HIPAA & YOU

Download Report

Transcript HIPAA & YOU 

HIPAA & YOU
A practical guide to privacy and security for
MTs.
Theresa Leppert, RHIT
1
• Who is Theresa Leppert, RHIT, LMT and why is she
presenting on the topic of HIPAA?
Theresa Leppert, RHIT, LMT
2
• HIPAA – Health Insurance Portability & Accountability
Act.
• PHI – Protected Health Information
• CE – Covered Entity
• BA – Business Associate
• ARRA – American Recovery and Reinvestment Act
• HITECH – Health Information Technology for Economic
& Clinical Health
Vocabulary/abbreviations
3
• I know what HIPAA is already, okay….
• <Scratches head> but what the heck is ARRA and/or HITECH?
•
•
American Recovery and Reinvestment Act (The Stimulus Plan)
Health Information Technology for Economic and Clinical Health Act
HIPAA, ARRA, HITECH
4
• Under HITECH, physicians can qualify for up to $44,000 in
Medicare bonus incentives, and/or $65,000 in Medicaid bonus
incentives if they demonstrate “meaningful use” of an
Electronic Health Record.
• What is meaningful use?
• So how does ARRA and/or HITECH affect me?
• As a patient, that means in the near future (if not now), your
medical providers will have an electronic record on you.
• As an MT…… Well, I am sure you have already seen changes
in our industry.
ARRA/HITECH
5
Year of
Use
2011
2012
2013
2014
2015
2016
Totals
$$
$18,000 $12,000 $8,000
Incentive
$4,000
$2,000
$18,000 $12,000 $8,000
$4,000
$2,000
$44,000
$15,000 $12,000 $8,000
$4,000
$39,000
$15,000 $8,000
$8,000
$31,000
$44,000
Medicare HITECH timeline
6
ARRA/HITECH FAQs
Year
2011
$25,000
2012
$10,000 $25,000
2013
$10,000 $10,000 $25,000
2014
$10,000 $10,000 $10,000 $25,000
2015
$10,000 $10,000 $10,000 $10,000 $25,000
1%
2016
$10,000 $10,000 $10,000 $10,000 $25,000 2%
2017
$10,000 $10,000 $10,000 $10,000 3%
2018
$10,000 $10,000 $10,000
2019
$10,000 $10,000
2020
$10,000
Totals
$65,000 $65,000 $65,000 $65,000 $65,000 $65,000
Medicaid HITECH Timeline
7
ARRA/HITECH FAQs
•
•
•
•
•
•
•
•
•
•
•
Hospitals
Skilled nursing facilities
Nursing facilities
Home health entities
Long term care facilities
Health care clinics
Community mental health centers
Renal dialysis Facilities
Blood Centers
Ambulatory Surgery Centers
Emergency medical svc providers
•
•
•
•
•
•
•
•
•
Federally qualified health centers
Group practices
Pharmacies
Laboratories
Physicians (MD, DO, DDS,
DDM, DPM, OD, DC)
Practitioners (PA, NP, CNS,
CRNA, CNM, CSW, Psy, RD)
Indian Health Svc Providers
Rural Health Clinics
Therapists
Who is eligible for HITECH
Incentives?
8
ARRA/HITECH FAQs
•
•
•
•
•
Free clinics that do not bill Medicare or Medicaid
Physical therapists
Hospital-based physicians
Acupuncturists and other holistic providers
Any practice not eligible for Medicare or Medicaid
payments
Who is NOT eligible for
HITECH incentives?
9
• I am the owner of an MTSO, what do I need to
focus on? Well, best practices dictate:
• Confidentiality Agreement
• Secure work area
• Destruction of PHI
• Email encryption
• Voice files/Demog systems – passwords!
MTSO Owners
10
• The MTSO should require assurance (contractually!) of
the following for offsite computer security purposes:
• Work computer ONLY, password protected
• Firewalls
• Antivirus, Malware, and Operating System UTD
• No gaming/music file-sharing programs
• Repairs – remove PHI!
• Contract terminations – Destruction Certification
MTSO Owners – cont’d
11
•
•
•
•
•
•
•
I work at home, what do I need to focus on?
Secure location
Screen facing away
Password protected
Screen saver/Auto Logoff
Consider privacy screen
Shredder
At-Home MTs
12
WEDI-SNIP Security and Privacy Workgroup
• Be ALERT to potential risks! The following
can mitigate those risks….
• Shred anything that has PHI
• Never leave PHI unattended
• De-identify reports (i.e. sample rpts, QA rpts)
