HIPAA
Health Insurance Portability and Accountability Act of 1996
- National uniform standards for electronic transactions in health care - Creation of "privacy rule" to safeguard personal health information Concern that increase in electronic transactions could lead to unauthorized disclosures of personal health information ***Do not disclose information about patient Final Implementation Date - April 14, 2003
Providers
- No need to get patient's consent to share PHI for TPO (treatment payments or healthcare operations)
Covered Workforce
All providers - Physicians, dentists, pharmacists, etc. All allied health professionals - Nurses, PT, OT, etc. All non-healthcare professionals that view PHI - Pharmacy techs and clerks
Clinical v. non-clinical education
Clinical - Hospital Rounds - Supervised Treatment Non-clinical - Classroom Instruction - Grand Rounds - Case-Based Studies
Definitions
Covered Entity (CE) Covered Workforce (CW) TPO Consent Notification of privacy rules Authorization Minimum necessary
Covered Entity
Health plans Health care clearinghouses Certain health care providers
Notice of Privacy Practices
Signature maintained for 6 years
Privacy rule compliance alternatives for non-clinical education
-deidentify -obtain authorization from pt
Healthcare Operations
-review competence of health care professions -evaluation practioner -legal compliance -conducting training programs
TPO allowed disclosures - Pharmacy
1. Treatment 2. Payment 3. Healthcare Operation
USC Implementation
Education - Mandatory online tutorial - Print certificate ***Each site might make you take their own HIPAA program
No Consent or Authorization Needed
No need if 1. controlling disease 2.preventing child abuse 3. person under jurisdiction of FDA