensuring compliance with

the regulations

Establish training programs for all members

of the workforce

Implement appropriate policies & procedures

to prevent intentional and accidental

disclosures of PHI

17

(18)

ADMINISTRATIVE REQUIREMENTS

Establish a system for receiving and

responding to complaints regarding the

Covered Entity’s privacy practices

Implement appropriate sanctions for

violations of the privacy guidelines

Make reasonable efforts to limit

information to minimum necessary to

accomplish a person’s purpose/job

18

(19)

ENFORCEMENT

The Public. The public will be educated about their privacy rights and will not tolerate violations to their privacy! Expect Class Action lawsuits.

Office For Civil Rights (OCR). Designated the enforcement agency concerning privacy

regulations. They will provide guidance and monitor compliance.

Department of Justice (DOJ). Involved in criminal privacy violations. Expect fines and penalties to be high.

19

(20)

PENALTIES - FAILURE TO COMPLY

Civil

 $100 per violation per person up to a maximum of

$25,000 per person per year per standard violated

Criminal

 Up to $50,000, 1 year in prison, or both, for inappropriate use of PHI

 Up to $100,000, 5 years in prison, or both for using PHI under false pretenses

 Up to $250,000, 10 years in prison or both, for the intent to sell or use PHI for commercial advantage, personal gain, or malicious harm

20

(21)

HIPAA/Confidentiality Accountability

Form

Click here for the link to the HIPPAA

Accountability Form

Print this form, complete it and submit it to

the D2L Health Requirement Site.

21

(22)

RESOURCES

http.//www.cms.hhs.gov/hipaa/hipaa2 - For frequently asked questions, links to other HIPAA sites, and information on the law, regulations, and enforcement

http.//www.hhs.gov/ocr/hipaa/ - U.S. Department of Health and Human Services’ Office for Civil Rights frequently asked questions

http.//www.hhs.gov/ocr/moneypenalties.html - Interim final rule:

Civil Money Penalties

22

References

Download now ( PDF - 22 Page - 294.40 KB )

Related documents

The health insurance marketplaces, or exchanges, created

For active employees, however, the annual dollar limit prohibition means employers cannot use HRAs to fund benefits unless they are integrated with an- other

HEALTH CARE REFORM: PLAY OR PAY?

With the new Individual Health Insurance Marketplaces (guaranteed-issue and affordable policies), Defined Contribution Health Plans now have all the same benefits of a group

APPLICATION FOR RESIDENTIAL OR HEALTH CARE LICENSE

INCREASE, CHANGE IN CATEGORY, CHANGE IN ADDRESS According to RSA 151 :2 (the Residential Care and Health Facilities Law) a facility or agency may not provide any residential or

Evaluation of reconstructions of snow/ice melt in Greenland by regional atmospheric climate models using laser altimetry data

Comparisons of Operation IceBridge (OIB) laser altimetry (black), RACMO2.3p2 surface mass balance (SMB) (purple) and MARv3.5.2 SMB (green) at a) Site 5 of the K-transect in

Scalability in Participatory Planning: A comparison of online PPGIS methods with faceto- face meetings

participants. There is no or very little difference in gender breakdown and percentage of college educated participants.. Comparison of traditional with online participation

NOTICE OF PRIVACY PRACTICES

We may also disclose PHI to another health care provider or to a company or health plan required to comply with the HIPAA Privacy Rule for the payment activities of that health

Name Last First Middle. (Complete Mailing) Address ** Street Apt# City State Zip. Work Phone # ( ) ** Emergency Contact Relationship Phone# ( )

Borman and Associates, P.C., that relates to my past, present, or future physical or mental health or condition; the provision of health care to me; or the past, present, or

ME-CHC-y-WISC-IV.pdf

Similarities Vocabulary Comprehension Information Word Reasoning Digit Span Letter-Number Sequencing Arithmetic Block Design Picture Concepts Matrix Reasoning Picture Completion