AES: Privacy and Security

Security Rule

HIPAA provides regulations to make sure that confidential records are kept secure

Privacy

a patient's right to control the use of protected health information

emotional

abuse that includes excessive demands, insults, humiliation, jealousy, control, isolation, stalking, threats, and lack of affection/support

sexual

abuse that includes using sexual gestures, suggesting sexual behavior, and unwanted sexual touching/acts

transaction and code set rule

all medical transactions and codes have become the same nationwide; ex) nurse filing an insurance claim could use the same format for all insurance companies

Protected health information

any individually identifiable health information about a patient; info about a patients health status, insurance info, etc.; PHI

health insurance access, portability, and Renewability

created to provide continuous insurance coverage for people when they change or lose a job;

right to access of copy of protected health information

exception of psychotherapy notes; patients may access and obtain a copy of their medical records; most facilities have fees; must be done in writing within the first 30 days

entities

health care providers, health insurance providers, and health care clearinghouses, who handle insurance claims are examples

Electronic Medical Records

help the health care industry to operate more efficiently; EMR

privileged communication

information that is shared within a protected relationship; confidentiality is protected by law; ex) employer cannot ask the physician- without permission- why the employee has taken so many sick days

right to notice of privacy practices

patient must be given a written copy of the facility's rules and their rights on their first visit

right to request an amendment of protected health information

patients may request a change to their medical record if they feel that something is incorrect; must be in writing; facilities must respond in a timely fashion; requests may be denied

right to receive an accounting of disclosures of protected health information

patients may request a record of all the instances in which their personal info was disclosed; each item must include the date, name, and description, as well as reason

right to request confidential communications

patients may request reasonable, alternative forms of communication; ex) work number instead of a home number

right to request restrictions on certain uses of protected health information

patients select which items can NOT be disclosed

The Privacy Rule

provides detailed instructions for handling and protecting a patient's personal health information

disclosure

release, transfer, or provision of access to protected health information; patients must give permission for this to happen

administrative safeguards

rules for managing employees who have access to protected health records; ex) policies and security awareness training

technical safeguards

rules for protecting electronic information; ex) anti-virus software, passwords, and encrypted documents

Physical safeguards

rules for providing a safe and hazard-free environment in which to store medical records; ex) having doors, server rooms, and files locked

authorization

the permission that patients give in order to disclose protected health information

physical

type of abuse that includes hitting, kicking, pushing, shaking, pulling hair, pinching, choking, biting, burning, scalding, threatening w/ a weapon, inappropriate restraint, withholding food and water, not providing physical care, and abandonment

confidentiality

using discretion when handling protected health information

signs of abuse

-Patient statements -Unexplained injuries, such as bruises, abrasions, fractures, bite marks, and burns -Unreasonable explanations for injuries -Malnutrition and dehydration -Poor personal hygiene -Pain or bruising in the genital area -Unexplained genital infections -Emotional problems, such as anxiety, depression, aggressiveness, changes in appetite, problems at school or work

Main purposes of HIPPA

-Privacy of Health Information -Security of Electronic Records -Administrative Simplification -Insurance Portability

examples of legal or public interest issues

-When information in a medical record must be provided to a court of law -When law enforcement needs medical records to identify a suspect or missing person -When reporting cases of abuse, neglect, or domestic violence -When a patient contracts a serious communicable disease, such as tuberculosis -When births and deaths occur -When information is needed to facilitate organ transplants from deceased donors

elements of authorization

-must be in writing and in plain language -must name the entities that are allowed to receive health info -must state the people that are allowed to view health info -must state the extent of health info that is allowed to be accessed -must include a statement that patients have the right to refuse authorization(providers have a right to limit tx) -must have expiration date -must be signed and dated by patient

false

According to HIPAA, a health insurance company can deny coverage to a person with pre-existing health conditions.

True

According to the Privacy Rule in HIPAA, patients must provide written authorization before health information is released to anyone else

Health Insurance Portability and Accountability Act

What does HIPPA stand for?

release of information form

What is the name of the form that patients must sign to give permission to the medical facility to disclose health information?

1996

When did HIPPA become a law?

false

When health data is needed for research, the entire medical record is disclosed to the researchers.

Patient's other health care providers at a practice

With whom can patient information be shared without the patient's permission?