HIPAA THE PRIVACY RULE Reviewed 102014 HISTORY In
- Slides: 33
HIPAA THE PRIVACY RULE Reviewed 10/2014
HISTORY • In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail. 2
HISTORY • Many of these patients were concerned on how the pharmaceutical companies were notified of their disease. 3
HISTORY • After much investigation, the Physician, the Pharmaceutical company and a well known Pharmacy chain were all indicted on breach of confidentiality charges. 4
HISTORY • This is just one example of why the Federal government needed to step in and assist in protecting patient privacy. 5
Definitions • Privacy – state of being concealed; secret • Confidentiality – containing secret information (medical record) • Authorization – to give permission for; to grant power to • Breach Confidentiality – to break an agreement, to violate a promise 6
HIPAA • Health Insurance Portability and Accountability Act – Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important. – The first federal legislation (effective April 14, 2003) that attempts to protect a patient’s right to privacy, and the security and access of personal medical information and usage. 7
• HIPAA Health Insurance Portability and Accountability Act Privacy Rule – Imposes restrictions on the use/disclosure of personal health information – Gives patients greater protection of their medical records – Hopefully provides patients with greater peace of mind related to the security of their information 8
Confidentiality • Deals with: – Communication or in- formation given to you without fear of disclosure – Legitimate Need to Know & Informed Consent • Potential breeches of confidentiality can occur 9
Protected Health Information • What is Protected Health Information (PHI)? – When a patient gives personal health information to a healthcare provider, that becomes Protected Health Information (PHI) 10
Protected Health Information § PHI Includes: § Verbal information § Information on paper § Recorded information § Electronic information (faxes, e-mails) 11
Protected Health Information • Examples of patients information – Patients name or address – Social Security or other ID numbers – Doctor’s/ Nurse’s personal notes – Billing information 12
Rules for the Use & Disclosure of PHI • PHI can be used or disclosed for – Treatment, payment, and healthcare operations – With authorization/agreement from patient – For disclosure to patient – THIS HELPS with REFERRALS AND BILLING TOO 13
Rules for the Use & Disclosure of PHI • You’re required to release PHI – When requested/authorized by the patient (some exceptions apply) – When required by the Department Health and Human Services • Patients can request a list of persons who viewed their PHI, but they too must sign a consent 14
Authorization Guidelines • Patient authorization for release of PHI must be obtained in the following situations: – Use/disclosure of psychotherapy notes – For research purposes – For use/disclosure to third parties for making activities 15
Authorization Guidelines • PHI can be used/disclosed without authorization for the following reasons: § § BIRTHS DEATHS POLICE INVESTIGATIONS SEXUALLY TRANSMITTED DISEASE § COMMUNICABLE DISEASE 16
Authorization Guidelines • PHI can be used/disclosed without authorization: – To report victims of abuse, neglect or domestic violence – To funeral homes, tissue/organ banks – To avert a serious threat to health/safety 17
• *With a MINOR it protects their privacy after a certain age and in certain circumstances. Usually a minor must be accompanied by an adult guardian, and that guardian control treatment and get all info…UNLESS: • PREGNANCY, over the age of 14 • HIV testing • Suspected cases of abuse 18
Notice of Privacy Practices Patients have the right to adequate notice concerning the use/disclosure of their PHI The Notice of Privacy Practices must contain the patient’s rights and the covered entities’ legal duties Patients are required to sign a statement that they were informed of and understand the privacy practices 19
Minimum Necessary • Over the phone it is not recommended to give out info. • If the caller knows the patient’s full name this is the ONLY info you can disclose: • Name, Room #, Stable or Critical, Religion • ***Remember, a patient can STILL request you do not even give this information out. 20
Minimum Necessary or “Need to know basis” § Identify employees who regularly access PHI. § Identify the types of PHI needed and the conditions for access. § Grant only that access necessary to perform the job. 21
Protections for Health Information • Important Safeguards – Physical Safeguards • Computer terminals are not placed in public areas – Technical Safeguards • Every associate must keep his/her password confidential – Administrative Safeguards • Policy and procedure for release of patient information 22
