150 likes | 301 Views
HIPAA for the Physician Office. Maintaining Patient Privacy and Confidentiality. Introduction. HIPAA Understanding what it means to your practice What does it mean to the office manager and staff of the physician office?. Overview. NPP. HPI. BA. Code Sets. Covered entities. TPO.
E N D
HIPAA for the Physician Office Maintaining Patient Privacy and Confidentiality
Introduction HIPAA Understanding what it means to your practice What does it mean to the office manager and staff of the physician office?
Overview NPP HPI BA Code Sets Covered entities TPO Hotlines CMS PO HIPAA-Administration Simplification Electronic Data and the Privacy Component
Vocabulary Covered Entities Business Associates PHI: Protected Health Information TPO: Treatment, Payment, Operations Minimal Necessary Data Amendments Notice of Privacy Practices
Covered Entities Hospitals and Physicians as providers of Healthcare Health plans: BCBS, Tufts, US Family etc Clearinghouses: The businesses that process billing information for the hospitals and submit it to the health plans
Business Associates Businesses that work with your practice but don’t provide health care The Business has employees that may have access to PHI In general, we must have contracts with each BA and the BA agrees to follow our privacy policies Action must be taken if the BA misuses PHI
PHI: Protected Health Information Confidential information about our patients that we can not release. Patient’s may request their PHI You may charge a reasonable fee for providing records and a physician summary of the information. 60 Days to comply. No automatic access to:
Cannot release these records automatically: Psychotherapy notes Info on a criminal, civil or administrative action or proceeding PHI that is subject to or exempted from CLIA (HIV data) Health information that a qualified provider has determined would endanger the life of the individual if he had access to it. Requires special authorization specifically identifying this information, the dates and to whom it will be released.
TPO Treatment Payment Operations Covered entities may use PHI for the purposes of TPO without obtaining an individual’s authorization.
Minimally Necessary • Only the information that is needed should be released. • To carry out the intended purpose. • Exceptions: • When PHI is disclosed for treatment purposes • Disclosed to the individual to which the PHI pertains • When PHI is disclosed to DHHS
Amendments • Patient’s may request that amendments be added to the patient medical record • Request can be required to be in writing • Request could be denied, but….. • The request and the reason for the denial will need to be kept in the patient’s medical record • 60 days to comply with the request
Notice of Privacy Practices • The six components of the Notice • Information regarding uses and disclosures of PHI • Clarification of individual rights • Covered entities responsibilities (CPN) • How to file complaints • Contact information for more information • Effective date of the notice • Acknowledgement of receipt by the patient
Patient Rights • To request an accounting of health • information disclosures • To request an amendment to their health • information • Inspect and copy their health information • To receive confidential communications • about their health information • To request restrictions on uses or disclosures • To complain to the covered entity and to • the secretary of the Department of Health • and Human Services
Application to The Office Blah Blah Blah • Accessing Employee Medical Records • Training the front desk: NPP • Training Medical Record Staff • Processing releases of information • Security Basics • Not leaving Computers unattended • Sharing passwords • The foot prints of the computer
Thanks for attending • http://www.hhs.gov/ocr/hipaa/ • HIPAA: The questions you didn’t know to ask ISBN: 0-13-114426-X