Transcript File
HIPAA
THE PRIVACY RULE
Reviewed 10/2014
HISTORY
• In 2000, many
patients that were
newly diagnosed with
depression received
free samples of antidepressant
medications in their
mail.
2
HISTORY
• Many of these
patients were
concerned on how the
pharmaceutical
companies were
notified of their
disease.
3
HISTORY
• After much investigation,
the Physician, the
Pharmaceutical company
and a well known
Pharmacy chain were all
indicted on breach of
confidentiality charges.
4
HISTORY
• This is just one
example of why
the Federal
government
needed to step in
and assist in
protecting patient
privacy.
5
Definitions
• Privacy – state of being concealed; secret
• Confidentiality – containing secret
information (medical record)
• Authorization – to give permission for; to
grant power to
• Breach Confidentiality – to break an
agreement, to violate a promise
6
HIPAA
• Health Insurance Portability
and Accountability Act
– Much of the patient’s health information is
documented in a computerized format.
Protecting this information has become
vitally important.
– The first federal legislation (effective April
14, 2003) that attempts to protect a patient’s
right to privacy, and the security and access
of personal medical information and usage.
7
•
HIPAA Health Insurance
Portability and Accountability
Act
Privacy Rule
– Imposes restrictions on the use/disclosure of
personal health information
– Gives patients greater protection of their
medical records
– Hopefully provides patients with greater peace
of mind related to the security of their
information
8
Confidentiality
• Deals with:
– Communication or in-
formation given to you
without fear of disclosure
– Legitimate Need to Know &
Informed Consent
• Potential breeches
of confidentiality can occur
9
Protected Health Information
• What is Protected
Health Information
(PHI)?
– When a patient gives
personal health
information to a healthcare
provider, that becomes
Protected Health
Information (PHI)
10
Protected Health Information
PHI Includes:
Verbal information
Information on
paper
Recorded
information
Electronic
information
(faxes, e-mails)
11
Protected Health Information
• Examples of patients
information
–
–
–
–
Patients name or address
Social Security or other ID numbers
Doctor’s/ Nurse’s personal notes
Billing information
12
Rules for the Use & Disclosure
of PHI
• PHI can be used or disclosed for
– Treatment, payment, and
healthcare operations
– With authorization/agreement
from patient
– For disclosure to patient
– THIS HELPS with REFERRALS
AND BILLING TOO
13
Rules for the Use & Disclosure
of PHI
• You’re required to release PHI
– When requested/authorized by
the patient (some exceptions
apply)
– When required by the
Department Health and Human
Services
• Patients can request a list of
persons who viewed their PHI,
but they too must sign a
consent
14
Authorization Guidelines
• Patient authorization for release of PHI
must be obtained in the following
situations:
– Use/disclosure of psychotherapy notes
– For research purposes
– For use/disclosure to third parties for making
activities
15
Authorization Guidelines
• PHI can be
used/disclosed without
authorization for the
following reasons:
BIRTHS
DEATHS
POLICE INVESTIGATIONS
SEXUALLY TRANSMITTED
DISEASE
COMMUNICABLE DISEASE
16
Authorization Guidelines
• PHI can be used/disclosed without
authorization:
– To report victims of abuse, neglect or domestic
violence
– To funeral homes, tissue/organ banks
– To avert a serious threat to health/safety
17
•
*With a MINOR it protects
their privacy after a certain
age and in certain
circumstances.
Usually a minor
must be accompanied by an
adult guardian, and that guardian can
control treatment and get all
info…UNLESS:
• PREGNANCY, over the age of 14
• HIV testing
• Suspected cases of abuse
18
Notice of Privacy Practices
Patients have the right to adequate notice
concerning the use/disclosure of their PHI
The Notice of Privacy
Practices must contain the
patient’s rights and the
covered entities’ legal duties
Patients are required to sign a
statement that they were
informed of and understand
the privacy practices
19
Minimum Necessary
• Over the phone it is not recommended to
give out info.
• If the caller knows the patient’s full name
this is the ONLY info you can disclose:
• Name, Room #, Stable or Critical,
Religion
• ***Remember, a patient can STILL request you
do not even give this information out.
