170 likes | 319 Views
Confidentiality and Privacy of Consumer Information. What is the basis of our policies and procedures concerning confidentiality, rights and privacy?. HIPAA. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT. LAWS and REGULATIONS GOVERNING PRIVACY.
E N D
What is the basis of our policies and procedures concerning confidentiality, rights and privacy?
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
LAWS and REGULATIONS GOVERNING PRIVACY • Official Code of Georgia Annotated Chapters 37-3, 37-7 and 37-4 • Chapter 290-4-9 of the Rules of the Department of Human Resources • Federal statutes (42 USCA 290dd-2) and regulations (42 CFR Part 2) related to substance abuse records • Federal regulations 45 CFR Parts 160 and 164 - Standards for Privacy of Individually Identifiable Health Information under the Health Insurance Portability and Accountability Act (HIPAA)
TERMS AND DEFINITIONS • Individually Identifiable Health Information (IIHI) • Information about an individual that relates to the past, present, or future physical or mental health or condition of an individual; • the provision of health care to an individual; • or the past, present, or future payment for the provision of health care to an individual; • and identifies the individual or can be used to identify an individual
TERMS AND DEFINITIONS • Protected Health Information (PHI) • Individually identifiable health information including • name, • geographic subdivisions smaller than a state (street address, city, county, zip code, geocodes), • all elements of a date except year for all dates related to the consumer (including birth date, admission date, discharge date, date of death), • telephone number, fax number, email address, • social security number, account number, insurance number, license number, certificate number, vehicle ID, device number, URL, IP address, biometric ID, facial photograph • and comparable images and any other unique identifier or code.
TERMS AND DEFINITIONS • Preemption • If a state or federal law or regulation grants the consumer greater access to their PHI, then it will preempt HIPAA. • If a state or federal law or regulation gives consumer health information greater protections from disclosure then it will preempt HIPAA. TPO TREATMENT PAYMENT HEALTH CARE OPERATIONS
ADMINISTRATIVE REQUIREMENTS • Privacy Officer (PO) • Lorraine Harris • Business Associates • Must have a contract/agreement that holds them to the same HIPAA standards. • Complaint Process • Consumers can file a complaint if they believe we have violated their rights under HIPAA.
HIPAA CONSUMER RIGHTS • Receive Notice of Privacy Practices • Access to Designated Record Set (DRS) • Request Amendment to DRS • Request Restriction on Communications • Request Confidential Communications • Accounting of Disclosures • File a Complaint
NOTICE OF PRIVACY PRACTICES What is the NPP? • The Notice of Privacy Practices describes how information about the consumer is used by the Cobb/Douglas CSB and when we will disclose it without their authorization. Must be posted at each service site Must be posted on web Must be given to each consumer after April 14, 2003 HIPA
MINIMUM NECESSARY STANDARD • This refers to the practice of limiting the disclosure of information to that information reasonably necessary to accomplish the purpose for which disclosure is sought. • This includes use internally by staff. Staff should have access to and use only the minimum necessary. • ALL STAFF ARE RESPONSIBLE FOR APPLYING THE MINIMUM NECESSARY STANDARD IN THE COURSE OF CARRYING OUT THEIR JOB DUTIES.
PRIVACY AND SECURITY BEST PRACTICES • Protect your computer passwords - never share or give to anyone else • Log off of CADIS and any other open files that contain PHI or IIHI • Keep computer screens out of eye site of others • Keep medical record rooms locked/secured • Only access consumer information you need to do your job - limit to minimum necessary
PRIVACY AND SECURITY BEST PRACTICES • Keep consumer records and other documents containing PHI/IIHI out of site - don’t leave lying around • Monitor faxes containing PHI/IIHI • Documents with PHI/IIHI to be discarded should be shredded • Don’t talk about consumers in public areas • If asked for consumer information - question why • Report problems/violations ?
PENALTIES FOR VIOLATION • Violation but not willful • $100 penalty for each violation – limited to $25,000 per calendar year • Wrongful Disclosure • Up to $50,000 and/or imprisoned for not more than 1 year • Obtained PHI under false pretenses • $100,000 and/or imprisoned for not more than 5 years • Intent to sell, transfer or use for gain or malicious harm • $250,000 and/or imprisoned for not more than 10 years
SUBPEONAS and COURT ORDERS • Notify your supervisor • Supervisor notify site/program director • Notify Medical Record Director • Privileged information can never be released with • a subpoena • SA information can never be released with • a subpoena
? ? QUESTIONS ? ?
Thanks for your attention! It's time now for the Post Test.