160 likes | 273 Views
Health Insurance Portability and Accountability Act. HIPAA. Riley Davis. Brief History. delivered in Congress in 1996 designed to protect health insurance coverage for workers and their families while between jobs establishes standards for electronic health care transactions
E N D
Health Insurance Portability and Accountability Act HIPAA Riley Davis
Brief History • delivered in Congress in 1996 • designed to protect health insurance coverage for workers and their families while between jobs • establishes standards for electronic health care transactions • addresses the issues of privacy and security • in 1996 consisted of just Title I and II
Title IHealth Care Access, Portability, and Renewability • limits restrictions a group health plan can place on benefits for preexisting conditions • regulates coverage and availability to groups and individuals • eradicates hidden exclusion periods
Title IIPreventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform • defines health care related offenses • outlines consequences • civil and criminal penalties • creates several programs to control fraud and abuse • demands the HHS create rules/regulations • use and advertising/sharing of PHI (Protected Health Info.) • 5 “Rules”
PHI: • Any information held about health status, provision of healthcare, payment of healthcare, that can be linked to any individual • Any part of medical record or payment history
Privacy Rule • Creates regulations for use/disclosure of PHI • Holders must disclose PHI within 30 days upon request by individual • Keep track of disclosures and document privacy policy and procedures
Transactions and Code Sets Rule • Regulates how medical providers submit health care claims • Covers claiming injury and pharmaceuticals, as well as advice, enrollment and maintenance, eligibility/benefits, hoe claims are handled, and how/when notifications are sent out
Security Rule • Deals specifically with Electronic Protected Health Information (ePHI) • Organized into 3 safeguards • Identifies security standards • Separates “required” and “addressable” standards • All required must be adopted
Three Safeguards • Administrative Safeguard • Policies and procedures designed to lay out how holders will comply with act • Physical Safeguard • Controlling physical access to ePHI • Technical Safeguard • Control access to computer systems • Safeguard standards against hacks/interception of ePHI
NPI: National Provider Identifier • 10 digits (may be alphanumeric) • Doesn’t mean anything other than an identity • Unique, never re-used • Holder can only have one
Unique Identifiers Rule • All PHI holders using electronic communication must use a single NPI • NPI replaces all other identifiers
Enforcement Rule • Defines civil penalties for violating HIPAA • Establishes procedures for investigations and hearings
Effects: Research • Large decrease in patient follow up • Harder to recruit patients for studies • Information Consent Forms are required to go into copious amounts of detail on privacy
Effects: Engineering • Changes how devices collect/store/share info • For every old/new device BMEs must consider • Type of ePHI • How has access • Who really needs access • Connections to other devices • Types of security • Physical • Technical • Types of equipment effected: • ventilators, ECG’s, MRI, CT Scanners, ultra sound, monitoring systems, etc.
Citations Armstrong D, Kline-Rogers E, Jani S, Goldman E, Fang J, Mukherjee D, Nallamothu B, Eagle K (2005). "Potential impact of the HIPAA privacy rule on data collection in a registry of patients with acute coronary syndrome". Arch Intern Med165 (10): 1125–9. doi:10.1001/archinte.165.10.1125. PMID 15911725. Francis, T. (2006). Spread of records stirs fears of privacy erosion. The Wall Street Journal Grimes, S. (2001). When hipaa finally comes, will clinical engineering be ready?. The National Center for Biotechnology Information, Retrieved from http://www.ncbi.nlm.nih.gov/pubmed/11383309Title II: Grimes, S. (2003). The future of clinical engineering: the challenge of change. Manuscript submitted for publication, University of Rhode Island, Kingston, Rhode Island. Retrieved from http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1195702&tag=1 HSS.gov. (n.d.). U.s. department of health & human services. Retrieved from http://www.hhs.gov/ocr/privacy/index.html Tribble, D. (2001). The health insurance portability and accountability act: security and privacy requirements. American Journal of Health-System Pharmacy, 58(9), Retrieved from http://www.ajhp.org/cgi/content/abstract/58/9/763