210 likes | 365 Views
HIPAA for Allied Health Careers. Chapter 2. The HIPAA Privacy Standards. LEARNING OUTCOMES After studying this chapter, you should be able to: Briefly discuss the role of medical record documentation as the source of health information about patients.
E N D
HIPAA for Allied Health Careers Chapter 2 The HIPAA Privacy Standards
LEARNING OUTCOMES After studying this chapter, you should be able to: Briefly discuss the role of medical record documentation as the source of health information about patients. List five responsibilities of covered entities under the HIPAA Privacy Rule. Define protected health information (PHI). Discuss the required content of the HIPAA Notice of Privacy Practices (NPP). Discuss the privacy standards relating to appropriate release of PHI for treatment, payment, and operations (TPO) purposes. Describe the conditions under which authorization for release of PHI must be obtained. List the items that are essential for general authorizations to release information. Discuss the major exceptions to the HIPAA release of information requirements. State the privacy standards that relate to incidental use and disclosure of PHI. State patients’ rights regarding the use and disclosure of their PHI.
accounting of disclosures Acknowledgment of Receipt of Notice of Privacy Practices amendment authorization de-identified health information designated record set (DRS) disclosure documentation electronic medical record (EMR) encounter HIPAA Privacy Rule hybrid record Key Terms
incidental use and disclosure medical record medical standards of care minimum necessary standard Notice of Privacy Practices (NPP) protected health information (PHI) release of information (ROI) subpoena subpoena duces tecum treatment, payment, and health care operations (TPO) KEY TERMS (cont’d)
Documentation is the creating of medical records. Medical records show that medical standards of care have been followed. Medical records are legal documents. The Medical Record
Documenting Encounters Physician encounters or visits should be documented with: Patient’s name Encounter date and reason Appropriate history and physical examination Review of all tests and drugs that were ordered Diagnosis Plan of care, or notes on procedures or treatments that were given Instructions or recommendations that were given to the patient Signature of the physician or other licensed health care professional who saw the patient The Medical Record (cont’d)
Documenting Encounters (cont’d) Hospital encounters require the following additional information: Type of encounter Date of encounter, including admission and discharge dates for inpatient admissions Physicians involved with the patient’s care Patient’s diagnoses and procedures Medications prescribed Disposition of the patient (that is, the arrangements for the next steps in the patient’s care, such as transfer to a skilled nursing facility or to home and follow-up care or treatment) The Medical Record (cont’d)
Paper, Electronic, and Hybrid Medical Records Paper records will eventually be phased out. Hybrid records include both paper and electronic medical records. Electronic medical records have advantages. Immediate access Computerized physician order management Clinical decision support Automated alerts and reminder Electronic communication and connectivity Patient support Administration and reporting Error reduction The Medical Record (cont’d)
What is Protected Health Information? Name Address (including street address, city, county, ZIP code) Relatives’ and employers’ names Birth date Telephone numbers Fax number E-mail address Social Security number Medical record number Health plan beneficiary number Account number Certificate or license number Serial number of any vehicle or other device Website address Fingerprints or voiceprints Photographic images HIPAA Privacy: Protected Health Information
Notice of Privacy Practices and Acknowledgment All covered entities must have a Notice of Privacy Practices (NPP) available on request. Each patient must get an NPP at first encounter. An Acknowledgment of Receipt of Notice of Privacy Practices is a form that patients sign. HIPAA Privacy: Protected Health Information (cont’d)
Use of PHI is sharing information within an entity. Disclosure of PHI is sharing information outside the entity. Disclosure of PHI
Release of Information for Treatment, Payment, and Operations Release of information (ROI) is permitted for TPO. Treatment is discussion with providers. Payment involves exchanges with payers. Operations includes accreditation, staff training, and quality improvement. Disclosure of PHI (cont’d)
Release can be by any method. PHI can be released to family or friends in certain circumstances. Release of PHI about minors involves some special circumstances. Facility directories may get informal approval. State laws on consent may vary. Disclosure of PHI (cont’d)
Release of Information for Purposes Other Than TPO Authorization is generally required. No restrictions on use and disclosure of de-identified health information. There are limits on use of PHI in marketing. Disclosures must be logged. Disclosure of PHI (cont’d)
Exceptions to Disclosure Standards Court orders Workers’ compensation cases Statutory reports Research Correctional institutions National security, intelligence, or other essential government purpose Incidental use and disclosure Disclosure of PHI (cont’d)
Within a covered entity’s records, patients have the right to: Access, copy, and inspect their PHI Request amendments Obtain accounting of most disclosures Receive communications from providers via other means Complain about alleged violations Request restrictions on uses or disclosures Patients’ Rights
Access, Copy, and Inspect Access must be provided within thirty days. CE may charge reasonable fees. Records may not be held hostage. Patients’ Rights (cont’d)
Amendments Factual amendments must be made. Subjective amendments can be negotiated. CE can deny a request if item is accurate. Patients’ Rights (cont’d)
Accounting for Disclosures—Patients have a right to a list of disclosures except: For TPO To the individual or to the individual’s representative For notification for those involved in an individual’s health care or payment for health care, for disaster relief, or for facility directories If the patient has signed an authorization to release the information Of a limited data set, such as for research For national security To correctional institutions or law enforcement officials Incident to otherwise correct release Patients’ Rights (cont’d)
Confidential Communications Requirement Patients have the right to alternative means of communications. Patient Complaints Patients can submit complaints to the OCR. Requests for Restrictions Patient can request use and disclosure restrictions. Patients’ Rights (cont’d)