sylvia hipaa powerpoint presentation 2010(2)

What We Need to Know What We Need to Know about HIPAAabout HIPAA

Sylvia Rainwater, RN, BSNSylvia Rainwater, RN, BSN

PN InstructorPN Instructor

South Arkansas Community CollegeSouth Arkansas Community College

Edited by Brenda Holmes MSN/Ed, RN

Purpose of this TrainingPurpose of this Training

To provide SACC Faculty and Nursing To provide SACC Faculty and Nursing Students with the knowledge & Students with the knowledge & understanding of HIPAA understanding of HIPAA

Why privacy is important. Why privacy is important.

To enhance awareness of the nursing To enhance awareness of the nursing student’s role in protecting a patients student’s role in protecting a patients health information.health information.

Possible consequences and penalties for Possible consequences and penalties for violation HIPAA lawsviolation HIPAA laws

HIPAA HIPAA

HHealthealth

IInsurance nsurance

PPortability and ortability and

AAccountability ccountability

AAct ct

IT’S THE LAW!

Trivia QuestionTrivia Question

How many words are in the Health How many words are in the Health Insurance Portability and Accountability Insurance Portability and Accountability Act?Act?

How many lines are in the Health How many lines are in the Health Insurance Portability and Accountability Insurance Portability and Accountability Act?Act?

How many titles are there?How many titles are there?

Trivia AnswersTrivia Answers

Words-73,840Words-73,840– Source: Microsoft Word: word countSource: Microsoft Word: word count

Lines-5,704Lines-5,704

FiveFive

OverviewOverview

Signed into law by President Clinton Signed into law by President Clinton on August 21, 1996on August 21, 1996

Public Law 104-191Public Law 104-191

HIPAA addresses numerous health HIPAA addresses numerous health care issuescare issues

Purpose of HIPAAPurpose of HIPAA

To amend the Internal Revenue Code of To amend the Internal Revenue Code of 1986 to improve portability and continuity 1986 to improve portability and continuity of health insurance coverageof health insurance coverage

Reduce health care fraud and abuseReduce health care fraud and abuse

To Protect individuals’ rights to privacy To Protect individuals’ rights to privacy and confidentialityand confidentiality

To ensure the security of electronic To ensure the security of electronic transfer of personal informationtransfer of personal information

Health Insurance Portability and Accountability Act of 1996

Title I Title IV Title VTitle IIITitle II

Insurance Portability

Fraud and AbuseMedical Liability Reform

Group HealthPlan Requirements

Revenue Off-sets

Administrative Simplification

Tax Related Health Provision

Privacy

Security

Electronic Data

Transactions

Identifiers

Code Sets

Title ITitle I

Title I of the HIPAA law deals with health Title I of the HIPAA law deals with health care access, portability, and renewability care access, portability, and renewability with the intention of protecting health with the intention of protecting health insurance coverage for workers and their insurance coverage for workers and their families when they change or lose their families when they change or lose their jobs. jobs.

Title IITitle II

Prevention of healthcare fraud and abusePrevention of healthcare fraud and abuse

Administrative Administrative SimplificationSimplification

Administrative SimplificationAdministrative Simplification

Key components Key components – Electronic Data Interchange (EDI)Electronic Data Interchange (EDI)

Transactions standardsTransactions standardsCode setsCode sets

– Privacy Privacy – Security Security – National Standard IdentifiersNational Standard Identifiers

ProviderProviderEmployerEmployerHealth PlanHealth Plan

Who is affected by HIPAA?Who is affected by HIPAA?

The law applies directly to three groups The law applies directly to three groups referred to as “Covered Entities.” referred to as “Covered Entities.” – Health Care ProvidersHealth Care Providers– Health PlansHealth Plans– Health Care ClearinghousesHealth Care Clearinghouses

HIPAA Privacy Rule HIPAA Privacy Rule

Primary Focus of this presentation!Primary Focus of this presentation!

