Transcript HIPAA Health Insurance Portability and Accountability Act 1

HIPAA
Health Insurance Portability and
Accountability Act
1
3
HIPAA
•
Who? What? Why? When?
4
Confidentiality in…
•
•
•
•
•
Hospitals
Skilled Nursing Facilities
Doctor’s Offices
Employers
Schools
•
Anyone with your health information must
keep it confidential and abide by HIPAA. It
applies to ALL health care providers.
5
HIPAA is…
•
Related to all medical records.
▫
▫
▫
Written
Computerized
In use or stored.
What is Protected Health Information (PHI)?
According to HIPP all of the following can be used to
identify a patient:
• Addresses
• Dates
• Telephone or fax numbers
• SSN
• Medical Record Numbers
• Patient Account Numbers
• Insurance Plan Numbers
• Vehicle Information
• License Number
• Photographs
• Fingerprints
• Email & Internet addresses
Protected Health Information (PHI)
PHI is information that is can identify an
individual personal health information.
Removing a person’s name is no longer a
sufficient way to de-identify a patient.
ANY Health information that identifies
someone or can be used to identify
someone MUST BE PROTECTED.
8
Why HIPAA?
•
•
•
•
Health information continues to grow and
become more sophisticated.
It requires more protection than ever.
Identity theft.
Put in place penalties for violations of the law.
9
When HIPAA?
•
Mandated to be in place by April 2003.
▫
Although the actual law was on the books much
earlier in 1999.
So tell me what you know…
•
•
•
•
Who has to obey HIPAA laws?
What does HIPAA stand for?
Where does HIPAA apply?
When was HIPAA mandated to be in place?
11
HIPAA
•
What does this mean to you?
12
HIPAA Compliance
 Read only charts and information
you need to do your job or
assignment.
 Ensure any questions you ask of
others to enhance your learning are
done when others are not within
hearing range.
HIPAA Compliance
• When discussing patient conditions in the
classroom, do not use names or anything that
would allow others to pick the patient out of a
room.
• Good: A male in his mid-forties had…
• Bad: The male in room 224.
• Good: A teenage girl…
• Bad: The 16 year old girl, with brown hair
wearing a plaid skirt…
14
HIPAA Compliance
 Discuss patient information/ condition
only with those who need to know as a
part of their job.
 Do not discuss patient information in
the halls or in public areas.
 You never know who may be listening.
So tell me what you know…
• Explain what HIPAA Compliance means to you.
• What can you do to protect patient privacy?
• Describe someone in this room in a way where
we may not know who they are.
• Now describe someone in a way we will be able
to guess.
16
Consents
17
Consents
•
•
Patients (only) may request their records be
released to others for any number of reasons.
All consents must be in writing and need to be
kept with the medical record.
18
Consents
• Life insurance
• Family records
• Family physician
19
Consents
•
•
Some releases or authorizations require a nonstaff member to sign as a witness.
Students may not fulfill this request.
What is TPO?
TreatmentProviding care to patients
PaymentGetting paid for caring for patients
OperationsNormal business activities; such as, quality
improvements, training, auditing, customer service,
and resolution of grievances.
So tell me what you know…
•
•
•
•
Why are consents important?
Who can give consent?
Where should consents be stored?
What are a few examples of why a patient may
want their medical records.
Covered Entities & Business
Agreements
22
23
Covered Entities
•
•
If a facility bills their sources of payment
(insurance companies, MediCare, etc.) via
electronic means, they become a covered
entity.
Covered Entities may share information, as
needed to do their job, without the consent of
the individual.
24
Covered Entity – Example of
sharing information appropriately.
• For example, the hospital bills MediCare for a
patient’s stay. MediCare request additional
medical records to support the reason for the
length of stay at the hospital.
• The hospital may send the information to
MediCare without consent.
So tell me what you know…
• Who is a Covered Entity?
• When can a facility share information with
them?
• Does the patient need to consent when records
are sent to a Covered Entity?
• Does the patient need to consent when records
are given to a marketing firm?
26
Why a Business Agreement?
•
•
•
If a healthcare provider does business with
another who is not a covered entity.
The non-covered entity requires information
about patients in the healthcare facility to do
their job properly.
The healthcare provider may enter into a
Business Agreement with the non-covered
entity.
What is a Business Agreement?
• A contract between a non-covered entity and a
healthcare provider.
• Non-covered entity agrees to use patient information
strictly as a part of their job (i.e. billing, providing home
health services, etc).
• Non-covered entity will not use information
inappropriately (sell info to marketing company, to
solicit patient, etc).
• Non-covered entity will protect information, destroy
information properly, and abide by HIPAA rules and
laws.
28
What is a Business Agreement?
• The Agreement must be reviewed and approved
by the appropriate Officer within the
organization, often the Privacy Officer or
Compliance Officer.
• An example would be a DME company who
provides custom wheelchairs to rehabilitated
patients.
• DME → Durable Medical Equipment
So tell me what you know…
•
•
•
•
Who needs a Business Agreement?
What is a Business Agreement?
Why is a Business Agreement necessary?
Can any staff member approve a Business
Agreement?
Don’t leave confused…