HIPAA Test Review

What are the three types of penalties?

-Inadvertent -civil -Criminal

Why do we need HIPAA?

1) Technology

What are the key points of HIPAA?

1. Any personally identifiable information is now confidential 2. Patients are allowed access to copies of their MR 3. HCP must now provide a written statement to the pt that states how personal information may be used (pt rights of confidentiality) 4. The use of personal medical information is now limited 5. Discussion of Healthcare options and tx options 6. Pt may now request confidential communication be done in a way they prefer

When is disclosure required?

1. Crime has been committed 2. Abuse 3. STD's,TB 4. Organ donation 5. Death- funeral; director

What are the 3 major focus areas of HIPAA?

1. Electronic Data Interchange 2. Security 3. Privacy

Why is privacy and confidentiality important?

1. Patient's expectations of privacy and confidentiality are important to providing quality care 2. Affects all aspects of care: hospitals, outpatient, diagnostic, or the business office 3. Laws have increased in strength in response to situations in which private information has ended up in the wrong hands

What some examples of Protected health information?

1. Physical and Mental health 2. Provision of health care to patient 3. Payment for the patient's health care 4. Anything that can be communicated orally in written form or through other media Ex. Name, date of birth, SS #, address, phone #, patient account #, date, location of healthcare service, Dx., Tx., meds, email address, photo, lab results.

What are the 5 parts of HIPAA?

1. Portability 2. Standardization 3. Administration Simplification 4. Accountability 5. Privacy Protection

What does the privacy rule do?

1. Protects the privacy and the security of individually identifiable health information 2. Establishes the 6 patient rights of health information

What are the 6 patients rights of health information?

1. Receive notice of privacy policies 2. Access to health information on file 3. Limit uses and disclosures of medical information 4. Make amendments to medical record 5. Revoke authorizations 6. Have an accounting of info disclosures for up to 6 years

What are some inappropriate uses of PHI (Personal Health Information)?

1. Selling information for databases 2. Advertising

What are the Benefits of HIPAA?

1. Uniform billing process 2. Use of electronic transmittals 3. Continuity in patient care 4. Employment opportunities-HIPAA officers, Office of Civil Rights expanded, fraud squads, hotlines 5. Violation of confidentiality now a federal crime !!!

Who must comply?

A. Any person who deals with individually identifiable health information B. Direct care providers C. People who handle billing D. People who plan health operations E. Those providing pieces of service

What does HIPAA's standards provide patients with?

Access to their medical records and more control over how their personal health information is used and disclosed

What is the civil penalty and what are the fines?

Civil- Done w/o intent to gain, but deliberate: $ 100.00 per violation up to $25,000.00 per year for each violation-

What is "Portability"?

Continuity of coverage access; denial of coverage based on pre-existing conditions

What is a criminal penalty and what are the fines?

Deliberate, for gain, causes harm- $250,000.00 in fines and up to 10 years jail time

Who developed HIPAA?

Department of Health and Human Services (HHS)

How is protected health information used?

Determine what services patients are to receive Use confidential information to be able to bill patients or their insurance companies Quality control directors review information to make sure patients are receiving quality care

What are some examples of the "minimum necessary" rule?

Ex. Limit use of faxes for highly sensitive information, verify numbers & availability of receiver, keep fax machines secure, remove fax promptly on arrival.

What is an example of inadvertent penalty?

Example: Nurse takes copy of lab results home with her

What is an example of a civil penalty?

Example: Practice signing in with "Reason for Visit" column

What is an example of criminal penalty?

Example: Publishing- or allowing the publishing of health status or care detail of a patient

What is HIPAA?

Federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

Where is authorization for PHI usage obtained from when it's used for something other than treatment, payment, or routine operations?

From The Patient

What does HIPAA stand for?

Health Insurance Portability & Accountability Act

What are the Minimum Necessary Rule Deciding Questions?

How much information are you planning to use or disclose? •How important is it that you use/disclose this information? •What is the likelihood that further uses or disclosures could occur? •Where is the information being disclosed (location) and in what form (paper, verbal, or electronic)

What is the Inadvertent penalty and what are the fines?

Inadvertent-standards in place, safe guards present, still happened: None

What is the "minimum necessary" rule?

Information can be disclosed to other health care providers if the information is for treatment. Only minimal amount of PHI is handled

What does HIPAA do?

It reduces health care fraud, guarantee security and privacy of healthcare info., enforce standards for electronic data interchange

What was an advantage of HIPAA?

It's uniform, federal floor of privacy protections for consumers across the country.

If authorization for PHI is given by the patient what are the requirements?

Must be in writing and the patient voluntarily agrees to let the organization use the information for a particular purpose

What are the Responsibilities of the HCP w/ HIPAA?

Must have a written privacy procedure (Notice of Privacy practices- this tells patients their rights to their own records, make copies, and request amendments to them) •Must educate their staff on proper procedures for maintaining confidentiality •HCP are permitted but not obligated to disclose confidential inform. For public health purposes

What is "Standardization"?

Of billing of format and language

What is "Privacy Protection"?

Oral, written, electronic information management

What is required when acting on the "minimum necessary" rule?

Patient's consent for release.

What is the patient's right if they authorize usage of PHI other than the need of Payment, Treatment, or routine operations?

Patients have the right to revoke at any time

What did the law have to include in HIPAA to protect the patient?

Privacy and Confidentiality rules

What does PHI stand for?

Protected Health Information

What is "Accountability"?

Same computer language industry wide

What is "Administration Simplification"?

Same computer language industry wide

What as not affected by HIPAA?

State laws providing additional protections to consumers are not affected by this new rule

Why were Privacy and Confidentiality rules included in HIPAA?

To protect the patient

When did HIPAA take effect?

Took effect on April 14, 2003.

What is protected health information?

When patients provide information to their providers they expect only people who are caring for them will see it and it be used to help care for them

What were the goals that HIPAA was designed for?

limiting administrative cost of health care, *privacy issues*, and *preventing fraud* and abuse were of primary importance. The law has also had to *include privacy and confidentiality rules to protect the patient*

What are the covered entity Responsibilities?

•Establish clear policies and practices that minimize information revealed •Maintain training •Obtain authorizations and maintain files

What does HIPAA give patients?

•HIPAA gives the patients the right to inspect and copy the PHI that your facility keeps about them

What is the Minimum Necessary Rule of Thumb?

•If someone asks for information about a patient's case, ask why it is needed and disclose only the minimum amount necessary for that person to do his or her job.

What should I do if a patient asks about a patient?

•If visitors ask about a patient, direct them to the information desk, the compliance officer or medical records department

When is authorization not needed?

•Information about an organ donor •About a deceased patient •For fundraising as long as the information is limited to individual demographics and dates of service

What are some Confidentiality Practices You should see?

•Policy updates every 2 years •Password changes •Implementing and maintaining valid training programs •Implementing disciplinary measures when policies are violated •Maintain method to identify and report fraud practices or confidentiality violations

What are the Special Protection Implementations?

•Psychiatric situations •Genetic Treatment •HIV/AIDS

What are some general forms that patients can obtain because of HIPAA?

•Specific forms such as General Records Release, Authorization for Use or Disclosure of PHI

What is "Permitted Disclosure without Authorization"?

•When public responsibility requires disclosure

What are some HIPAA exceptions?

•When the HCP believes that it is not in the patient's best interest •When it may endanger the life of physical safety of the patient or another person