1 / 41

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

CYFD Implemented Externally in 2003 HIPAA Information Module in FACTS – May 2008. Health Insurance Portability and Accountability Act of 1996 (HIPAA). What is the HIPAA Privacy Rule?. HIPAA.

niran
Download Presentation

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CYFD Implemented Externally in 2003 HIPAA Information Module in FACTS – May 2008 Health Insurance Portability and Accountability Act of 1996 (HIPAA)

  2. What is the HIPAA Privacy Rule?

  3. HIPAA • New functionality in FACTS includes a module devoted to documenting HIPAA compliance, including Date Notice Given, Acknowledgment and Disclosure of Confidential Information. • The following presentation is specific to how HIPAA information is recorded in FACTS • Any questions that may arise regarding confidential information and HIPAA restrictions, please contact the HIPAA Privacy Officer, Helen Quintana, at 827-6412.

  4. FACTS Outliner • After Release 4.0, you may note that there is a new HIPAA icon on the FACTS Outliner. • Information included in this section of FACTS will eliminate the need for a HIPAA Case Activity Note.

  5. FACTS Outliner • When the HIPAA section is opened, all active participants linked to the case are listed. • Inactive participants will display if/when they become active.

  6. FACTS Outliner • When the HIPAA section is opened, all active participants linked to the case are listed. • If there are multiple people linked to a case, then there are multiple records listed in HIPAA.

  7. HIPAA Information • When an individual’s HIPAA record is selected on the FACTS Outliner, the user is brought to the main window of the HIPAA module. • The HIPAA privacy notice should be given to clients at first contact during the investigation.

  8. HIPAA Information • An individual HIPAA record may also be accessed via Case Maintenance, (right click on participant.)

  9. Grandfathered Cases • If there is a checkmark next to ‘Grandfathered?’, then the case was active (open) sometime from April 13, 2003 to May 2008 (the time of Release 4.0.) • ‘Grandfathered?’ indicates the client was in FACTS prior to the HIPAA module. • It is assumed the HIPAA Privacy Notice was given to the client and the acknowledgement is in the physical file. NOTE: For any participant, Privacy Notice and Acknowledgement info may be entered in FACTS to document online. Date notice given and acknowledgment info would be helpful if special handling is granted by the privacy officer for an individual.

  10. Multi PS/JS Cases? • If the Multi PS/JS Cases? box has been checked, then there are multiple open cases for the client in FACTS. • Multi PS/JS Cases? may indicate 2 PS cases or 2 JS cases or a combination of PS/JS cases. • The HIPAA record is specific to the participant and work recorded from any case, will appear in all cases. (Similar to the Person Management window.)

  11. HIPAA Tabs • Privacy Notices/ Acknowledgments • Documents when the HIPAA packet was provided to the client and when the Receipt of Acknowledgment was received. • Disclosures • Details when the client’s confidential information was disclosed and to whom. • Requests • The section for the HIPAA Privacy Officer to record any and all HIPAA restrictions or clarifications.

  12. HIPAA Privacy Notices/Acknowledgments Tab User edited fields: Privacy Notice • Date Notice Given to Client • Notice Given to • Dropdown list of all active participants in the case • Reason Notice Not Given • Dropdown list of reasons that the HIPAA Privacy Notice was not provided to the client

  13. HIPAA Privacy Notices/Acknowledgments Tab User edited fields: Acknowledgment • Received from Client • Dropdown values regarding the status of the signed HIPAA Acknowledgment. • Date • Good Faith Effort • Dropdown reasons that the Department was unable to collect the HIPAA Acknowledgment.

  14. HIPAA Privacy Notices/Acknowledgments Tab User edited fields: Worker Information • Worker • Pre-fills with the worker name • Acknowledgment Location • A comprehensive dropdown list of CYFD locations / New Mexico Counties • Comments • Any comments regarding the issuance and acknowledgment of HIPAA related info

  15. HIPAA Privacy Notices/Acknowledgments Tab Buttons • OK and Cancel • Standard OK and Cancel functionality • Copy To • Add • Void

  16. HIPAA Privacy Notices/Acknowledgments Tab Buttons • OK and Cancel • Copy To • Utilized when Notice is given a Parent/ Guardian/Custodian for the client because the client is under 14 years old. • Will copy information from the P/G/C record to minor participants which have been selected in the Copy To Pop-up window. • Add • Void

  17. HIPAA Privacy Notices/Acknowledgments Tab Copy Procedures • Open the HIPAA record for the primary caretaker, complete the privacy notice, acknowledgment section and worker information. • Copy to…Select minor children • Information will copy (one time only) Copy Feature Does Not Cover • Adults or Children age 14 to 18 • Individual notice must be given to all adults in the house, if we have protected health information for the adult. Or, if they are responsible for the health information of minor children. • HIPAA requires all children (from 14 to 18) to receive individual notice…each individual record must be opened and completed, (if child was not grandfathered.) • Additionally if the child was grandfathered (under age 14)…individual notice will be required after age 14.

