1 / 36

ON- LINE TRAINING EVENT

ON- LINE TRAINING EVENT. HIPAA (Health Insurance Portability & Accountability Act). ENTER. What is HIPAA ?. It’s a law enacted to 1) protect personal health information , 2) minimize health insurance fraud , and 3) reduce administrative health care expenses. NEXT.

rae
Download Presentation

ON- LINE TRAINING EVENT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ON- LINE TRAINING EVENT HIPAA (Health Insurance Portability & Accountability Act) ENTER

  2. What is HIPAA? • It’s a law enacted to 1) protect personal health information, 2) minimize health insurance fraud, and 3) reduce administrative health care expenses. NEXT

  3. What does HIPAA cover? • The law specifically addresses three (3) areas: • Medical Billing Transaction Standards • Protected Health Information (PHI) Privacy Standards • Information Security Standards NEXT

  4. Transaction Standards • National medical billing transaction standards are in place… • Medical providers have been identified by an assigned number • Uniform transaction codes are used by medical providers • Common electronic medical billing transaction standards and guidelines are in use • Other Requirements • Data usage & storage policies • Compliant Business Associate contracts • Audits of Privacy, Security & Business Practices • Information sharing policies • “Minimum Necessary” information exchange • Electronic data information access controls NEXT

  5. Security Standards • These standards ensure the confidentiality, integrity, & availability of protected electronic health information, and… • …protects against threats or hazards to the security of the information • Areas Involved with Security • Administrative • Physical Safeguards • Technical Security Services • Technical Security Mechanism NEXT

  6. Information Security - Examples • Administrative Controls • Identifying Business Associates & Issuing Appropriate Agreements • Reinforce the Importance of Information Compliance • Cooperate with the internal HIPAA Audit & Risk Assessment Processes NEXT

  7. Information Security – Examples (Cont’d) • Physical Safeguards • Positioning Computer Monitors away from view • Discussing patient/client information in a private location • Keeping patient/client records out of sight or access of others • Knowing who is in your Facility or Office & when (Sign In/Out) NEXT

  8. Information Security – Examples (Cont’d) • Technical Security Services & Mechanisms • IS Department • Data Security includes Fire Walls, Pop Up Blockers, Virus Alerts, etc. • System Control Measures • Data Back-up Protocols • HIPAA Security Policies & Guidelines • Computer Data & Systems are County Property NEXT

  9. Privacy Standards • These standards apply to protected health information (PHI) which includes any individually identifiable health information. It does not apply to data contained in educational or employment records. • The privacy standards apply to both electronic and hard copy records to include fax, photocopy, carbon copy, etc. • Protected Health Information (PHI), created by, stored or received by a covered entity falls under HIPAA and must be protected by establishing safeguards. NEXT

  10. Privacy Standards (Cont’d) • Gives Individuals more control over their own PHI. • Sets rules for use and release of PHI • Strikes a balance when public responsibility requires disclosure of data to protect the public NEXT

  11. Breach of Privacy Standards • Holds violators accountable with civil and criminal penalties • Penalties can be imposed if the individual’s rights are violated • Office of Civil Rights (OCR) is charged with enforcement • Internal investigation may result in progressive disciplinary action up to and including termination of employment • Information breach must be reported to OCR NEXT

  12. Why is HIPAA important to Franklin County? • The County is a Covered Entity under HIPAA • The County provides and pays for the cost of healthcare • Corporate authority rests with the County Commissioners • County Commissioners are responsible for all contracts involving healthcare • The County & it’s Employees are responsible for Due Diligence • There is no liability insurance protection, because it is the law NEXT

  13. HIPAA does not apply to PHI… • …when there are more stringent State or Federal regulations that do apply to the protected health information in question NEXT

  14. What are an Individual’s Rights under HIPAA? • They have a right to… • …access and copy health records • …to request amendment or correction to their records • …to an accounting record of disclosures of information from their record • …to specify how confidential information is communicated • …to request restriction on how health information is disclosed or used NEXT

  15. Policies & Procedures for a Covered Entity • Policies and procedures are required to address the various elements of HIPAA (Refer to the Employee Information Section of KIOSK, HIPAA to access these) • A Company must appoint a privacy officer to 1) Oversee the program, 2) Investigate Complaints, and 3) Train Employees • Franklin County Privacy Officer is Loretta McClure, Risk Manager NEXT