HIPPA PRIVACY RULEHIPPA PRIVACY RULE– Title 45, CFR Parts 164 & 160Title 45, CFR Parts 164 & 160– Protect individuals’ rights to privacy and Protect individuals’ rights to privacy and

confidentialityconfidentiality

The Privacy RuleThe Privacy Rule

The Standards for Privacy of Individually Identifiable Health The Standards for Privacy of Individually Identifiable Health Information established a set of national standards for Information established a set of national standards for

the protection of certain health information the protection of certain health information

The Privacy Rule standards address the use and disclosure The Privacy Rule standards address the use and disclosure of individuals’ health informationof individuals’ health information

PROTECTED HEALTH INFORMATION (PHI) PROTECTED HEALTH INFORMATION (PHI)

Compliance Date: April 14, 2003Compliance Date: April 14, 2003Enforced by: Office of Civil Rights (OCR)Enforced by: Office of Civil Rights (OCR)

Enforcement of HIPAAEnforcement of HIPAA

The Department of Health and Human The Department of Health and Human Services (DHHS) is responsible for Services (DHHS) is responsible for developing and establishing the Privacy developing and establishing the Privacy Rule standards Rule standards

Office of Civil Rights (OCR) is responsible Office of Civil Rights (OCR) is responsible for implementing and enforcing the Privacy for implementing and enforcing the Privacy RuleRule

Health InformationHealth Information

Health information should be protected Health information should be protected from:from:– People who aren’t involved in the patient’s People who aren’t involved in the patient’s

direct treatmentdirect treatment– Insurance agencies using it to deny life or Insurance agencies using it to deny life or

disability coveragedisability coverage– Employers using it in hiring/firing decisionsEmployers using it in hiring/firing decisions– ReportersReporters– Nosy neighbors or family membersNosy neighbors or family members

PrivacyPrivacyStandards for the Privacy of Standards for the Privacy of

HealthHealth

Applies to health Applies to health information in all information in all forms:forms:– WrittenWritten– SpokenSpoken– ElectronicElectronic

Health information Health information includes:includes:– Medical recordsMedical records– Claims informationClaims information– Payment informationPayment information

What is PHI?What is PHI?

PP---PROTECTED---PROTECTED

HH---HEALTH---HEALTH

II---INFORMATION---INFORMATION

PHI is any health information that could PHI is any health information that could identify an individual patientidentify an individual patient

Individually Identifiable Health Individually Identifiable Health InformationInformation

NameName

AddressAddress

Drivers license #Drivers license #

DatesDates– Birth date Birth date – Admission dateAdmission date– Discharge dateDischarge date– Date of deathDate of death

Telephone numbersTelephone numbers

FAX numberFAX number

E-mail addressE-mail address

Social Security Number Social Security Number

Medical record numberMedical record number

Web URLWeb URL

Finger or voice printsFinger or voice prints

Photographic imagesPhotographic images

Account numberAccount number

Use and Disclosure of PHIUse and Disclosure of PHI

Use-Sharing protected health information Use-Sharing protected health information within the entity that maintains the within the entity that maintains the informationinformation

Disclosure-Release or transfer of PHI by Disclosure-Release or transfer of PHI by an entity to persons or organizations an entity to persons or organizations outside of that entityoutside of that entity– Another facilityAnother facility– Nursing home Nursing home

Permitted Uses and DisclosuresPermitted Uses and Disclosures

A covered entity is permitted to use and A covered entity is permitted to use and disclose protected health information disclose protected health information without an individual’s authorization for the without an individual’s authorization for the following:following:– Treatment, Payment, and Health Care Treatment, Payment, and Health Care

OperationsOperations– Opportunity to Agree or ObjectOpportunity to Agree or Object

Facility directoryFacility directory

– Incidental disclosures are permittedIncidental disclosures are permitted– Public InterestPublic Interest

Disclosures not requiring patient Disclosures not requiring patient AuthorizationAuthorization

Required by Federal or State LawRequired by Federal or State Law– Workers compensationWorkers compensation– Birth reportingBirth reporting– Child abuse Child abuse

Required for public health reasonsRequired for public health reasons– Sexually transmitted diseaseSexually transmitted disease

Required for national security reasonsRequired for national security reasons– Prevent a serious threat of harm to the Prevent a serious threat of harm to the

individual or othersindividual or others

Disclosures with AuthorizationDisclosures with Authorization

Authorization is required for certain Authorization is required for certain disclosures to:disclosures to:– AttorneysAttorneys

Disclosures to a patient’s attorney for purposes of Disclosures to a patient’s attorney for purposes of a malpractice lawsuita malpractice lawsuit

Disclosures to a life insurance company, when the Disclosures to a life insurance company, when the individual is seeking to obtain coverageindividual is seeking to obtain coverage

Why HIPAA?Why HIPAA?