20
Minimum Necessary or
“Need to know basis”
Identify employees who
regularly access PHI.
Identify the types of PHI
needed and the
conditions for access.
Grant only that access
necessary to perform the
job.
21
Protections for Health
Information
• Important Safeguards
– Physical Safeguards
• Computer terminals are not placed in public areas
– Technical Safeguards
• Every associate must keep his/her password
confidential
– Administrative Safeguards
• Policy and procedure for release of patient
information
22
The Joint Commission
Standards
• Patients Rights
– The hospital demonstrates respect for the
following patient needs:
• Confidentiality
• Privacy
• Security
• Resolution of complaints
• Records and information are
protected against LOSS, destruction,
tampering and UNAUTHORIZED
ACCESS or use
23
The Joint Commission
Standards
• Patients Rights
– Patients have a right to
confidentiality of all information
that is provided to the healthcare
professional and institution
– Health care professionals ensure
that patient information is secured
at all times and if there are any
complaints, those complaints will
be resolved in a timely manner.
24
Faxing Guidelines
Located in non-public areas.
Centralized fax machines: Pick up
information immediately
DO NOT FAX the
following records/results:
HIV results
Mental Health
Narcotic prescriptions
Alcohol abuse
Substance abuse
Child abuse
25
Faxing Guidelines
When you fax to outside
offices:
Check the transmission
print out
Verify that the correct
number was dialed
26
Privacy
• No photographs or recordings of any type
are to be taken of patients in the clinical
setting.
• No cameras, palm pilots, cell phones or any
electronic devices with photography
capabilities are permitted in the clinical
environment.
• When you speak to a family member or
patient in the room OR ON THE PHONE,
use a low voice, give only previously
indicated info and put call on hold when you
walk away.
Protect Your Patient!
27
Computers or Charts
• Never share your
password
• Always log off
• Close down screen or
shut chart as you walk
away.
• Shield your computer
or chart from others
view
28
Enforcement of the Medical
Privacy Regulations
Office for Civil Rights
-A patient may complain to
the Privacy Officer in a
hospital …
OR
-The Director of Health and
Human Services (HHS)
29
Patient Privacy Rights
• It’s your job to make sure patients know
they have the right to:
– To see and copy their PHI
– Protect patient’s privacy and
confidentiality
– Contact your hospital’s privacy
administrator for any privacy concerns
30
HITECH
Health Information Technology for Economic and Clinical
Health Act
HITECH , It’s a Federal Law, part of the American
Reinvestment and Recovery Act (ARRA)
Effective September 23, 2009
Updated the HIPAA rule to
include protections against identity theft
HITECH (continued)
Purpose:
Criminal Penalties
Applies to covered health care
entities and business associates.
Makes massive changes to
privacy and security laws
•Criminal provisions
Creates a nationwide electronic
health record
•Sharing of civil monetary penalties
with harmed individuals
Increases penalties for privacy
and security violations
Breach Notification
requirements (Patient,
Department of Health and
Human Services, and Media)
•Penalties
Review
• HIPAA Health Insurance Portability and Accountability Act
• HIPAA protects Health Care workers must protect patient’s confidentiality
• HIPAA helps with referrals and billing
•
•
•
•
•
•
•
•
•
Only share information on a NEED TO KNOW basis
Information can be given over the phone but it it is limited to NAME,
LOCATION, GENERAL HEALTH CONDITION, RELIGION
You should never share passwords
You should shield your screen from others
When you walk away from the computer you must close it down
Any information that needs to be destroyed MUST be SHREDDED
You may speak to a relative on the phone if you give general health condition,
speak in a low voice and place the call on hold if you need to walk away
HIPAA is excluded in cases of BIRTH, DEATH, POLICE INVESTIGATIONS,
SEXUALLY TRANSMITTED DISEASES, COMMUNICABLE DISEASES
HIPAA is excluded when it involves minors and parents UNLESS a pregnancy
over the age of 14 , HIV testing, Suspected cases of abuse.
33