  18. HIPAA Privacy Notices/Acknowledgments Tab Buttons • OK and Cancel • Copy To • Add • Utilized when a Privacy Notice/Acknowledgement has already been recorded in the client’s case and a subsequent Notice/ Acknowledgment was completed. • Will create an additional Privacy Notice/ Acknowledgment record. • Void Note the scroll bar that has been added to the window, indicating that if utilized up or down, new records will be displayed.

  19. HIPAA Privacy Notices/Acknowledgments Tab Adding Records • Once a privacy notice has been completed (notice given and acknowledgment received) it does not expire • Newborns are covered under prior notice to mom • A subsequent Notice/ Acknowledgment is required to be given the child, when a child turns 14. • FACTS will create tickler for workers to give notice and Add a HIPAA record for the child. Note the scroll bar that has been added to the window, indicating that if utilized up or down, new records will be displayed.

  20. HIPAA Privacy Notices/Acknowledgments Tab Buttons • OK and Cancel • Copy To • Add • Void • Utilized when a Privacy Notice/ Acknowledgment record was created erroneously. • Will create a database record of why the Privacy Notice/ Acknowledgment was removed and then delete the contents of the record that the user is in. Note that there are a series of Dropdown selections available for the reason that the record is being removed.

  21. HIPAA Privacy Notices/Acknowledgments Tab • Once the HIPAA Privacy Notice/ Acknowledgment Tab has been completed, the date that the Privacy Notice was issued is displayed on the FACTS Outliner

  22. HIPAA Disclosures • The next Tab in HIPAA Information is the Disclosures tab. • Utilized whenever there is a disclosure that falls outside of “normal” HIPAA disclosures that are discussed in the HIPAA Privacy Notice. • The Disclosures tab is used to document those instances where special written authorization from the client is required before the Department may proceed with a disclosure of Protected Healthcare Information (PHI).

  23. HIPAA Disclosures • At CYFD, almost all Protected Healthcare Information (PHI) is collected, used, and disclosed in order to provide necessary services to our clients. HIPAA is not intended to delay or complicate necessary health care and services including basic administrative activities (TPO). • Treatment means provision of health care or related services taken to protect clients or to improve their lives • Payment means billing Medicaid for CYFD services to clients (central office function) • Health Care Operations means general functions including quality assurance reviews, outcome evaluations, coordination of care, training, licensing and certification. • HIPAA allows some disclosures of PHI for purposes required by law without client authorization.

  24. HIPAA Disclosures • Some disclosures required by law must be tracked • If disclosures are made in the presence of the individual client, his personal representative or his attorney, you do not need to obtain an Authorization for the disclosure, you also do not need to track the disclosure. • However, if the disclosure is not made in the presence of the individual client, his personal representative or his attorney, you must track the disclosure. • Requests of use and disclosure of PHI, for any purpose other than TPO or as required by law, must be forwarded to the Privacy Officer by the employee. • These requests generally require and “Authorization” from the client. • The Privacy Officer will make the determination and notify the employee. • Written authorization from the client is required before the Department may proceed with a disclosure of Protected Healthcare Information (PHI).

  25. HIPAA Disclosures Buttons • OK and Cancel • View • Add • Utilized whenever there has been an external Personal History Information (PHI) disclosure. • Will bring forward the Disclosure Details Pop-up window. • Void

  26. Disclosure Details • Person Receiving PHI • List the name of the person that the information is being disclosed to. • Title/ Organization • List the person’s title and what organization they are a part of. • Location • The address of the organization that the person receiving the PHI works for • Date PHI Disclosed • The date that the disclosure occurred on.

  27. Disclosure Details • Disclosure Reason • A dropdown list of reasons why PHI might be disclosed. • PHI Disclosed • What kinds of information was disclosed to the person receiving the PHI. • If the information being disclosed doesn’t fall into any of the categories listed, there is an “Other” checkbox. • If Other is selected, then the user must enter a text description describing what was disclosed. • If the user needs more room for this text description, they can select the button located to the right of the Other text box and a Pop-up will appear for expanded text entry.