Cost ConcernsCost Concerns

Genetic AdvancementsGenetic Advancements

MarketingMarketing

TechnologyTechnology

Loss of Patient DataLoss of Patient Data

Privacy ConcernsPrivacy Concerns

Breaches of Patient PrivacyBreaches of Patient Privacy

Cost ConcernsCost Concerns

Billions of dollars being spent on administrative Billions of dollars being spent on administrative services related to health careservices related to health care

Congress estimated that approximately $87 billion Congress estimated that approximately $87 billion could be saved annually if administrative services could be saved annually if administrative services could be improvedcould be improved– Requiring more health care transactions to be Requiring more health care transactions to be

conducted electronically, reduced paperworkconducted electronically, reduced paperwork– Standardizing health care transactionsStandardizing health care transactions

Privacy ConcernsPrivacy Concerns

Privacy ConcernsPrivacy Concerns– The case of Arthur Ashe (the late tennis star) The case of Arthur Ashe (the late tennis star)

his positive HIV status was disclosed by a his positive HIV status was disclosed by a healthcare worker and published by a healthcare worker and published by a newspaper without his permissionnewspaper without his permission

– 53 staff members at UCLA Medical Center 53 staff members at UCLA Medical Center were disciplined for accessing the medical were disciplined for accessing the medical information of Britney Spearsinformation of Britney Spears

Privacy BreachPrivacy Breach

Privacy BreachPrivacy Breach– Case of Ann PressleyCase of Ann Pressley

Up to 6 employees fired from St. Vincent Health Up to 6 employees fired from St. Vincent Health CenterCenter

Routine patient-privacy audit showed 8 people Routine patient-privacy audit showed 8 people gained access to her records improperlygained access to her records improperly

All 8 were immediately placed on leave, pending All 8 were immediately placed on leave, pending an investigation.an investigation.

2 of the 8 were found to have valid reasons for 2 of the 8 were found to have valid reasons for viewing the records viewing the records

PRIVACY AND PRIVACY AND CONFIDENTIALITYCONFIDENTIALITY

REMEMBERREMEMBER– Information about a patient is considered Information about a patient is considered

confidential whether it is written, saved on a confidential whether it is written, saved on a computer, or spoken out loud. computer, or spoken out loud.

– As a student or faculty, It’s important that you As a student or faculty, It’s important that you take steps to protect the privacy of patientstake steps to protect the privacy of patients

– Protecting Privacy is EVERYONE’S JOB!Protecting Privacy is EVERYONE’S JOB!

ASK YOURSELFASK YOURSELF

Would I want someone to gossip about my Would I want someone to gossip about my medical or personal information?medical or personal information?How can I protect someone’s privacy?How can I protect someone’s privacy?Am I willing to riskAm I willing to risk– Prison and/or A FinePrison and/or A Fine– Losing my jobLosing my job– Being Dismissed from Nursing SchoolBeing Dismissed from Nursing School

Because I don’t follow the legal, ethical, and Because I don’t follow the legal, ethical, and RIGHT THING TO DO!RIGHT THING TO DO!

Sshhh!!!Sshhh!!!

Private means PrivatePrivate means Private– If your role as a student requires you to If your role as a student requires you to

communicate healthcare information with communicate healthcare information with patientspatients

Assess the environment before you start talkingAssess the environment before you start talking

Are there other people in the area who might hear Are there other people in the area who might hear the information you are sharing?the information you are sharing?

Are those individuals authorized to hear the Are those individuals authorized to hear the information?information?

The “NEED TO KNOW” RuleThe “NEED TO KNOW” Rule

Believe it or not, as a student, you do not Believe it or not, as a student, you do not have the right to look at all the information have the right to look at all the information available on every patient. For example, a available on every patient. For example, a student on 2student on 2ndnd floor does not have the right floor does not have the right to look at the medical record of a friend on to look at the medical record of a friend on 44thth floor. floor.


As a nursing student, you will discuss As a nursing student, you will discuss protected health information only as it protected health information only as it pertains to your education or your patient’s pertains to your education or your patient’s care.care.

