Scribd
Upload
457 views31 pages

HIPAA

The document discusses the history and requirements of HIPAA, the federal law protecting patient privacy and confidentiality. It was enacted in 2003 after patients received unsolicited mail from pharmaceutical companies about medical conditions. HIPAA established rules for handling protected health information (PHI) and restricting its disclosure without patient authorization. Covered entities must implement safeguards to secure PHI and notify patients of privacy practices. The law was later updated by HITECH to strengthen enforcement and address identity theft.

Uploaded by

Fuego McFuego
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
457 views31 pages

HIPAA

The document discusses the history and requirements of HIPAA, the federal law protecting patient privacy and confidentiality. It was enacted in 2003 after patients received unsolicited mail from pharmaceutical companies about medical conditions. HIPAA established rules for handling protected health information (PHI) and restricting its disclosure without patient authorization. Covered entities must implement safeguards to secure PHI and notify patients of privacy practices. The law was later updated by HITECH to strengthen enforcement and address identity theft.

Uploaded by

Fuego McFuego
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 31

HIPAA

THE PRIVACY RULE

Reviewed December 2012

HISTORY
In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail.
2

HISTORY
Many of these patients were concerned on how the pharmaceutical companies were notified of their disease.
3

HISTORY
After much investigation, the Physician, the Pharmaceutical company and a well known Pharmacy chain were all indicted on breach of confidentiality charges.
4

HISTORY
This is just one example of why the Federal government needed to step in and assist in protecting patient privacy.

Definitions
Privacy state of being concealed; secret Confidentiality containing secret information (medical record) Authorization to give permission for; to grant power to Breach Confidentiality to break an agreement, to violate a promise
6

HIPAA
Health Insurance Portability and Accountability Act
Much of the patients health information is documented in a computerized format. Protecting this information has become vitally important. The first federal legislation (effective April 14, 2003) that attempts to protect a patients right to privacy, and the security and access of personal medical information and usage.
7

HIPAA
Privacy Rule
Imposes restrictions on the use/disclosure of personal health information Gives patients greater protection of their medical records Hopefully provides patients with greater peace of mind related to the security of their information

Confidentiality
Deals with:
Communication or in-

formation given to you without fear of disclosure Legitimate Need to Know & Informed Consent

Potential breeches of confidentiality can occur


9

Protected Health Information


What is Protected Health Information (PHI)?
When a patient gives personal health information to a healthcare provider, that becomes Protected Health Information (PHI)

10

Protected Health Information


PHI Includes:
Verbal information Information on paper Recorded information Electronic information (faxes, e-mails)
11

Protected Health Information


Examples of patients information
Patients name or address Social Security or other ID numbers Doctors/ Nurses personal notes Billing information

12

Rules for the Use & Disclosure of PHI


PHI can be used or disclosed for
Treatment, payment, and healthcare operations With authorization/agreement from patient For disclosure to patient

13

Rules for the Use & Disclosure of PHI


Youre required to release PHI
When requested/authorized by the patient (some exceptions apply) When required by the Department Health and Human Services

Patients can request a list of persons who viewed their PHI, but they too must sign a consent

14

Authorization Guidelines
Patient authorization for release of PHI must be obtained in the following situations:
Use/disclosure of psychotherapy notes For research purposes For use/disclosure to third parties for making activities

15

Authorization Guidelines
PHI can be used/disclosed without authorization for the following reasons:
To inform appropriate agencies Public health activities related to disease prevention/control
16

Authorization Guidelines
PHI can be used/disclosed without authorization:
To report victims of abuse, neglect or domestic violence To funeral homes, tissue/organ banks To avert a serious threat to health/safety

17

Notice of Privacy Practices


Patients have the right to adequate notice concerning the use/disclosure of their PHI The Notice of Privacy Practices must contain the patients rights and the covered entities legal duties Patients are required to sign a statement that they were informed of and understand the privacy practices

18

Minimum Necessary
What are the Minimum Necessary requirements?
Use/disclosure of PHI is limited to the minimum amount of health information required to do the job

It means:
Development of polices/practices on sharing health information
19

Minimum Necessary
Identify employees who regularly access PHI. Identify the types of PHI needed and the conditions for access. Grant only that access necessary to perform the job.
20

Protections for Health Information


Important Safeguards
Physical Safeguards
Computer terminals are not placed in public areas

Technical Safeguards
Every associate must keep his/her password confidential

Administrative Safeguards
Policy and procedure for release of patient information
21

The Joint Commission Standards


Patients Rights
The hospital demonstrates respect for the following patient needs: Confidentiality Privacy Security Resolution of complaints Records and information are protected against LOSS, destruction, tampering and UNAUTHORIZED ACCESS or use
22

The Joint Commission Standards


Patients Rights
Patients have a right to confidentiality of all information that is provided to the healthcare professional and institution Health care professionals ensure that patient information is secured at all times and if there are any complaints, those complaints will be resolved in a timely manner.
23

Faxing Guidelines
Located in non-public areas. Centralized fax machines: Pick up information immediately DO NOT FAX the following records/results: HIV results Mental Health Narcotic prescriptions Alcohol abuse Substance abuse Child abuse
24

Faxing Guidelines
When you fax to outside offices: Check the transmission print out Verify that the correct number was dialed
25

Privacy
No photographs or recordings of any type are to be taken of patients in the clinical setting. No cameras, palm pilots, cell phones or any electronic devices with photography capabilities are permitted in the clinical environment.

Protect Your Patient!


26

Enforcement of the Medical Privacy Regulations


Office for Civil Rights
-A patient may complain to the Privacy Officer in a hospital OR -The Director of Health and Human Services (HHS)

27

Patient Privacy Rights


Its your job to make sure patients know they have the right to:
To see and copy their PHI Protect patients privacy and confidentiality Contact your hospitals privacy administrator for any privacy concerns

28

HITECH
Health Information Technology for Economic and Clinical Health Act

HITECH , Its a Federal Law, part of the American Reinvestment and Recovery Act (ARRA) Effective September 23, 2009
Updated the HIPAA rule to include protections against identity theft

HITECH (continued)
Purpose:
Applies to covered health care entities and business associates. Makes massive changes to privacy and security laws

Criminal Penalties
Criminal provisions Penalties

Creates a nationwide electronic health record


Increases penalties for privacy and security violations Breach Notification requirements (Patient, Department of Health and Human Services, and Media)

Sharing of civil monetary penalties with harmed individuals

What can you do?


If you have any questions, ask your clinical instructor or contact the hospitals Privacy Administrator

31

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy