HIPAA
HIPAA title 2 was aimed at reducing what? what are the four key components of HIPAA Title 2?
Administrative simplification is aimed at reducing paperwork and costs among health-care providers, insurance companies, billing agencies, etc.. This is called HIPAA Title II -There are four key components: •Information Security •Privacy Standards •Electronic Data Interchange (EDI) and Standard Code Sets •Unique Identifiers
HIPAA was signed/created when?
August 21,1996, the HIPAA was signed into law by President Clinton. It contained landmark provisions for "administrative simplification" of the healthcare industry.
Define HHS; what standards did congress ask HHS to establish within HIPAA ?
Congress instructed the U.S. Department of Health and Human Services (HHS) to establish standards (related to the storage and transmission of electronic health data) for the privacy and security of individually identifiable health information.
What does HIPAA mean?
Health Insurance Portability and Accountability Act
How Did HIPAA Impact Healthcare Providers?
How Does HIPAA Impact Healthcare Providers (continued) •Building organizational awareness of HIPAA •A comprehensive assessment of the organization's information security systems, policies and procedures -Developing an action plan with deadlines and timetables •Developing a technical an management infrastructure to implement the plan •Implementing a comprehensive action plan, including: 1.Developing new policies, processes, and procedures 2.Building "chain of trust" agreements with service organization 3.Redesigning a compliant technical information infrastructure 4.Purchasing new, or adapting, information systems 5.Developing new internal communications 6.Training and enforcement
3 main types of Individually Identifiable Health Information is?
Information that identifies the individual either by name or by an individually identifiable element •Information that relates to any of the following: 1.The past, present, or future physical or mental health or condition of an individual 2.The provision of health care to an individual 3.The past, present, or future payment for the provision of health care to an individual
Why was HIPAA created?
It was created to help Americans meet the challenge of obtaining and maintaining health care, especially those who are self-employed, change jobs from one company to another, or have pre-existing health conditions. Initial legislation was aimed at insurance reform and health insurance portability. This was only one aspect of HIPAA, known as HIPAA Title I
what is the Minimum Necessary rule?
Minimum Necessary" Rule •Covered entities must take responsible steps to limit the use or disclosure of, and requests for protected health information (PHI) to the minimum necessary to accomplish the intended purpose. •For uses of PHI, the policies and procedures must identify the persons or classes of persons within the covered entity who need access to the information to carry out their job duties, the categories or types of PHI needed, and conditions appropriate to such access. •The minimum necessary standard is intended to make covered entities evaluate their practices and enhance protections as needed to prevent unnecessary or inappropriate access to PHI.
Does the "Minimum Necessary" rule prohibit radiography students and other medical trainees from accessing clients' medical information in the course of their training?
Minimum Necessary" and Students •Does the "Minimum Necessary" rule prohibit radiography students and other medical trainees from accessing clients' medical information in the course of their training? No. The definition of "healthcare operations" in the rule provides for "conducting training programs in which students, trainees, or practitioners in areas of healthcare learn under supervision to practice or improve their skills as healthcare providers."
The following identifiers of the individual or of relatives, employers, or household members of the individual, are considered PHI identifiers under HIPAA....
Protected Health Information •Names •Postal address •All geographic subdivisions smaller than a state •Dates •All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age •except that such ages and elements may be aggregated into a single category of age 90 or older; •Telephone numbers •Fax numbers •Electronic mail address •Social security numbers •Medical record numbers •Account numbers •Health plan beneficiary number •Certification/license numbers •Vehicle identifiers and serial numbers, including license plate numbers •Device identifiers and serial numbers •Name of relative •Web Universal Resource Locator (URL) •Internet Protocol (IP) address number •Biometric identifiers, including fingers and voice prints •Full face photographic images and any comparable images •Any other unique identifying number, characteristic, or code
Student Responsibilities regarding client info....
Student Responsibilities •It is of the utmost importance to keep client information private and confidential. Access and disclosure of client information needs to be closely guarded without compromising client care.
What do HIPAA Privacy and Security Guidelines Accomplish?
What do HIPAA Privacy and Security Guidelines Accomplish? •They give clients more control over their health information •They set boundaries on the use and release of health records •They establish appropriate safeguards that healthcare providers, insurers, and others must implement to protect the privacy of health information •They hold violators accountable with civil and criminal penalties that can be imposed if they violate clients' privacy rights •They strike a balance when public responsibility requires disclosure of some forms of data- for example, to protect public health
Why the change? of privacy and security
Why The Change? •Medicare and Medicaid programs are outdated in their system of storing and transmitting certain healthcare information. The old ways of paper records are being replaced by improved technology and electronic devices. The ultimate goal is the development of a National Health Information System. •The new standards will provide clear guidance for how Protected information should be stored and transmitted electronically.
provisions of the Privacy Act include...
provisions of the Privacy Act •Healthcare facilities must explain the new privacy provisions, in writing, to all clients, by developing and distributing a document called a Notice of Privacy Practices •The Notice of Privacy Practices must explain clearly to clients their right to access their own medical record, how to do so, whom to call, and what forms to use •All healthcare facilities (or covered entities) must designate an individual ( usually someone from Health Information Services) to be responsible for seeing that the privacy and security procedures are adopted and followed •Clients have the right to restrict the use of protected health information as long as the restriction does not interfere with treatment, payment or operations Provisions of the Privacy Act (continued)•Clients have the right to know who has access to their protected health information •The client has the right to request that communications regarding protected health information be delivered in a confidential manner (such as no return address from the facility) •The client must be informed on how to file a complaint about possible violations of privacy •The Notice of Privacy Practices must identify the privacy officer and offer guidance on how to contact the privacy officer and what to expect in response •The client must receive information to guide the client in contacting the Department of Health and Human Services, the federal agency that oversees HIPAA
violations •Health care providers and health plans that violate the HIPAA privacy and security rules are subject to both criminal and civil penalties. These penalties range from:
• $100 per violation or $25,000 per year for unintentional violations, •Criminal penalties of fines of up to $250,000 and 10 years imprisonment per offense if the purpose of the violation is to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.
Individual Identifiable Elements Or PHI (Protected Health Information) are....
•Examples of PHI Identifiers Health information: •(i) That identifies the individual• (ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual is protected
You can help avoid inappropriate access to or disclosure of client information by the following:
•You can help avoid inappropriate access to or disclosure of client information by the following: •If you are assigned an access code for the computer, do not share it with anyone else, and always log off when leaving the computer workstation •Position computer monitors so that people walking by or visitors cannot view information •Do not leave client charts unattended where they can be accessed by unauthorized persons; always replace them in the chart rack •Refrain from making copies of confidential chart information; if it is necessary to do so, know the facility policy for disposing of the information when you no longer need it •Keep your voice down when discussing client information •Avoid discussions about clients when you are in elevators or in cafeteria lines or anywhere you could be overheard -It is preferable to close client room doors when communicating with them •Never, never discuss the client or client information with an unauthorized person •Protect containers or documents with PHI when transporting them throughout the facility •Be sure pre and post conferences are conducted in secure areas away from visitors or other unauthorized persons •Always wear identification when reviewing client charts: Uniform or lab coat with the NCTC insignia or patch, picture ID (or whatever additional ID the facility requires) •Be cautious about giving out client information over the telephone; be sure a supervisory person gives permission to do so •Just remember: Use caution and protect the client information; it is a