1 / 0

HIPAA

HIPAA . Health Insurance Portability and Accountability Act of 1996. What is HIPAA?. Enacted August 21, 1996 Title I Protects people who lose insurance coverage, lose jobs, or change jobs and wish to continue health insurance coverage Title II Protects health data privacy

marvin
Download Presentation

HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HIPAA

    Health Insurance Portability and Accountability Act of 1996
  2. What is HIPAA? Enacted August 21, 1996 Title I Protects people who lose insurance coverage, lose jobs, or change jobs and wish to continue health insurance coverage Title II Protects health data privacy Established national standards for compliance Protects against fraud
  3. Protected Health Information “The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.” HHS, 2012
  4. Why the need for privacy and security act????
  5. The privacy provisions of the federal law, HIPAA apply to heath information created or maintained by health care providers who engage in certain electronic transactions, health plans and health care clearinghouses. The Department of Health and Human Services (HHS) has issued the regulation, “Standard for Privacy of Individually Identifiable Health Information” The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the privacy regulation
  6. A health care provider who transmits health or mental health information in electronic transactions. For example, a physician who electronically bills for services. A health plan A health care clearinghouse Concorde is a Hybrid Entity A Hybrid Entity means a single legal entity that is a covered entity, performs business activities that include both covered and non-covered functions, and designates its health care components as provided in the Privacy Rule (45 C.F.R. § 164.504).
  7. Who uses Protected Health Information (PHI) at Concorde? Everyone who uses a computer or electronic device which store or transmits information Such as: Administrative staff that work with PHI Externship Clinics Campus Staff that work in Clinical areas Student that work with patients Accounting Payroll Staff Volunteers Almost everyone at one time or another
  8. Confidentiality and Privacy Confidentiality and Privacy go hand-in-hand and patients have the right to control who sees their protected health information. Communications with and/or about patients protected health information will be kept private and limited to those who need to know information for payment, treatment and operations (PTO). These communication may be written, oral or in electronic form. Only those people with a need to know may have access to the protected information.
  9. Protected Health InformationPHI Protected Health Information is any information used to identify the patient such as… address social security number name … it also includes information about the patients reason for being in the hospital, clinic, medications and treatments they are receiving and their complete health record
  10. PHI is used to treat , to bill and receive payment for services and for internal controls of hospital/clinic operations. This is all outlined in the Notice of Privacy Practices (NOPP). Each patient is given a copy upon admission to any facility. PHI may only be shared with entities outside of the facility who already had a direct relationship with the patient. Such as their primary care provider, an ambulance company that transported the patient between facilities, and the insurance company who is on record and responsible for the bill. Beyond that, a valid authorization from the patient or the patients legal documented representative must be provided. Release of medical record information should be handled through the Health Information Management Department.
  11. Who is authorized to see this information? Any physician who is treating the patient Any care giver who needs the information to perform their job This means “Need to Know” Only the portion of the chart that is needed for a specific job function with that patient may be accessed
  12. How to protect information? Be mindful when discussing patient information out in open areas Sign off your computer when not in use and not at your desk Knock on doors before entering a room Keep patient information out of public view Keep medical records locked and away Treatments should be carried out in private areas Discussions about patient financial information should be done in a private area Never discuss patient information in elevators and public dining rooms
  13. cont. Do not release information without proper authorization to anyone unless covered by our NOPP Contact the Facility Privacy Officer when ever you are in doubt and not sure of any privacy issue
  14. HIPAA Violations Failure to comply with HIPAA standards may result in civil and criminal penalties
  15. Civil Penalties The Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing civil penalties. Fines range from no more $100 for each violations and not more than $25,000. These are penalties against the covered entity
  16. Criminal Penalties The Department of Justice (DOJ) is responsible for enforcing the criminal side and these fines imposed when a an entity knowingly discloses or obtains PHI. Fine $50,000 1 year prison Knowingly obtain or disclose Fine $100,000 5 years prison Obtain or disclose under false pretense Fine $250,000 10 years prison For profit, gain or harm obtain or disclose
  17. Patient Authorization to Release A patient may sign an authorization for us to release their PHI for reason other than PTO The authorization must… * be signed and dated by patient or legally authorized representative * valid for 180 in the State of Texas * must provide reason for release * must state who information is to be released to and address * Can only be in writing and may be revoked by patient In order to use a patient information to print in a newsletter, sell for marketing purposes or for research outside of our NOPP, we must obtain a valid written authorization Only the patient or legal representative may give this authorization, not their physician.
  18. Privacy is everyone’sresponsibility
More Related