1 / 0

HIPAA: SECURITY RULE PRIVACY RULE PATIENTS RIGHTS

HIPAA: SECURITY RULE PRIVACY RULE PATIENTS RIGHTS. WHAT IS HIPAA?. HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996.

raoul
Download Presentation

HIPAA: SECURITY RULE PRIVACY RULE PATIENTS RIGHTS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA:SECURITY RULEPRIVACY RULEPATIENTS RIGHTS

  2. WHAT IS HIPAA? HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. The intention of HIPAA is to protect patients from inappropriate disclosures of “Protected Health Information” (PHI) that can cause harm to a person’s insurability, employability, etc.
  3. The Health Insurance Portability and Accountability Act (HIPAA), also known as “The Privacy Rule,” set new standards and regulations to protect patients from inappropriate disclosures of their “protected health information” (PHI) that could cause harm to their insurability, employability and/or their privacy.
  4. PHI is information that can be used to identify an individual which is created, used, or disclosed in the course of providing a health care service, such as diagnosis or treatment. HIPAA does allow for researchers to access and use PHI when necessary to conduct research. The Committee for Human Research will act as the HIPAA-required Privacy Board to review the use/disclosure of PHI for research. Effective Compliance Date: As of April 14, 2003, all human subjects research must be in compliance with the Privacy Rule.
  5. Developed in response to medical information transactions In 2003, established a national standard for electronic health care transactions Protects the privacy and confidentiality of patient information Patient information can be shared only for treatment purposes
  6. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), is a federal law which, in part, protects the privacy of individually identifiable patient information and provides for the electronic and physical security of health and patient medical information, and simplifies billing and other electronic transactions through the use of standard transactions and code sets (billing codes). HIPAA applies to all “covered entities” such as hospitals, physicians and other providers and health plans as well as their employees and other members of the covered entities’ workforce. Privacy and security are addressed separately in HIPAA under two distinct rules, the Privacy Rule and the Security Rule.
  7. Privacy Rule: Sets the standards for how all protected health information should be controlled. Privacy standards define what information must be protected, who is authorized to access, use or disclose this information, what processes must be in place to control the access, use, and disclosure of information, and to ensure patient privacy rights.
  8. Privacy Rule: Purpose of Privacy Rule is to protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information.
  9. The Privacy Rule requires that access to protected health information (PHI), which includes electronic PHI (ePHI), be based on the general principles of “need to know” and “minimum necessary,” in which access is limited to the patient information needed to perform a job function.
  10. The HIPAA Privacy Rule also accords certain rights to patients:
  11. Patient Rights: Under HIPAA, patients have the right to: Receive a privacy notice to inform them about how protected information will be used and disclosed
  12. Patient Rights: Request that uses and disclosure of protected information be restricted (covered entities are not required to always agree to restrictions) Inspect, copy and amend their medical records (providers are allowed to charge a reasonable fee for copying expenses) Get an accounting of the disclosure of their protected information for the past six years File a complaint
  13. Security Rule: Defines the standards that require covered entities to implement basic security safeguards to protect electronic protected health information (ePHI).
  14. Security Rule: Security is the ability to control access and protect electronic information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction, or loss. The standards include administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of ePHI.
  15. PHI is information that can be linked to a particular person and that is created, used, or disclosed in the course of providing a health care service (i.e., diagnosis or treatment). PHI can be any information, whether spoken, written or electronically stored, including text, video, audio, or images.
  16. PHI is individually identifiable health information which can be matched with a patient, is created in the process of caring for the patient, and is transmitted or maintained in an electronic, written, or oral manner. Examples of PHI are: patient name, address, birth date, age, medical record number, number, phone and fax numbers, and email address
  17. All PHI which includes items such as medical records, diagnoses, x-rays, photos and images, prescriptions, lab work and test results, billing records, claim data, referral authorizations, and explanation of benefits. Research records of patient care must also be protected.
  18. If health-related information is de-identified, it is not PHI and may be shared without restriction. De-identification means the removal of all personal identifiers.