  16. When can a covered entity use PHI? • The rule requires written “authorization” from the individual before anyone can release PHI for purposes other than: • Treatment • Payment • Healthcare operations • Covered health care providers must obtain a one-time “consent” to use or disclose PHI, even for treatment, payment or health care operations (Note: This is not an Authorization.) NEXT

  17. Authorization • Gives a covered entity authority to use or disclose PHI for specified purposes • Other than treatment, payment, health care operations • Includes: • What information is being disclosed • Who is authorized to disclose the information • Who is going to use or receive the information NEXT

  18. HITECH Requirements – Recent Revisions to HIPAA • New requirements managing PHI • Business Associates held to same standard as County • New rules for data breach notification to include thresholds, timelines, and methods • Business Associate must notify County of any data breach involving County provided information • Increased penalties NEXT

  19. Business Associates • An individual or corporate “person” that performs on behalf of the County any function or activity involving the use or disclosure of PHI • Is not a member of the covered entity’s workforce • i.e., legal, actuarial, accounting, consulting, data processing, management, administrative, accreditation, financial services or anything else for which the County may contract where PHI is involved NEXT

  20. What are Business Associate (BA) requirements, under an Agreement? • Permitted PHI activities of BA identified • BA agrees not to use or disclose PHI other than as permitted by the agreement • BA agrees to use appropriate safeguards to prevent unauthorized use or disclosure of PHI • BA agrees to report any unauthorized use or disclosure of PHI to the County • BA ensures anyone receiving PHI under the agreement adheres to the same conditions as BA • Agreement termination, BA returns or destroys all County PHI in its possession or extends the protections of the contract to information retained NEXT

  21. De-Identification of Information • Information that does not identify the individual and does not contain information that can be used to identify an individual is not covered by HIPAA. • Examples of de-identifying information: • No names • No geographic information • No dates related to the individual (i.e., birthday, date of hire, etc.) • No telephone numbers, e-mail addresses, social security numbers, account numbers, etc. NEXT

  22. Workforce Responsibilities • Records handled on behalf of the County should be treated in a confidential manner. • Refer to County Confidentiality Policy & Statement Remember: Loose lips sink ships! NEXT

  23. Important Points to Consider… • When You Must Share Information…Share only the least necessary amount information • A PHI breach requires immediate notice to the Privacy Officer (Risk Manager) • An Unusual Event form can be used to report potential HIPAA violations • Risk assessments and audits are a part of the Privacy Officer’s responsibility NEXT

  24. HIPAA Quiz • Next you’ll receive a series of questions to be answered either “true” or “false”. • Only you will know the outcome of your responses. • Should you feel you can do better, please feel free to review the presentation again. START QUIZ

  25. Question #1 • The County’s Privacy Officer should be notified of PHI breaches, HIPAA investigations, and requests for HIPAA training? TRUE FALSE

  26. Question #2 • HIPAA covers three sections…1) Transaction Sets, 2) Information Security & 3) Information Privacy? TRUE FALSE

  27. Question #3 • Information you handle on behalf of the County should be handled in a confidential manner? TRUE FALSE

  28. Question #4 • PHI refers to Protected Health Information? TRUE FALSE

  29. Question #5 • Medical information provided for an educational file or employment file is NOT considered PHI (Protected Health Information)? TRUE FALSE

  30. Question #6 • Under the recent HITECH Act, Business Associates are now held to the same HIPAA standards as covered entities? TRUE FALSE

  31. Question #7 • Business Associates are required to report a breach of information privacy or security to the related provider? TRUE FALSE

  32. Question #8 • Individuals have the right to request copies of their medical record, request changes to that record, and request a list of disclosures of information from the record? TRUE FALSE

  33. Question #9 • HIPAA was enacted to assist in reducing health insurance fraud, realize efficiencies in the health insurance administrative process, and expand consumer rights to their own personal health information? TRUE FALSE

  34. Question #10 • HIPAA applies to all situations involving the discussion or disclosure of personal health information. TRUE FALSE

  35. Questions… • Any questions concerning the presentation or HIPAA services available through the County can be directed to Loretta McClure, Risk Manager & Privacy Officer at ljmcclure@co.franklin.pa.us or (717)261-3819. NEXT

  36. Complete Training • To be given credit for this training, be sure to submit your information (using the link below). THANK YOU for your participation! COMPLETE

More Related