AES: Privacy and Security
Security Rule
HIPAA provides regulations to make sure that confidential records are kept secure
Privacy
a patient's right to control the use of protected health information
emotional
abuse that includes excessive demands, insults, humiliation, jealousy, control, isolation, stalking, threats, and lack of affection/support
sexual
abuse that includes using sexual gestures, suggesting sexual behavior, and unwanted sexual touching/acts
transaction and code set rule
all medical transactions and codes have become the same nationwide; ex) nurse filing an insurance claim could use the same format for all insurance companies
Protected health information
any individually identifiable health information about a patient; info about a patients health status, insurance info, etc.; PHI
health insurance access, portability, and Renewability
created to provide continuous insurance coverage for people when they change or lose a job;
right to access of copy of protected health information
exception of psychotherapy notes; patients may access and obtain a copy of their medical records; most facilities have fees; must be done in writing within the first 30 days
entities
health care providers, health insurance providers, and health care clearinghouses, who handle insurance claims are examples
Electronic Medical Records
help the health care industry to operate more efficiently; EMR
privileged communication
information that is shared within a protected relationship; confidentiality is protected by law; ex) employer cannot ask the physician- without permission- why the employee has taken so many sick days
right to notice of privacy practices
patient must be given a written copy of the facility's rules and their rights on their first visit
right to request an amendment of protected health information
patients may request a change to their medical record if they feel that something is incorrect; must be in writing; facilities must respond in a timely fashion; requests may be denied
right to receive an accounting of disclosures of protected health information
patients may request a record of all the instances in which their personal info was disclosed; each item must include the date, name, and description, as well as reason
right to request confidential communications
patients may request reasonable, alternative forms of communication; ex) work number instead of a home number
right to request restrictions on certain uses of protected health information
patients select which items can NOT be disclosed
The Privacy Rule
provides detailed instructions for handling and protecting a patient's personal health information
disclosure
release, transfer, or provision of access to protected health information; patients must give permission for this to happen
administrative safeguards
rules for managing employees who have access to protected health records; ex) policies and security awareness training
technical safeguards
rules for protecting electronic information; ex) anti-virus software, passwords, and encrypted documents
Physical safeguards
rules for providing a safe and hazard-free environment in which to store medical records; ex) having doors, server rooms, and files locked
authorization
the permission that patients give in order to disclose protected health information
physical
type of abuse that includes hitting, kicking, pushing, shaking, pulling hair, pinching, choking, biting, burning, scalding, threatening w/ a weapon, inappropriate restraint, withholding food and water, not providing physical care, and abandonment
confidentiality
using discretion when handling protected health information
signs of abuse
-Patient statements -Unexplained injuries, such as bruises, abrasions, fractures, bite marks, and burns -Unreasonable explanations for injuries -Malnutrition and dehydration -Poor personal hygiene -Pain or bruising in the genital area -Unexplained genital infections -Emotional problems, such as anxiety, depression, aggressiveness, changes in appetite, problems at school or work
Main purposes of HIPPA
-Privacy of Health Information -Security of Electronic Records -Administrative Simplification -Insurance Portability
examples of legal or public interest issues
-When information in a medical record must be provided to a court of law -When law enforcement needs medical records to identify a suspect or missing person -When reporting cases of abuse, neglect, or domestic violence -When a patient contracts a serious communicable disease, such as tuberculosis -When births and deaths occur -When information is needed to facilitate organ transplants from deceased donors
elements of authorization
-must be in writing and in plain language -must name the entities that are allowed to receive health info -must state the people that are allowed to view health info -must state the extent of health info that is allowed to be accessed -must include a statement that patients have the right to refuse authorization(providers have a right to limit tx) -must have expiration date -must be signed and dated by patient
false
According to HIPAA, a health insurance company can deny coverage to a person with pre-existing health conditions.
True
According to the Privacy Rule in HIPAA, patients must provide written authorization before health information is released to anyone else
Health Insurance Portability and Accountability Act
What does HIPPA stand for?
release of information form
What is the name of the form that patients must sign to give permission to the medical facility to disclose health information?
1996
When did HIPPA become a law?
false
When health data is needed for research, the entire medical record is disclosed to the researchers.
Patient's other health care providers at a practice
With whom can patient information be shared without the patient's permission?