Before looking at patient information, ask Before looking at patient information, ask yourself, “Do I need to know this to do my yourself, “Do I need to know this to do my job?” If “yes” you are allowed. If “no” you job?” If “yes” you are allowed. If “no” you are NOT ALLOWED. are NOT ALLOWED.


Remember the rule of thumb-ask yourself, Remember the rule of thumb-ask yourself, ““Do I need to know this to do my jobDo I need to know this to do my job?” ?” You should You should NOT NOT access any information access any information that you that you do not need to knowdo not need to know in order to in order to provide patient care or to complete your provide patient care or to complete your clinical assignment/observation.clinical assignment/observation.

How do we protect patient privacy?How do we protect patient privacy?

Do Do NOTNOT talk about patients in public talk about patients in public placesplaces

CafeteriaCafeteria

ElevatorElevator

Waiting roomsWaiting rooms

Parking lotParking lot


Do Do NotNot leave messages regarding the leave messages regarding the patients condition or test results on patients condition or test results on message machines or with anyone other message machines or with anyone other than the patient. than the patient. Leave only your name and number on Leave only your name and number on message machines when you are asking a message machines when you are asking a patient to call you back. patient to call you back. Avoid paging patients using information Avoid paging patients using information that could reveal their health issues. that could reveal their health issues.


Close curtains & speak softly in semi-Close curtains & speak softly in semi-private rooms when discussing treatment private rooms when discussing treatment & administering procedures. & administering procedures.

Be sure no one can see your computer Be sure no one can see your computer screen while you are workingscreen while you are working

Never share your access codeNever share your access code

Log off of your computer when not workingLog off of your computer when not working


Never leave charts open for others to seeNever leave charts open for others to see

Never leave lab results, medications or Never leave lab results, medications or other sensitive information out in the open other sensitive information out in the open where others can see it. where others can see it.

Do not use the intercom to provide health Do not use the intercom to provide health information to patients or other staff information to patients or other staff members.members.


DO NOT GIVE HEALTH INFORMATIONDO NOT GIVE HEALTH INFORMATION to family members or friends to family members or friends If unsure about whether or not you should If unsure about whether or not you should provide information about a patient, ask provide information about a patient, ask your instructor for assistance. your instructor for assistance. If you over hear employees, students or If you over hear employees, students or observers discussing patients observers discussing patients inappropriately, remind them of inappropriately, remind them of confidentiality. confidentiality.


Shred or properly dispose of all Shred or properly dispose of all documents containing protected health documents containing protected health information that is not part of the official information that is not part of the official medical record. medical record.

Know who you are speaking to on the Know who you are speaking to on the phone, if not surephone, if not sure– Get a name and number to call back after you Get a name and number to call back after you

find out it is ok to do so.find out it is ok to do so.

Clinical AssignmentClinical Assignment

When preparing your clinical assignments:When preparing your clinical assignments:– Identify the patient by initials onlyIdentify the patient by initials only– Use other demographic data only to the Use other demographic data only to the

extent necessary to identify the patient and extent necessary to identify the patient and his or her needs to the instructor. his or her needs to the instructor.

– Protect your notes or other sources of Protect your notes or other sources of information from individual who don’t have a information from individual who don’t have a “need to know”“need to know”

Clinical AssignmentClinical Assignment

Preparing your clinical assignment:Preparing your clinical assignment:– Protect your printer output from others who don’t have Protect your printer output from others who don’t have

a “need to know”a “need to know”– Protect your flash drive/zip/CD/PDA from being lost or Protect your flash drive/zip/CD/PDA from being lost or

stolenstolen– DO NOT put notes/scrape paper with patient’s health DO NOT put notes/scrape paper with patient’s health

information in the trash.information in the trash.– Students are Students are NOTNOT to photoduplicate or fax patient to photoduplicate or fax patient

documents in the process of working with your documents in the process of working with your patient’s PHI. patient’s PHI.

