HIPAA

Health Insurance Portability and Accountability Act of 1996

- National uniform standards for electronic transactions in health care - Creation of "privacy rule" to safeguard personal health information Concern that increase in electronic transactions could lead to unauthorized disclosures of personal health information ***Do not disclose information about patient Final Implementation Date - April 14, 2003

Providers

- No need to get patient's consent to share PHI for TPO (treatment payments or healthcare operations)

Covered Workforce

All providers - Physicians, dentists, pharmacists, etc. All allied health professionals - Nurses, PT, OT, etc. All non-healthcare professionals that view PHI - Pharmacy techs and clerks

Clinical v. non-clinical education

Clinical - Hospital Rounds - Supervised Treatment Non-clinical - Classroom Instruction - Grand Rounds - Case-Based Studies

Definitions

Covered Entity (CE) Covered Workforce (CW) TPO Consent Notification of privacy rules Authorization Minimum necessary

Covered Entity

Health plans Health care clearinghouses Certain health care providers

Notice of Privacy Practices

Signature maintained for 6 years

Privacy rule compliance alternatives for non-clinical education

-deidentify -obtain authorization from pt

Healthcare Operations

-review competence of health care professions -evaluation practioner -legal compliance -conducting training programs

TPO allowed disclosures - Pharmacy

1. Treatment 2. Payment 3. Healthcare Operation

USC Implementation

Education - Mandatory online tutorial - Print certificate ***Each site might make you take their own HIPAA program

No Consent or Authorization Needed

No need if 1. controlling disease 2.preventing child abuse 3. person under jurisdiction of FDA