HIPAA 101 - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

HIPAA 101

Description:

The primary purpose of the HIPAA legislation is to improve the efficiency and ... Biometric identifiers, including fingerprints and voice prints; ... – PowerPoint PPT presentation

Number of Views:2609
Avg rating:3.0/5.0
Slides: 38
Provided by: amyrpe
Category:

less

Transcript and Presenter's Notes

Title: HIPAA 101


1
HIPAA 101
  • Health Insurance Portability and Accountability
    Act (HIPAA)

2
HIPAA Purpose
  • The primary purpose of the HIPAA legislation is
    to improve the efficiency and effectiveness of
    the countrys health care system by
  • Creating standards to protect individuals medical
    records and other protected health information.
  • Ensuring the security of client and patients
    health care information.

3
Course Overview
  • Overview of the Federal HIPAA legislation
  • The HIPAA Privacy Rule
  • Protecting Client Information
  • Client Rights
  • DCF HIPAA Operating Procedures and Policies

4
Terms
  • Course language mirrors federal law.
  • Terminology interpretations mirror federal
    interpretations.
  • Ask for an explanation of all new terms.

5
HIPAA rules apply to the entire agency and to all
employees.
6
DCF is a covered entity
  • A covered entity is a
  • Health Plan
  • Health Care Clearinghouse
  • Health Care Provider
  • DCF is considered a covered entity because many
    activities within the agency meet the definition
    of one or more of these.

7
What does the HIPAA Privacy Rule Require?
8
The HIPAA Privacy Rule
  • establishes appropriate safeguards to protect the
    privacy of health care information
  • sets boundaries on the use and release of health
    information
  • holds violators accountable if patient rights are
    violated (civil and criminal penalties)

9
HIPAA rules and Florida law
State Laws are the ceilingwhat we do already
HIPAA is the floorminimum standards
10
DCF Responsibilities
  • Notify clients about their privacy rights
  • Adopt and implement privacy procedures across the
    agency
  • Train employees on privacy procedures
  • Ensure business associates protect our client's
    information
  • Designate an agency Privacy Officer

11
What is a Business Associate?
  • Individuals or companies hired to do work for a
    covered entity that requires the use or
    disclosure of protected information.

12
What is Protected Health Information?
13
Protected Health Information (PHI)
  • Individually identifiable information
  • Transmitted or maintained in any electronic,
    written, or spoken format.
  • For example, e-mail, fax, on-line databases,
    voice mail, video/audio recordings, or
    conversations.

14
Individually Identifiable Information
  • Identifying data is any data that could
    reasonably be used to identify the person.
  • Identifiers include data that can identify the
    individual, as well as his or her family members,
    household members, or employer.

15
The following are examples of identifiers
  • Names
  • All geographic subdivisions smaller than a state,
    including street address, city, county, precinct,
    zip code, and their equivalent geocodes
  • All elements of dates (except year) directly
    related to an individual, including birth date,
    admission date, discharge date, and date of death
    (the birth year of individuals age 90 and over is
    also an identifier).
  • Telephone numbers
  • Fax numbers
  • Electronic mail addresses
  • Social security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers, including
    license plate numbers
  • Device identifiers and serial numbers
  • Web Universal Resource Locators (URLs)
  • Internet Protocol (IP) address numbers
  • Biometric identifiers, including fingerprints and
    voice prints
  • Full face photographic images and any comparable
    images and
  • Any other unique identifying number,
    characteristic or code.

16
PHI Use and Disclosure
  • The Privacy Rule prohibits use or disclosure of
    protected health information unless
  • It is used to provide treatment, payment, or
    health care operations, or
  • Its use is authorized by the client, or
  • Not sharing the information would prevent timely
    health care or be a risk to public safety.

17
Incidental Uses and Disclosures
  • Occurs as a result of another use or disclosure
    permitted by rule.
  • Allowable as long as reasonable safeguards are
    taken and minimum necessary standards are in
    place.

18
Reasonable Safeguards
  • Actions the Department must take to ensure that
    the primary consideration when discussing
    protected health information of our clients or
    patients is for the appropriate treatment of the
    client or patient.

