HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI

HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept

HIPAA �PASSED IN 1996 �ATTEMPT TO REFORM HEALTHCARE �CREATED BECAUSE OF THE PUBLICS CONCERN ABOUT PRIVACY IN HEALTHCARE

THE PRIVACY RULE �ONE PART OF THE HIPAA POLICY �GOAL OF THE PRIVACY RULE: � ENHANCE THE SECURITY AND PRIVACY OF PROTECTED HEALTH INFORMATION (PHI)

COMPONENTS OF PHI �INDIVIDUALLY IDENTIFIABLE INFORMATION �NAME, PHOTOGRAPHY, SOCIAL SECURITY #, FINGER PRINTS, HEALTH STATUS, ADMISSION DATE, DIAGNOSIS, MEDICAL RECORD #, ADDRESS, DATE OF BIRTH �HEALTH INFORMATION DEMOGRAPHICS �ANY FORM OF MEDIUM �ORAL �WRITTEN �ELECTRONICS

PENALTIES FOR VIOLATION OF THE PRIVACY RULE �BOTH CIVIL AND CRIMINAL PENALTIES �$25, 000 FOR MULTIPLE VIOLATIONS OF SAME STANDARD IN A CALENDAR YEAR �$250, 000 AND/OR IMPRISONMENT UP TO 10 YEARS FOR USE OF PHI FOR COMMERCIAL ADVANTAGE, PERSONAL GAIN, OR MATERIAL HARM

HOW THE PRIVACY RULE HELPS MAINTAIN PRIVACY �IT REGULATES THE USE AND DISCLOSURE OF PHI �GIVES PATIENTS RIGHTS REGARDING THEIR HEALTH INFORMATION �DESIGNATES PENALTIES FOR BRACHES OF PATIENT CONFIDENTIALITY

What can a person access? �A PERSON IS ONLY TO ACCESS INFORMATION THAT IS NEEDED TO DO THEIR JOB �MINIMUM NECESSARY �ACCESS PHI ON A NEED TO KNOW BASIS

PERMITTED USES AND DISCLOSURES OF PHI �TREATMENT �PAYMENT �HEALTH CARE OPERATIONS �RELEASE OF INFORMATION THE PATIENT OR THEIR LEGAL REPRESENTATIVE

PATIENT RIGHTS �CONFIDENTIALITY �PRIVACY NOTICE �REQUEST RESTRICTIONS �ACCESS TO MEDICAL RECORD � FILE A COMPLAINT

SCENARIOS �YOU AND YOUR FRIENDS ARE AT A RESTAURANT AND YOU SEE SOMEONE WHO LOOKS FAMILIAR. YOU APPROACH THE PATIENT AND ASK IF YOU KNOW THEM FROM SOMEWHERE. YOU THEN REALIZE THAT THE PERSON WAS A PATIENT. WHAT SHOULD YOU DO?

�POLITELY SAY, “ I MUST BE MISTAKEN, HAVE A NICE MEAL. ”

�YOUR FRIEND, JOSH, IS IN THE HOSPITAL AND HIS MOTHER CALLS TO ASK IF YOU HAVE SEEN HIM. THE ONLY TIME THAT YOU HAVE SEEN YOUR FRIEND WAS DURING AN ENCOUNTER SHADOWING AT THE ER. CAN YOU TELL JOSH’S MOTHER HOW HE IS DOING?

�NO YOU ARE UNABLE TO TELL JOSH’S MOTHER HOW HE IS DOING BECAUSE WHEN YOU VISITED JOSH YOU WERE VISITING AS A OBSERVER AND ARE EXPECTED TO FOLLOW HIPAA RULES AND KEEP THIS INFORMATION PRIVATE.

�YOU WERE SHADOWING IN THE ER AND YOU WITNESSED A DEEPLY DISTURBING CASE OF CHILD ABUSE. YOU NEED TO DISCUSS THIS WITH SOMEONE THAT YOU KNOW. AT THE END OF THE DAY YOU CALL YOUR MOM AND DISCUSS THE CASE WITH YOUR MOTHER. HAVE YOU VIOLATED THE HIPAA RULE?

�MAYBE. IT DEPENDS ON THE TYPE OF INFORMATION THAT YOU SHARED WITH YOUR MOTHER. NO INFORMATION THAT COULD BE USED TO IDENTIFY THE PATIENT SHOULD HAVE BEEN DISCLOSED. IF NO INFORMATION OF SUFFICIENT DETAIL WAS SHARED THEN YOU HAVE NOT VIOLATED THE HIPAA RULE.

Breaches of Privacy � MUST BE TAKEN SERIOUSLY � SHOULD BE REPORTED QUICKLY TO MINIMIZE HARM AND SO THE PATIENT CAN BE EDUCATED OF THE BREACH � DISCIPLINE OF THE VIOLATOR MUST OCCUR

� ANY QUESTIONS? ? ? � Information for this presentation was obtained from the HIPAA presentation from the University of Iowa Hospitals and Clinics.

� Information for this presentation was obtained from the HIPAA presentation from the University of Iowa Hospitals and Clinics.