1 / 11

HIPAA (health insurance portability and accountability act)

Learn about benefits excluded from HIPAA Privacy Rules, what constitutes Protected Health Information (PHI), examples of PHI, usage scenarios, authorization requirements, ways to secure PHI, training guidelines, and additional resources.

pthomas
Download Presentation

HIPAA (health insurance portability and accountability act)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA (health insurance portability and accountability act)

  2. Excluded from HIPAA Privacy Rules • Benefits excluded from the HIPAA Privacy Rules are: • Accident-only coverage • Disability Insurance • Worker’s compensation • Liability Insurance • Life Insurance • Leave and Sick Programs • Information gathered for OSHA regulations (Occupational Health and Safety Administration)

  3. What is considered Protected Health Information (PHI)? • For information to be PHI, it must: • Relate to the past, present, and future physical or mental health condition, the provision of health care, or the payment for health care • Identify, or could reasonably be used to identify, the individual • The Privacy Regulations cover PHI that is transmitted or maintained in any form or medium (e.g., electronic, paper, fax, voice mail and oral communications)

  4. Examples of PHI • Names • Social Security Numbers • E-mail Addresses • Date of Birth • License Plate Number • Geographic Subdivisions (street address) • Telephone Numbers • Any unique characteristic or code which will link an individual to their health information

  5. Examples of how you will use PHI • To enroll employees into the NAF HBP (Aetna and HMO plans) • To review an Explanation of Benefits form to help an employee receive payment • To examine data in a spreadsheet for overseeing the NAF HBP • To review a claims appeal • To examine a provider billing

  6. Minimum Necessary Standard • When you use or disclose PHI, always use the minimal number of unique identifiers or the minimal amount of health information necessary to complete the job or tasking. • Example: • When discussing an EOB with Aetna, do not use the employee name or any unique identifier which could link the medical information to the employee (especially over the phone in a public area).

  7. When to obtain an individual’s authorization to use PHI • Anytime PHI is used outside of TPO, authorized employees must obtain a signed Authorization Form from the individual before releasing only the requested information • Example: • The spouse of your employee requests a copy of the employee's PHI from his/her personnel file. The authorized employee in your office can not provide the health-related information to the spouse unless the employee signs an Authorization Form releasing the information.

  8. When is an Authorization Form not required? • Public health activities related to disease prevention • To report victims of abuse, neglect or domestic violence • For audits, legal investigations or law enforcement purposes • To avert a serious threat to health and safety • As authorized by state workers’ compensation laws. • When the information has been de-identified and does not link or identify an individual to their health information

  9. Ways to Secure PHI • Lock, Shred, Destroy, Secure, & Monitor • Lock computer stations, cabinets, disks/files that contain PHI when not in use • Shred documents containing PHI before disposing • Secure your emails using password encryption • Use the Minimal Necessary Standard when transmitting PHI through e-mail for TPO purposes • Monitor the fax machine if receiving PHI, Do not leave voicemail messages with PHI, or share PHI if non-authorized employees are present

  10. Training • Who should take the training? • Anyone that has access to PHI (including access to PeopleSoft, OPFs, leave donations, FMLA, and workman’s compensation records) • Members of Human Resources, Benefits, HRMS, and Workman’s Compensation • Training: http://crossroads/MRG/Pages/HIPAA.aspx • Read training, take quiz, & submit to HR • HR should grade, record training in PeopleSoft, and provide a Certificate for the Employee & OPF • HR should submit scores & completion date to Carolyn Woodson via Email • Recertified and reported annually (in April)

  11. Additional Information • Health and Human Services • http://www.hhs.gov/ocr/hipaa • Department of Labor • http://www.dol.gov/ • HIPAA Procedures Guideline • For more information contact Carolyn Woodson • WoodsonCC@usmc-mccs.org • 703-432-0420 • Fax: 703-432-0436

More Related