240 likes | 550 Views
Introduction to Confidentiality & HIPAA . For Florida KidCare Community Partners September 2009. Confidentiality and the Florida KidCare Community Partner.
E N D
Introduction to Confidentiality & HIPAA For Florida KidCare Community Partners September 2009
Confidentiality and the Florida KidCare Community Partner As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they share with you confidential and safe. HIPAA
What is HIPAA? HIPAA, the Health Insurance Portability and Accountability Act,was finalized August 2002. This act was created to ensure comprehensive health insurance privacy and security regulations. HIPAA
HIPAA Roles HIPAA requires that privacy and security be built into the policies and practices of healthcare providers and health plans. HIPAA sets standards for the electronic transmission of patient health, administrative, and financial information. HIPAA
HIPAA Policies and Practices and Florida KidCare HIPAA sets limits on the type of information permitted for disclosure. Thus Florida KidCare requires a properly completed Florida Healthy Kids Release of Information (ROI) form be on file prior to the release of any account related personal health information (PHI) to third party entities. HIPAA
Release of Information (ROI) • Florida KidCare uses the ROI form to determine who is authorized to access account information. • A ROI form should be voluntarily completed by the applicant parent or guardian. • One ROI must be properly completed and on file for each enrollee (child) prior to disclosure. Making sure to initial where indicated. • ROI form is available in English, Spanish and Creole.
HIPAA Policies and Practices and Florida KidCare (Cont.) Within limits, HIPAA allows for the free flow of PHI for treatment, payment and health care operations. This is why the ROI is so important. HIPAA
PRIVACY All Florida KidCare applicants or enrollees have the right to privacy and to keep information about themselves from being disclosed. Florida KidCare uses the ROI form to determine who is authorized to access account information. HIPAA
Levels of Disclosure Florida KidCare staff are limited to the type of information they are allowed to disclose to third parties. Such as: Full disclosure – All account information provided Minimum disclosure – Information needed to resolve a family’s concerns is provided Limited disclosure – Confirmation of coverage, and Dates of coverage, and Name of child’s health & dental plan, Amount of premium being paid are provided No disclosure - No information is provided without a completed ROI on file. HIPAA
Contracted Community Partners Account Access With the successful completion of the HIPAA training, contracted Florida Healthy Kids Corporation community partners assisting families apply for Florida KidCare may be given “minimum disclosure” to family account information without a ROI.
HIPAA & Non-Applicant Parents Under new legislation a non-applicant parent can have limited disclosure to Florida KidCare account information. In other words, a non-applicant parent can contact Florida KidCare (with the child’s information such as DOB and SSN) and are able to receive the following types of account information without a ROI on file: • Confirmation of coverage • Dates of coverage • Name of child’s health & dental plan • Amount of premium being paid HIPAA
Examples of PHI Name Address Phone Number Social Security Number Date of Birth Premium Payment • Relatives • E-mail Address • Health/Dental Plan # • Employer • Account Number HIPAA
Notices Patients seeking treatment from a health care provider must get a “Notice of Privacy Practices” from their provider. Florida KidCare sends out a notice of privacy practices to all new enrollees and every 3 years to current enrollees. HIPAA
Safeguards, Staff Training and Compliance Covered healthcare organizations must have appropriate technical and administrative safeguards in place to protect patient information such as: All community partners assisting families apply for Florida KidCare must receive HIPAA training and successfully pass the Florida KidCare HIPAA compliance test. HIPAA
Safeguards, Staff Training & Compliance (Cont.) Every covered healthcare organization must have a HIPAA Compliance Officer. Merrio Tornillo acts as the HIPAA officer for FHKC, you can reach her at (850) 701-6167. HIPAA
Security To ensure an applicant or enrollee’s privacy, certain security safeguards must be in place to: Protect information from accidental or intentional disclosure to unauthorized persons, and Protect information from alteration, destruction, or loss. HIPAA
Complaints Who Do I Contact When An Applicant or Enrollee’s Rights Are Violated? Contact the HIPAA Compliance Officer of the organization that violated the privacy regulation. File a federal complaint to the United States Department of Health and Human Services Office of Civil Rights. HIPAA
Unauthorized Disclosure of Protected Health information Community partners who fail to comply with HIPAA policies and proceduresrisk the discontinuation of their FHKC contract. HIPAA
Penalties for HIPAA Non-Compliance HIPAA calls for severe civil and criminal penalties for non-compliance, including: Fines up to $25,000 for multiple violations of the same types of information in a calendar year Fines up to $250,000 and/or imprisonment up to 10 years for knowingly misusing individually identifiable health information HIPAA
Why Must You Comply with HIPAA? You must comply with HIPAA because as a community partner you may receive PHI electronically such as: Florida KidCare eligibility determinations Florida KidCare premium amounts Florida KidCare enrollment information HIPAA
What HIPAA Means For You as a Community Partner To maintain HIPAA security you must: Prevent unauthorized access and disclosure Prevent loss of information Secure electronic information Secure paper records Overheard Conversations Be careful what you discuss among staff both inside and outside of the office HIPAA
What HIPAA Means For You as a Community Partner Information Left in Public View All paper files must be collected and stored or shredded every day To prevent unauthorized disclosures Florida KidCare staff will: Always check the credentials of a requester Always check a client’s authorization Report incidents to your organization’s HIPAA Compliance Officer HIPAA
E-mail Encryption Use encryption when sending an e-mail with PHI. Check with your IT Department on how to encrypt your correspondence. Do not copy others on an e-mail with PHI without written consent from the client HIPAA
Additional Information For additional information about HIPAA visit the U.S. Department of Health and Human Services at: http://www.hhs.gov/ocr/privacy/index.html HIPAA