  28. HIPAA Disclosures • Once the Disclosure Details Pop-up window has been saved, the user returns to the Disclosures tab, where any PHI disclosures are listed by date they occurred.

  29. HIPAA Disclosures Buttons • OK and Cancel • View • In order to see the details of any previously entered disclosure, the user can select the View button. • The disclosure details of the highlighted case are then displayed. • Add • Void

  30. HIPAA Disclosures Buttons • OK and Cancel • View • Add • Void • If disclosure information was erroneously entered for a case, the Void button can be utilized. • The Void functionality is the same as the Void button in the Privacy Notices/ Acknowledgment tab. • Once completed and saved, the row highlighted in the Disclosures tab is removed.

  31. HIPAA Ticklers • There will be a HIPAA tickler for new cases in FACTS • There will be individual ticklers for children who are over 14 in new case or in cases where children turn 14.

  32. HIPAA Requests • The Requests Tab documents • the various types of requests received by the HIPAA Privacy Officer, • any decisions made by the HIPAA Privacy Officer regarding these requests, • appeals of the HIPAA Privacy Officer’s ruling, • and outcomes of the Appeal. If any of these requests are made, the employee is not to instruct the client, but to have the individual fill out the request form and submit it to the Privacy Officer. HIPAA request forms are available on the CYFD Intranet.

  33. HIPAA Requests • The HIPAA Privacy Officer is the only person who can edit the fields in this tab. • For everyone else, this tab is read-only. • Once the Privacy Officer completes a request, FACTS will send an e-mail to all open worker assignments for the case instructing the worker to view the request tab for specific information.

  34. Requests – Sample E-mail

  35. HIPAA Requests – Activity - Amendment • There are five types of request activities that are detailed on this tab. • The first is a request for an amendment of PHI. • CYFD Privacy Officer may approve or deny any requests for amendment of PHI. An individual has the right to request an amendment of PHI or a record about the individual (if they believe that the information contained in the record is inaccurate). If the record was not created by our agency, the Privacy Officer may deny the request and refer the individual to the originator of the record.

  36. HIPAA Requests – Activity – Restrict PHI • There are five types of Request Activities that are detailed on this tab. • The second is a Request to Restrict Disclosure of PHI. • CYFD Privacy Officer may approve or deny any requests for restriction of PHI. An individual may request that CYFD restrict the use or disclosure of their PHI to carry out treatment, payment, or health care operations and other standard disclosures permitted under Section 164.510(b) (family members, personal representatives, relative...who are identified by the individual and involved with the individual's care or payment related to the individual's care.) A client may request CYFD not disclose to one of these individuals or a certain organization. 

  37. HIPAA Requests – Activity – Alt Form of Comm • There are five types of request activities that are detailed on this tab. • The third is a request for an alternative form of communication (Alt Form of Comm) • CYFD Privacy Officer may approve or deny any requests for alternative form of communication of PHI. An individual has the right to request that confidential information be sent to them by alternative means or to alternative locations. The covered entity must provide a reasonable accommodation to this request. This request, although it may be simple for a worker to accommodate, must be in writing by the individual and forwarded to the Privacy Officer for approval/denial.

  38. HIPAA Requests – Activity – Inspect/Copy • There are five types of request activities that are detailed on this tab. • The fourth is a request to inspect and copy (access to PHI) • CYFD Privacy Officer may approve or deny any requests to inspect and copy. An individual has a right of access to inspect and obtain a copy of PHI in a designated record set for as long as the information is maintained in that record except for Psychotherapy notes, or Information compiled for use in a civil, criminal, or administrative action or proceeding.

  39. HIPAA Requests – Activity – Accntg of Disclosure • There are five types of request activities that are detailed on this tab. • The last is a request for accounting (Accntg) of disclosures. • CYFD Privacy Officer may approve or deny any requests to inspect and copy. An individual has a right to request an accounting of all disclosers made by CYFD in the previous six years except for disclosures made to carry out the payment, treatment or operations of the covered entity (CYFD), any disclosures made prior to the compliance date (when HIPAA went into effect) and other allowable disclosures.

  40. FACTS Outliner • Once the HIPAA Privacy Officer has entered information into the Request Tab, “Special Handling” will appear on the FACTS Outliner. • Appearance of “Special Handling” on the outliner cues the user to look in the Requests Tab of that individual’s HIPAA module for additional information.

  41. HIPAA Resources • CYFD intranet • Again, if there are any questions regarding HIPAA issues, please contact: • Helen Quintana • 827-6412 • Helen.Quintana@state.nm.us

More Related