– Shred all patient health information-Do not take home Shred all patient health information-Do not take home patient report sheetspatient report sheets

CONSEQUENCES OF HIPAA CONSEQUENCES OF HIPAA VIOLATIONSVIOLATIONS

Legal Consequences:Legal Consequences:– Civil or Criminal penaltiesCivil or Criminal penalties

Fines plus imprisonmentFines plus imprisonment

Professional ConsequencesProfessional Consequences– Disciplinary action by the State Board of Nursing Disciplinary action by the State Board of Nursing

Academic Consequences:Academic Consequences:– ReprimandsReprimands– Loss of points toward grade or failure of courseLoss of points toward grade or failure of course– Dismissal from School of NursingDismissal from School of Nursing

Civil PenaltiesCivil Penalties

Civil penaltiesCivil penalties– $100 per person per violation-up to $25,000/year $100 per person per violation-up to $25,000/year – person should have known betterperson should have known better– US Dept. of Health and Human Service for Civil Rights US Dept. of Health and Human Service for Civil Rights

enforces civil penaltiesenforces civil penalties

PROTECT PATIENT INFORMATIONPROTECT PATIENT INFORMATION

Criminal PenaltiesCriminal Penalties

Criminal penaltiesCriminal penalties– Up to $50,000 and 1 year prison; Knowingly Up to $50,000 and 1 year prison; Knowingly

releasing patient informationreleasing patient information– Up to $100,000 and 5 years prison; gaining Up to $100,000 and 5 years prison; gaining

access to health information under false access to health information under false pretensespretenses

– Up to $250,000 and 10 years prison; releasing Up to $250,000 and 10 years prison; releasing patient information with harmful intent or selling patient information with harmful intent or selling patient information. patient information.

– US Department of Justice enforces criminal US Department of Justice enforces criminal penaltiespenalties

HIPAA VIOLATIONHIPAA VIOLATION

REMEMBERREMEMBER

HIPAA VIOLATIONS CAN HAVE HIPAA VIOLATIONS CAN HAVE SERIOUS CONSEQUENCES!SERIOUS CONSEQUENCES!

STOPSTOP

Think about how you would feel if your Think about how you would feel if your own health information were used or own health information were used or disclosed in a way that was harmful to disclosed in a way that was harmful to you or your family. you or your family.

CONCLUSIONCONCLUSION

As students and faculty we must As students and faculty we must remember to protect the privacy of remember to protect the privacy of patients patients If you have a question about the proper If you have a question about the proper way to handle a patient’s privacy, ask your way to handle a patient’s privacy, ask your instructor, supervisor or manager in your instructor, supervisor or manager in your clinical area, or contact the Privacy clinical area, or contact the Privacy Compliance Officer of the institution you Compliance Officer of the institution you are working in. are working in.

SOUTH ARKANSAS COMMUNITY COLLEGEBETTY OWEN SCHOOL OF NURSING

CONFIDENTIALITY AGREEMENTPatient confidentiality at the health care facilities used by SACC Betty Owen School of Nursing is of primary importance. In addition to each agency policy, HIPAA requires health information to be kept confidential. In order to protect individual rights to confidentiality and to comply with federal and state laws, students must agree to hold all information or records pertaining to patients, employees, and other company information gained through their clinical assignments at any agency used by the Betty Owen School of Nursing in strictest confidence. Confidentiality includes but is not limited to:•Discussing patients or their health conditions with persons who do not have a need to know•Accessing confidential information (which includes, but limited to photographic images, medical and demographic information) that is not within the scope of your assignment•Misusing, disclosing with proper authorization, or altering confidential information•Removing any documents with individually identifiable patient data from any agencyI understand the terms of this Student Confidentiality Agreement, and I agree to abide by the above confidentiality requirements. I understand that any breach of any confidential information during or after my clinical experience(s) will result in immediate dismissal from the school of nursing as described in the Practical Nursing Handbook.__________________________________ __________________________________Printed Student Name Printed School Official Name___________________________________ ____________________________________Student Signature School Official Signature___________________________________ ______________________________________Date Date

INSTRUCTIONSINSTRUCTIONS

You have three weeks to complete this You have three weeks to complete this assignment. assignment.

Once you have reviewed the PowerPoint Once you have reviewed the PowerPoint presentation, print the confidentiality agreement presentation, print the confidentiality agreement located on blackboard.located on blackboard.

You will also need to take the online test which You will also need to take the online test which is available on blackboard. is available on blackboard.

When you have completed the test you can then When you have completed the test you can then print out a certificate. Print one for yourself and print out a certificate. Print one for yourself and one for your instructor. one for your instructor.

sylvia hipaa powerpoint presentation 2010(2)

Health & Medicine