The Joint Commission Standards • Patients Rights – The hospital demonstrates respect for the following patient needs: • Confidentiality • Privacy • Security • Resolution of complaints • Records and information are protected against LOSS, destruction, tampering and UNAUTHORIZED ACCESS or use 23
The Joint Commission Standards • Patients Rights – Patients have a right to confidentiality of all information that is provided to the healthcare professional and institution – Health care professionals ensure that patient information is secured at all times and if there any complaints, those complaints will be resolved in a timely manner. 24
Faxing Guidelines § Located in non-public areas. § Centralized fax machines: Pick up information immediately § DO NOT FAX the following records/results: HIV results Mental Health Narcotic prescriptions Alcohol abuse Substance abuse Child abuse 25
Faxing Guidelines When you fax to outside offices: § Check the transmission print out § Verify that the correct number was dialed 26
Privacy • No photographs or recordings of any type are to be taken of patients in the clinical setting. • No cameras, palm pilots, cell phones or any electronic devices with photography capabilities are permitted in the clinical environment. • When you speak to a family member or patient in the room OR ON THE PHONE, use a low voice, give only previously indicated info and put call on hold when you walk away. Protect Your Patient! 27
Computers or Charts • Never share your password • Always log off • Close down screen or shut chart as you walk away. • Shield your computer or chart from others view 28
Enforcement of the Medical Privacy Regulations § Office for Civil Rights -A patient may complain to the Privacy Officer in a hospital … OR -The Director of Health and Human Services (HHS) 29
Patient Privacy Rights • It’s your job to make sure patients know they have the right to: – To see and copy their PHI – Protect patient’s privacy and confidentiality – Contact your hospital’s privacy administrator for any privacy concerns 30
HITECH Health Information Technology for Economic and Clinical Health Act HITECH , It’s a Federal Law, part of the American Reinvestment and Recovery Act (ARRA) Effective September 23, 2009 Updated the HIPAA rule to include protections against identity theft
HITECH (continued) Purpose: Criminal Penalties §Applies to covered health care entities and business associates. Makes massive changes to privacy and security laws • Criminal provisions §Creates a nationwide electronic health record • Sharing of civil monetary penalties with harmed individuals §Increases penalties for privacy and security violations §Breach Notification requirements (Patient, Department of Health and Human Services, and Media) • Penalties
Review • HIPAA Health Insurance Portability and Accountability Act • HIPAA protects Health Care workers must protect patient’s confidentiality • HIPAA helps with referrals and billing • • • Only share information on a NEED TO KNOW basis Information can be given over the phone but it it is limited to NAME, LOCATION, GENERAL HEALTH CONDITION, RELIGION You should never share passwords You should shield your screen from others When you walk away from the computer you must close it down Any information that needs to be destroyed MUST be SHREDDED You may speak to a relative on the phone if you give general health condition, speak in a low voice and place the call on hold if you need to walk away HIPAA is excluded in cases of BIRTH, DEATH, POLICE INVESTIGATIONS, SEXUALLY TRANSMITTED DISEASES, COMMUNICABLE DISEASES HIPAA is excluded when it involves minors and parents UNLESS a pregnancy over the age of 14 , HIV testing, Suspected cases of abuse. 33
Privacy awareness and hipaa awareness training cvs
Hipaa privacy and security awareness training
Hipaa training air force
An aggregation of ci's that has been formally reviewed
Goutresolved reviewed
Hipaa security rule self assessment toolkit
Hipaa security rule objectives
Hipaa training georgia
Geisingerconnect
Hipaa secure now
Joint commission hipaa
Hipaa pre-existing condition protections
Gillman hipaa progress note
Hippa cow
Jira hipaa
Accountable hipaa training
Gillman hipaa progress note
Uday ali pabrai
Hipaa summit
What does tpo stand for in hipaa
When should you promote hipaa awareness
Jcaho standards
What is hipaa
What is hipaa
Ada hipaa compliance kit
Hipaa vs hippocratic oath
Hipaa training strategies
Hipaa training for nurses
Hipaa vs hippa
Louisiana hipaa laws
Hipaa summit
Hipaa frequently asked questions
Hipaa breach notification decision tree
Hipaa principles
