HIPAA
information is DISCLOSED
when it is transmitted: *release *transfer *provision of access to *divulging in any manner
Information is USED
when it moves within an organization: *sharing *employing *applying *Utilizing *examining *analyzing
Non-Compliance Penalties
*Financial penalties for failure to comply *Section 1176 of the Act establishes civil monitary penalty for violation. -100.00 per occurance, 25,000. max a year *Section 1777 of Act establishes penalties for knowing misuse of the unique health identifiers and individualy identifiablle health information -50,000 and/or imprisonment of not more than 1 year -misuse "under false pretenses" 100,000 or not more than 5 years imprisonment -misuse with intent to sell, transfer, or use information for commercial 250,000 or 10 years imprisonment
Title II Preventing healthcare fraud and abuse; Administrative Simplification; Medical liability form. Privacy Rule
*HIPAA standards for privacy of Individual Identifiable Health Informantion. *Protection, use, and disclosure IPA protected health information
Title I Healthcare Portability
*Portability deals with protecting healthcare coverage for employees who change jobs *Reduces risk that individuals will lose their existing healthcare coverage who are changing jobs. *Allows workers to purchase insurance on their own if coverage is lost under their employer.
Security Rule protected on:
*computer networks *the internet *disks and other storage media extranets -chart security -reception area -fax security -MA clinical station security -all patient information must be kept confidential -keep records out of sight -do not discuss the case with anyone outside the medical office
May be disclosed without authorization
*medical researchers *emergencies *funeral directors/coroners *desater relief services *law inforcement *correctional institutions *abuse and neglect *organ and tissue donation centers *work related conditions tat may affect employee health *judicial/administrative proceedings at patient request or subpoena
Patients are informed with a document called:
1. Notice of Privacy Practice 2. authorization- disclosure of patient information for purposes other than TPO Treatment,Payment,Healthcare Operation
4 requirements for an Authorization:
1.Must specify the information to be disclosed 2.Must identify the receipient of the information 3.There must be an Expiration date and revocation of authorization option 4.Individuals signature and date
3 phases of HIPAA compliance
1.Privacy 2.security 3.EDI Electronic data interchange
HIPAA
Health Insurance Portability and Accountability Act 1996 August 21,1996
Two Main Sections of the HIPAA Law
Title I: Health Care Portability Title II: Preventing Healthcare Fraud and Abuse; Administrative Simplification; Medical liability Form
HIPAA will allow provider to use healthcare information for:
for sharing: *treatment-information in order to provide care for patient *payment-information in order to receive payment for treatment provided *operations-information to conduct normal business activities,such as quality improvement