1 / 33

Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act. Leanna Levin. What does HIPAA do?. HIPAA requires every health plan, health care provider, and health care clearinghouse in the country to protect patient privacy. Who is included?.

hanselm
Download Presentation

Health Insurance Portability and Accountability Act

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Health Insurance Portability and Accountability Act Leanna Levin

  2. What does HIPAA do? • HIPAA requires every health plan, health care provider, and health care clearinghouse in the country to protect patient privacy.

  3. Who is included? • These include every hospital, doctor, nurse, home health care provider, nursing home, pharmacy, self-insurance company, health insurer and health-plan provider. • Basically any party that handles protected health information is now required to take privacy measures.

  4. What we are going to talk about today • Duties for those under HIPAA • Compliance • Protection of client’s privacy • Security of health information • Psychotherapy • documentation • release of information

  5. Standards. Transactions. and Code Sets • The HIPAA ruling set forth on April 14, 2003 is an updated version of the HIPAA statutes of 1996. • Because of new and improved technology, HIPAA’s Privacy Rule concentrates on electronically transmitted information.

  6. The Administrative Simplification • So what is electronic and what do you need to do to comply with HIPAA regulations? • The provisions state that covered entities that maintain or transmit health information are required to “maintain reasonable and appropriate administration, physical, and technical safeguards to ensure the integrity and confidentiality of the information and to protect against any reasonable anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information.”

  7. Compliance • A covered entity must comply with the “applicable standards implementation specifications, and requirements… with respect to electronic protected health information”

  8. Privacy of Individually Identifiable Health Information • Under the newly mandated privacy law: • There must be a privacy officer to make sure there is compliance and handle patient concerns and complaints about privacy violations

  9. Privacy of Individually Identifiable Health Information • There needs to be a repositioning of the computer screen so that someone walking by cant see private patients information • The computer is also used to limit the personal information required on public sign in sheets

  10. Privacy of Individually Identifiable Health Information • an evaluation of the positions that need access to each kind of information, • medical records, doctor’s notes, personal information • the decisions and the policies put in place need to be documented to keep medical documents limited to need-to-know viewing

  11. Privacy of Individually Identifiable Health Information • a training program needs to be put into place so the employees are aware of the proper privacy standards for handling medical information • document that training

  12. Privacy of Individually Identifiable Health Information • Patient’s Rights: • waivers need to be signed for patients to allow parties not directly involved in patient care—such as insurance companies, financial institutions and employers—to see patient information

  13. Privacy of Individually Identifiable Health Information • Patient’s Rights: • forms need to be created that allow patients to inspect and copy their records, restrict who sees them, amend them and get a list of who has seen them

  14. Privacy of Individually Identifiable Health Information • Not Patient’s Rights: • Professionals seeking advice on treating a patient can discuss the matter with other professionals without the authorization from the patient. • Conflict with the Code of Ethics

  15. Security of Health Information • Administration Safeguards • include a security management process, assigned security responsibility, workforce security, information access management, security awareness and training, security incident procedures, contingency plans, evaluations, and contracts

  16. Security Management Process • A Risk Analysis is conducted to assess the vulnerabilities and risks to the confidentiality, integrity and availability of electronic private health information. • Appropriate sanctions are implemented for workforce members who fail to comply.

  17. Assigned Security Responsibility • An individual must be identified who is responsible for the development and implementation of security policies and procedures

  18. Workforce Security • The policies and procedures need to be implemented to ensure that all assigned members of the workforce have appropriate access to electronic private health information and to prevent those who should not have access

  19. Information Access Management • Implement policies and procedures for establishing, authorizing, reviewing, documenting, and modifying a user’s right to access a workstation, transaction, program, process, or other means of accessing electronic private health information • Who can access what?

  20. Security Awareness and Training • Implement a security awareness and training program for all members of the workforce, including management that includes training on protection from malicious software, log in monitoring, password management, and periodic security reminders.

  21. Security Incident Procedures • Incident response and reporting procedures are required to remove the potential harmful effects of the incident and provide documentation of the incident and outcome.

  22. Contingency Plan • Implement policies and procedures for responding to emergencies or other occurrences that damage systems containing electronic privacy health information.

  23. Evaluation • Perform a periodic technical and nontechnical evaluation based upon the initial standards and also after environmental and operational changes affecting electronic privacy health information.

  24. Business Associate Contracts • The employees not only need to attend the training programs, but they are also required to sign a contract stating they understand the policies and will abide by them. • A chain of trust agreements through written contracts exists to ensure all members are abiding by the standards.

  25. HIPAA and Psychotherapy Notes • Compared to discussion of information amongst professionals, the release of psychotherapy notes is more complicated • more protection • disclosure of psychotherapy notes requires patient authorization--or specific permission--to release this sensitive information.

  26. Psychotherapy Notes and Insurance Companies • in the past, insurance companies have requested entire patient records--including psychotherapy notes--in making coverage decisions • now health plans cannot refuse to provide reimbursement if a patient does not agree to release information covered under the psychotherapy notes provision

  27. HIPPA and Psychotherapy Notes Cont. • Patients do not have the right to obtain a copy of the notes under HIPAA—different than the allowance of medical documents. • When a psychotherapist denies a patient access to these notes, the denial isn't subject to a review process.

  28. HIPAA Definition of Psychotherapy Notes • Psychotherapy notes are kept separate from medical records for this reason • If a psychotherapist keeps this type of information in a patient's general chart, or if it's not distinguishable as separate from the rest of the record, access to the information doesn't require specific patient authorization.

  29. When can a therapists notes be used? • There are special protections for use of psychotherapy notes . • disclosure of psychotherapy notes requires an authorization from the patient/client except:

  30. When can a psychotherapists’ notes be revealed under HIPAA? • for the originator of the notes (i.e., the mental health practitioner), for treatment of the subject patient; • for students, trainees or practitioners, for supervised training programs; • to defend a legal action or other proceeding brought by the patient against the covered entity; • for lawful health oversight activities or as otherwise required by law, • for coroners or medical examiners (where the patient is deceased); or • where, consistent with applicable law and the standards to ethical conduct, there is a good faith belief that the use or disclosure is necessary to prevent or lessen a serious threat to health or safety.

  31. Conclusions • As a rehabilitation counselor, what do you have to comply to? • What does a patient has a right to and what not? • What protections are there for psychotherapy notes?

  32. Helpful websites and Resources • www.hippa.org • www.hhs.gov/ocr/hipaa/ • www.hippadvisory.com • www.cms.hhs.gov/hipaa • www.apa.org • www.counseling.org • HIPAA at the University of Florida • 273-5094 HIPAA Privacy Officer Susan Blair

  33. Questions or comments??

More Related