Commonly asked ?
Download
Report
Transcript Commonly asked ?
H I PAA
Sandy L. Hunter
M.A. Ed, NREMT-P
What?
HIPAA stands for the “Health
Insurance Portability and
Accountability Act”
HIPAA is a Federal law passed
in 1996
Covered?
The EMC Program is NOT a
“covered entity”….. but
Covered?
Our students WILL function
within “covered entities”. So…
Covered?
We need to
cover this
information.
HIPAA
Specifies what is required to
protect the security and privacy
of personally identifiable
health care information (PHI)
Applies to most health care
providers, including ambulance
services
HIPAA’s Major
Provisions
Electronic Transactions and
Code Sets (TCS)
Security
Privacy
Transaction Rule
Requires providers to submit
electronic claims in standard
formats approved by HHS
Examples: ICD-9 Codes
HCPCS Codes
Other designated code sets
Transaction Rule
Requires payors to accept
transactions in the standard
formats
Security Rule
Will require covered entities to
protect against unauthorized
access and interception of PHI
Expected to require use of
encryption technology and other
safeguards
Security Rule
There must be “appropriate
administrative, technical, and
physical safeguards to protect
the privacy of protected
health information”.
Security Rule
Examples:
Locking up run forms
Role based access
Computer passwords
Security Rule
Examples:
Adding security statements to
e-mails and faxes
Securing computers and fax
machines
The Privacy Rule
Why is this an issue?
Privacy?
Emergency Transportation
Privacy?
ACLS….
Privacy?
Intubation
Privacy?
W.M.D.
The Privacy Rule
The Requirements
Notifying patients about their
privacy rights
Adopting and implementing privacy
procedures
Training employees in privacy
practices
The Requirements
Designating a Privacy Officer
Securing patient records and
limiting access to them
What to Protect
Any information that can
identify a patient that relates
to their physical or mental
health
What to Protect
Protected Patient Health
Information (PHI)
What to Protect
Includes written, verbal,
electronic, photographic, etc.
Sources or PHI
Run sheets
Dispatch logs
Billing forms
Incident reports
Sources or PHI
Personal notes
Videotapes
Internet pictures
Conversations
Sources or PHI
Hospital records
Transfer paperwork
Ambulance certification
letters
Any others???????
There are the three times you
can divulge PHI without the
patient’s authorization.
Treatment
Payment
Health Care Operations
(like QA)
Scenarios….
OK……… You are the
supervisor today.
You are on a call when a
first-responder asks you for
information to complete their
run sheet. Can you give them
PHI?
Yes?
or
No?
Yes……. You absolutely can
give them this information. It
is permissible because they
aided in the TREATMENT.
You are at the scene of a car
crash when a police officer
stops directing traffic to ask
if the patient is “drunk”. Can
you give the information?
Yes?
or
No?
Well actually there are two
problems here. One is that
the patient’s medical
condition is confidential.
What is the other?
The other is that you can’t
call the patient “drunk”
without a legal test.
You are on a call where you
suspect a child has been
abused. Can you report that
to anyone?
Yes?
or
No?
Yes…….
KRS 620.030 - 620.050 requires
you to report it.
You have completed your
patient care report (that has
NO patient identifiers on it).
Do you have to physically
secure that form?
Yes?
or
No?
Yes……. That is the policy
of the program and it just
makes good sense!
You are at a hospital to pick
up a patient for transfer. The
staff says they cannot give
you ANY information on the
pt. because of HIPAA.
They are:
Right?
or
Wrong?
The staff may think this is
true but actually they can and
SHOULD give any pertinent
information to you.
This includes face sheets and
medical information that may
be pertinent (like allergies
and medications).
You transported a cardiac
patient to the ER. Your
partner tells you to get the
patient to “sign” the privacy
notice …. It is required.
Your partner is:
Right?
or
Wrong?
If this had been a nonemergency patient it would
have been. It is not required
for emergency patients.
However…………
You should leave the
information with the patient’s
chart or family.
While transporting a patient
to the ER, you decide to call
in a report. Your partner says
“Don’t give out any patient
information!”
Are you allowed to give out
PHI over the radio or
telephone?
Yes?
or
No?
Yes……… You certainly
may BUT you should use the
most secure method possible.
And only give what’s
needed.
You are invited to participate
in a CISD session. When you
arrive none of the
participants are willing to
talk about the call.
They are all afraid that
HIPAA prevents them from
talking. ---- Can they talk
about it?
Yes?
or
No?
Actually, they can talk but
they should follow the
“minimum necessary rule”.
You respond to a disaster
scene. The local Red Cross
representative wants to
access PHI to identify
victims. Can you divulge it?
Yes?
or
No?
Yes, you are expressly
allowed in this event to do
so.
You are a student who has just
finished a call. An ER nurse
asks you to give him a “verbal
report” of the call. Can you
give the report?
Yes?
or
No?
Yes, if the nurse is involved
in the patient’s care………
BUT you should do it in a
way that bystanders do not
hear the information
needlessly.
You are a student who has just
finished a call. An ER ward
clerk asks for patient
information so they can
complete the “billing form”.
Can you give the information?
Yes?
or
No?
Yes, you may give it to help
the hospital complete its
billing……… BUT you
should do it in a way that
bystanders do not hear the
information needlessly.
You are meeting with your
preceptor back at the station.
She wants to go over the call
with you to see if you have
any questions. Is this
permitted?
Yes?
or
No?
Yes, you may. You two were
involved in the call and this
is for QA, educational
purposes. Remember the
minimum necessary rule.
You are on a personal trip when
you come across a medical
emergency. After stopping to
help, you ask EMS for a copy
of the run report for your
records. Is this OK?
Yes?
or
No?
They can give the
information that is necessary.
However, this is tricky. EMS
should get your information
in case there is a blood borne
pathogen issue.
They should not just give
you a copy of the run report
as a private citizen.
You decide to ride with a
service as a visiting third-rider.
During your shift the crew
responds to a “great car crash”.
Can you take pictures of the car
(not the patient)?
Yes?
or
No?
Not if it could identify the
patient.
You are at work when a
process server delivers a
subpoena for you to testify in
civil case. Can you divulge
privileged information in the
case?
Yes?
or
No?
Yes. A court may compel you
to testify.
What ifs?
What if?
If you are asked to allow a
patient to see their own
PHI…. What should you do?
What if?
You should direct them to the
Privacy Officer of the
agency.
What if?
Do not give out PHI without
authorization!
What if?
If you are using a computer
that contains PHI, how
should you protect that
information?
What if?
Virus protection
Passwords
Hide the screen
What if?
Sanctions can include
Warnings
Suspensions
Termination of relationship
Failing grades
The “Golden Rule” of HIPAA:
What You See Here
What You Hear Here
When You Leave Here
Let It Stay Here!
2003, Page, Wolfberg & Wirth, LLC.
Any Questions?
Thank you!
[email protected]