HIPAA
Portability
Being able to transfer group health insurance from one job to another
CMP
Civil monetary penalties
Summarize the documentation requirement associated with the Privacy Rule
Collection of patient information, review of patient charts, completion of billing forms, entries into accounting and bookkeeping records, and verbal discussions among healthcare providers within the organization.
CEs
Covered entity
Workforce member
Employee, volunteers, students and trainees of any healthcare organization
Notice of privacy practice Part 1
Explain the notice of privacy and explains the uses of disclosures of PHI
Consent to disclose medical info
Form not required by HIPAA but is required by many states
Business Associate
Individual or organization that provides business services to a CE and agrees to protect PHI
Authorization
Statement needed to release information for reasons other then treatment, payment or healthcare operation
Provide patients with an understanding of their rights under the Privacy Rules
Under HIPAA, individuals have the right to: -Restrict specific uses and disclosures of PHI. -Authorize the release of information. -Revoke authorization to use and disclose PHI. -Obtain a paper copy of privacy practices. -Inspect and obtain a copy of one's health records or to electronically access them. -Request to amend one's health records. -Request an accounting of disclosures. -Request communication by way of alternative means.
Notice of privacy practice acknowledgement
The patient has read and understand the notice of privacy practices and gives permission to leave a nessage about an appointment or medical info through means such as voice mail
The Privacy Rule applies to
Healthcare providers (physicians, hospitals) Business associates of healthcare entities Healthcare clearing houses (billing services) Healthcare plans (health insurance companies, HMOs)
Minimum necessary
A concept of the Privacy Rule under which CEs are required to implement reasonable policies and procedures for workforce members to limit their use and disclosure of PHI to the minimum necessary to accomplish the intended purpose.Workforce members must make a reasonable effort to disclose or use the minimum amount of PHI necessary to get the job done. Workforce members should never access medical records when there is no legitimate business reason.
Discuss the policies and procedures associated with the Privacy Rule
HIPAA defines privacy as the presence of policies and procedures to control access to protected health information (PHI). The Privacy Rule enables individuals who receive medical treatment to control the manner in which sensitive personal information is used and to whom it is disclosed.
Explain the content of HIPPA legislation is and the history behind it
HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996,it was signed into law on August 21, 1996, by President Bill Clinton.It was created to fulfill an array of goals intended to provide Americans with better access to more affordable health care.
HITECH
Health Information Technology for Economic and clinical health
HIPAA
Health Insurance Portability and Accountability Act
Title 1 of HIPAA addresses
Portability of health insurance for workers and limit the use of exclusions for pre-existing conditions
Title 2 portion of HIPAA is concerned with
Preventing health care fraud and abuse, administrative simplification and patient privacy
Discuss the consequences of and associated penalties for non-compliance with the Privacy Rule
Privacy Rule sets forth standards for the punishment of violations of patient confidentiality, including civil and criminal penalties. Under HITECH, revisions were made that significantly increased the penalty amounts that may be imposed for violations Civil Monetary Penalties (CMPs) are structured accordingly:$100-$50,000 for an offense by an individual who did not know and even if exercising reasonable diligence, would not have known that he/she violated HIPAA: -$1,000-$50,000 per violation, if the violation was due to reasonable cause and not willful neglect -$10,000-$50,000 per violation, if the violation was due to willful neglect but violation is corrected within the required time period -$50,000 per violation with an annual maximum of $1.5 million if the violation was due to willful neglect and was not corrected riminal violations are handled by the Department of Justice (DOJ) and are structured accordingly: -Up to $50,000 in fines and 1 year in prison for CEs that knowingly obtain or disclose identifiable health information -Up to $100,000 in fines and 5 years in prison if an offense is committed under false pretenses -Up to $250,000 in fines and 10 years in prison if an offense is committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm
Explain the purpose of the HIPPA privacy rule
The Privacy Rule establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. It was published and became effective on April 14, 2001. Healthcare-related organizations were required to implement standards and to be in compliance by April 14, 2003.
Identify the various components of the HIPPA legislation
Title I-Health Care Access, Portability, and Renewability Title II-Preventing Health Care Fraud and Abuse Administrative Simplification Medical Liability Reform Title III-Tax-Related Health Provisions Title IV-Application and Enforcement of Group Health Insurance Requirements Title V-Revenue Offsets
Interpret the core requirement of the privacy rule
To protect patient information from being used or disclosed improperly To give patients greater control over the sharing of their information To increase patient access to information
TPO
Treatment,payment, or healthcare operation