  19. The minimum necessary standard in the Privacy Rule requires that when a covered entity uses or discloses protected health information or requests protected health information from another covered entity, the covered entity must make reasonable efforts to limit protected health information to that which is reasonably necessary to accomplish the intended purpose of the use, disclosure, or request.
  20. You are expected to apply the minimum-necessary standard when you access PHI. For example, although physicians, nurses, and care providers may need to view the entire medical record, a billing clerk would likely only need to see a specific report to determine the billing codes. An admissions staff member may not need to see the medical record at all, only an order form with the admitting diagnosis and identification of the admitting physician. You are permitted to access and use only the minimum patient information necessary to do your own job.
  21. Under HIPAA, there are certain exceptions to the PHI disclosure rules. They include disclosures which are subject to professional judgment, for public health and safety purposes, for government functions, law enforcement and based on a judicial request or subpoena.
  22. NAME POSTAL ADDRESS ALL ELEMENTS OF DATES EXCEPT YEAR TELEPHONE NUMBER FAX NUMBER E-MAIL ADDRESS URL ADDRESS IP ADDRESS SOCIAL SECURITY NUMBER ACCOUNT NUMBERS LICENSE NUMBERS MEDICAL RECORD NUMBER HEALTH PLAN BENEFICIARY NUMBER DEVICE IDENTIFIERS AND SERIAL NUMBERS VEHICLE IDENTIFIERS AND SERIAL NUMBER BIOMETRIC (VOICE AND FINGER PRNTS) FULL FACE PHOTOS AND OTHER COMPARABLE IMAGES ANY OTHER UNIQUE IDENTIFYING NMBER, CODE, OR CHARACTERISTIC
  23. Confidentiality: Close patients’ room doors when discussing their health Do not talk about patients in public places Log off computers when finished Turn computer screens so passersby cannot see patient information Do not walk away from patient medical records; close them when leaving
  24. Ethics consist of a set of written rules, procedures, or guidelines that aid in determining right from wrong  Treat others the way you would want to be treated, or the way you want your loved ones to be treated. All Information Concerning a Patient’s Care Must Remain Confidential!
  25. The American Society for Clinical Laboratory Sciences has developed a suggested code of ethics for healthcare professionals which include phlebotomists. According to the classroom text "Phlebotomy Essentials, Fourth Edition," a code of ethics, although not enforceable by law, leads to uniformity and defined expectation by the members of that profession.
  26. The Primary Objective Of The ASCLS Code Of Ethics Is The Patient's Welfare The phlebotomist must strive to conform to a high standard of communication and conduct to avoid harming the patient in any way
  27. The Second Objective In The Code Of Ethics Is To Maintain A Reputation Of Integrity In The Profession Of Phlebotomy The phlebotomist must ensure good working relationships with other health care workers to preserve a high standard of care
  28. Phlebotomists must follow the rules and regulations of the institution in which they perform to the best of their ability. On the other hand, they must seek to change any practices that do not meet high quality standards in a continuing quest for excellence.
  29. A phlebotomist must have clear consent from the patient before performing any blood collection procedure!
  30. Patients Have The Right To: Refuse care Be treated with respect Have all records and information kept confidential Be informed about the purpose and expected results of treatments Have access to their medical records
  31. Patient’s Bill of Rights: Adopted by many hospitals as declared by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO).
  32. NOTE: JCAHO NAME CHANGE: THE JOINT COMMISSION NOTE: PATIENT BILL OF RIGHTS NAME CHANGE: PATIENT CARE PARTNERSHIP
  33. The Basic Patient Rights Endorsed By The JCAHO Are: Impartial access to treatment or accommodations that are available or medically indicated, regardless of race, creed, sex, national origin, or sources of payment for care. Considerate, respectful care.
  34. The Basic Patient Rights Endorsed By The JCAHO Are: Confidentiality of all communications and other records pertaining to the patient's care. Expect that any discussion or consultation involving the patient's case will be conducted discretely and that individuals not directly involved in the case will not be present without patient permission. Expect reasonable safety congruent with the hospital practices and environment
  35. Reasonable informed participation in decisions involving the patient's health care. The patient shall be informed if the hospital proposes to engage in or perform human experimentation or other research/educational profits affecting his or her care or treatment. The patient has the right to refuse participation in such activity.
  36. Consult a specialist at the patient's own request and expense.
  37. Refuse treatment to the extent permitted by law.
  38. Regardless of the source of payment, request and receive an itemized and detailed explanation of the total bill for services rendered in the hospital. Be informed of the hospital rules and regulations regarding patient conduct
  39. Know the identity and professional status of individuals providing service and to know which physician or other practitioner is primarily responsible for his or her care. Obtain from the practitioner complete and current information about diagnosis, treatment, and any known prognosis, in terms the patient can reasonably be expected to understand.
More Related