HIPAA Brandy Kindell University of Cincinnati Health Insurance
HIPAA Brandy Kindell University of Cincinnati
Health Insurance Portability and Accountability Act (HIPAA) • HIPAA was implemented in 1996, and contains regulations to protect the privacy and security of protected health information (PHI) • Administrative Simplification-contains national standards to protect electronic PHI, also includes the Privacy Rule • Security Rule contains national standards that protect electronic PHI This Photo by Unknown Author is licensed under CC BY (U. S. Dept HHS, 2013)
HIPAA Privacy Rule • The HIPAA Privacy Rule is a federal law that gives protection to an individuals protected health information (PHI) • Includes Notice of Privacy Practices, Consent to use or disclose PHI and Authorization • Protects PHI in all formats-electronic, paper or oral • Office of Civil Rights (OCR) is responsible for implementing and enforcing the Privacy Rule (U. S. Dept HHS, 2013) (Sayles & Gordon, 2016) This Photo by Unknown Author is licensed under CC BY-NC-SA
Protected Health Information (PHI) • PHI identifies an individual or provides enough information that the individual can be identified • To be considered PHI, it must: Be held or transmitted by a covered entity or business associate Must provide enough information to identify an individual Must relate to an individuals past, present or future physical or mental health condition, delivery of healthcare, or payment for healthcare • Privacy Rule does not protect deidentified information • PHI of deceased individuals lose protection under HIPAA when the individual has been deceased for over 50 years (Sayles & Gordon, 2016)
Who is covered under the Privacy Rule? Covered Entities: • Healthcare providers • Health plans • Healthcare clearinghouses (Sayles & Gordon, 2016) Business Associates: • Consultants • Law Firms • Accounting Firms Workforce: • • Employees Interns Volunteers Students
Disclosure of PHI • A covered entity is able to use and disclose PHI without the individuals permission in the following situations: When disclosing to an individual their own personal PHI For use in Treatment, Payment and Operations (TPO) Organ Donations Suspected abuse, neglect, or domestic violence Public Health Activities Research Law enforcement purposes Judicial or administrative proceedings Deceased patients (to be used by coroner, funeral directors) Government functions (U. S. Dept HHS, 2013)
Instances when an individual can agree or object to disclosure An individual may choose to agree or object to disclosure in the following situations: Facility Directories-When an individual is hospitalized, they may request to not have their information available in the facility directory This Photo by Unknown Author is licensed under CC BY-SA For notification or other purposes-An individual may grant permission to certain relatives or friends to be notified of their health condition. (U. S. Dept HHS, 2013).
Penalties for HIPAA Violations • Fines Issued per violation category, per year violation occurred May be applied on a daily basis Fines range from $100 to 50, 0000 per violation Maximum fine per category per year capped at 1, 500, 000 • Jail depending upon the criminal charge, violators could face 1 -10 yrs. in jail (HIPAA Journal, 2015)
References • HIPAA Journal. (2015). What are the penalties for HIPAA violations? Retrieved from: https: //www. hipaajournal. com/what-are-the-penalties-for-hipaa-violations-7096/ • Sayles, N. , & Gordon, L. (2016). Health information management technology; An applied approach. (5 th ed. ). (pp. 220 -221). Chicago, IL; AHIMA Press • U. S. Department of Health and Human Services. (2013). Summary of the HIPAA privacy rule. Retrieved from: https: //www. hhs. gov/hipaa/for-professionals/privacy/ laws-regulations/index. html
- Slides: 9