• Encrypt Emails!
• Don’t hold PHI any longer than needed
• Restrict others from using your work PC
At-Home MTs – cont’d
13
• Does anyone still fax? YES! How
can I mitigate my risk?
• Only fax if absolutely necessary
• Use a coversheet – and have a
disclosure statement on coversheet!
• Double- and triple-check fax numbers
(Preprogram if possible!)
• Retain coversheet and fax
confirmation for 1 year
To Fax or not to Fax?
14
• Unintentional breach
• Deliberate unauthorized access without PHI disclosure
• Deliberate unauthorized disclosure or deliberate
tampering without personal gain
• Deliberate unauthorized disclosure for personal gain
What is considered a
BREACH?
15
HIPAA Compliance for MTs
Possible Penalties
16
• Depends on the level of the breach!
• Unintentional
• Contact recipient, ask to destroy the PHI
• Document situation/said destruction
• Notify privacy officer (if you have one.)
• Deliberate – all of the above, plus:
• Institute disciplinary process, possible immediate
termination
We had a breach – now
what?
17
• (Yes, I said FUN!)
• This website has some HIPAA Games that are great
training tools – I highly recommend these! (Choose
Security and Privacy Challenge)
• http://www.healthit.gov/providers-professionals/privacysecurity-training-games
How to make HIPAA fun
18
• Medical Identity Theft!
• In 2013, medical-related identity theft accounted for 43%
of all ID thefts in the United States.
• The US Dept. of HHS says since 2009, between 27.8
million and 67.7 million medical records have been
breached.
So why is all this so
important?
19
• Illegal or bogus treatment – fraudulent claims
• Theft of medical services, from simple ER visits to
complex surgeries
• To obtain prescription drugs
Motives for MID theft
20
•
•
•
•
Ruined Credit
Loss of Healthcare Coverage
Inaccurate records that are difficult to correct.
Legal troubles
The price of M.I.D. Theft
21
• A bill for medical services you didn’t receive
• A call from a debt collector about a medical debt you
don’t owe
• Medical collection notices on your credit report
• A notice from your health plan about reaching benefit
limit
• Denial of insurance because your records show a
condition you do not have
Signs of M.I.D. Theft
22
QUESTIONS???
23
• ARRA/HITECH FAQs http://www.arrahitechsolutions.com/ARRA_HITECH_Act_FAQ_s.html#What_is
_HITECH
• MT’s Checklist by WEDI-SNIP Security and Privacy Workgroup.
• HIPAA Compliance for MTs http://support.mededocs.com/documents/HIPAA_Compliance_for_MTs.pdf
• HIPAA Privacy and Security – AHDI online resources.
http://www.ahdionline.org/Resources/DocumentsandStandards/HIPAAPrivacyan
dSecurity/tabid/272/Default.aspx
• Economic Stimulus Act Expands HIPAA, funds Health Information Technology.
http://www.ssd.com/files/Publication/18eaf3fa-2703-47f7-bcdea1031986bcf4/Presentation/PublicationAttachment/84c34466-763f-4c83-b8dea1dcea0d7041/Healthcare_Alert_Economic_Stimulus_Act_Expands_HIPAA_Fu
nds_Health_Information_Technology_022009.pdf
• “Safeguarding PHI: Focus Points for Offsite Transcriptionists” Diane Hatch and
Renee M. Priest, CMT.
Sources
24
•
•
•
•
“HIPAA for MTs” Version 1.0 from AAMT.org
Select Medical Frequently Asked Questions
2014-2015 Select Medical HIPAA Awareness – Non-Workforce Edition
HealthIT.gov Security Training Games http://www.healthit.gov/providers-professionals/privacy-securitytraining-games
• “Medical Identity Theft” Consumer Information from FTC.
http://www.consumer.ftc.gov/articles/0171-medical-identity-theft
• “The Rise of Medical Identity Theft In Healthcare” by Michael Ollove.
http://www.kaiserhealthnews.org/stories/2014/february/07/rise-ofindentity-theft.aspx
• “Medical Identity Theft” by Coalition Against Insurance Fraud.
http://www.insurancefraud.org/scam-alerts-medical-id-theft.htm
Sources – Cont’d
25