hipaa basics.pp2
DESCRIPTION
TRANSCRIPT
THE BASICS OF HIPAA
HIPAA: WHAT IS IT?
• HIPAA does the following: • Creates standards for protecting the privacy of
health information • Creates standards for the security of health
information • Creates standards for electronic exchange of
health information
WHAT IS COVERED BY HIPAA?
• Protected Health Information The HIPAA privacy rule covers and sets standards for the collecting, sharing and storing of a person’s Protected Health Information, or PHI, for short. PHI is information that:
• Relates to past, present or future physical or mental health or condition, payments and provisions about healthcare.
• Identifies the individual in a personal way. • Provides a reasonable basis to be used to identify the
individual. • Is created or received by a Covered Entity.
WHAT IS PRIVATE HEALTH INFORMATION?
Protected health information (PHI) is: • Individually identifiable health information • Transmitted or maintained in any form or medium by a
Covered Entity or its Business Associate • Health information, including demographic information • Relates to an individual’s physical or mental health or
the provision of or payment for health care • Identifies the individual
TYPES OF PHI
• Billing Information • Medical Insurance Forms • Prescriptions • Patient Charts/Records (Paper or Electronic)
WHAT DOES HIPAA APPLY TO?
• Forms • Spoken Communication • E-mails • Faxes
PROTECTING PHI WITH HIPAA MEANS:
• Removal of certain identifiers so that the individual who is subject of the PHI may no longer be identified
• Application of statistical method or • Stripping of listed identifiers such as:
• Names • Geographic subdivisions < state • All elements of dates • SSNs
• Not discussing PHI with anyone, other than those directly responsible for providing health care (provider, clinician, technician, etc.)
PATIENT’S RIGHTS
• Patients have the right to obtain and amend their PHI to: Request restrictions on uses and disclosures, Request more confidential communications, Receive an accounting of disclosures, Complain about privacy violations
• Use and disclosure of PHI: Patients have the right to know how their PHI Patients are entitled to know how their PHI will be
used and who will receive their PHI. • Patients have a right to see privacy disclosures regarding
their PHI
SPECIAL RULES OF HIPAA
• Special rules for certain types of entities: • Some Covered Entities have additional privacy
regulations covering areas like directories, marketing and fund raising.
• Administrative requirements of Covered Entities may keep details record-keeping and procedural compliance issues.
ENFORCEMENT OF HIPAA
• There are potential penalties and fines for noncompliance. • Penalties start at $100, and can be as strict as $25,000 per year
• If an employee or patient makes a complaint, it will be investigated, and if necessary, subsequent corrective action will follow.
• Covered Entities or programs will have a process to receive and investigate complaints.
ANTI-RETALIATION POLICY
• Retaliation against anyone who may file a complaint is strictly prohibited
• Individuals may file a complaint with either the Covered Entity or the U.S. Department of Health and Human Services.
REASONABLE PHYSICAL AND TECHNOLOGICAL SAFEGUARDS
• Telephones – How do you know the person you are talking to is authorized to receive an employee’s PHI?
• Disposing of PHI – When you dispose of PHI (both hard copy and electronic) how can you be certain that it is appropriately destroyed?
• E-mail – How can you be sure PHI is secure when it’s sent via e-mail?
• Fax machines – When faxing PHI, how can you be sure the right person will read it on the other end?
• Mail – Sending PHI through the mail may have restrictions.
• Storing PHI – Safeguarding PHI on computer databases, file cabinets, even laptop computers will have to follow procedure.
WHAT DOES THIS MEAN TO YOU?
• Do not let anyone use your username and password • Log off of your computer, when you walk away from it, • Do not use anyone else’s username and password • Do not discuss private health information of any patient outside of
the care setting • Do not discuss private health information of any patient with
someone other than a direct care giver • Do not look up any health records, unless it is a patient under your
care and the information is for the purpose of providing patient care • Do not look up your own private health information