19
Reasonable Safeguard Examples
  • Speaking quietly when discussing a
    client/patients condition with family members in
    waiting rooms or other public areas
  • Avoiding using client/patient names in elevators
    and hallways
  • Posting signs reminding staff to protect privacy
  • Securing documents in locked offices and cabinets
  • Using passwords and other security measures on
    computers.

20
Minimum Necessary Standard
  • The minimum necessary means that the department
    will develop policies and procedures that limit
    the sharing of protected health information to
    the minimum necessary to do the job.
  • These policies must
  • Limit who has access to PHI
  • Specify the conditions PHI can be accessed

21
  • Client Rights

22
Clients have the right to
  • Written notice of the Departments privacy
    practices
  • Require their authorization for the release of
    information
  • Request restrictions on the use of their PHI
  • Inspect and copy their PHI as documented by the
    Department
  • Request that improper uses are corrected
  • Obtain a report of disclosures of their PHI
  • File a grievance or complaint

23
DCF HIPAA Policies
24
CFOP 60-17 Chapters 1 and 2
  • Establishes a uniform process for implementing
    and disseminating the privacy standards required
    by HIPAA regulations, within DCF.
  • Notice of Privacy Policy
  • Management and protection of Individually
    Identifiable Information policy
  • Complaint/Grievance procedures

25
Notice of Privacy policy
  • All employees and volunteers must read, sign, and
    follow the policy.
  • DCF must maintain a posted copy of the Notice of
    Privacy Policy in areas accessible to employees
    and volunteers.
  • Violation of this policy will result in
    disciplinary action and may result in criminal
    and civil penalties.

26
Management and Protection of Individually
Identifiable Information
  • Written for our clients, patients, parents or
    guardians of clients or patients, caregivers,
    foster care parents, and adoptive parents to
    explain
  • The Departments HIPAA related duties
  • Reasons the Department will use/share protected
    information
  • Client rights
  • How to file a complaint or grievance

27
Management and Protection of Individually
Identifiable Information
  • Shall be visibly posted at each facility,
    program, and service center and in waiting rooms
    and client interviewing rooms at facilities
    serving clients.
  • All new clients and patients will be provided
    with a copy of the policy at time of initial
    contact with the Department.

28
Complaint /Grievance Procedure
Patient/Client believes rights under HIPAA may
have been violated
Patient/Client files a written or oral complaint
with local Privacy Officer (EEO Coordinator)
Local Privacy Officer coordinates investigation
with Central Office HIPAA Privacy Officer
If issue not resolved to patient/client
satisfactions, he or she can file a complaint or
grievance with the Federal Office of Civil Rights.
29
The Departments Privacy Officer
  • Assistant Director, Office of Civil Rights
  • 850-487-1901orSuncom 277-1901

30
HIPAA Information Resources
  • HIPAA Operating Procedures are available
    electronically on the DCF web site
    http//eww.dcf.state.fl.us
  • Additional HIPAA resources are available on the
    following web-sites
  • My Florida.com http//www.myflorid
    a.com/hipaa/
  • US Dept. Of Health and Human
    Services http//www.hhs.gov/ocr/
    hipaa/

31
HIPAA 101REVIEW
  • Implementing the Privacy Rule

32
DCF must
  • Safeguard the privacy of client/patient PHI,
    which includes past, present, or future
  • Health conditions
  • Provision of health care
  • Payment for health care
  • Provide notice of the Departments privacy
    practices
  • Explain how, when, and why we may disclose or use
    client/patient PHI

33
Allowable uses of PHI
  • General Rule Use and Disclosure not related to
    treatment, payment or operations must be
    authorized by the client.
  • For treatment
  • To obtain payment
  • For department Operations

34
Exceptions to the Rule
  • The Department can use or disclose client PHI
    without written authorization for the following
    reasons
  • The law requires disclosure
  • For public health activities
  • For health oversight activities
  • Relating to decedents
  • For research purposes
  • To avert threats to health or safety

35
Client Rights
  • Request restrictions on uses or disclosures
  • Chose how DCF contacts the client
  • Inspect and copy his or her PHI records
  • Request an amendment of PHI records
  • Request a written audit of PHI disclosures
  • Receive a copy of the Notice of Privacy policy
    and the Management and Identification of
    Individually Identifiable Information policy

36
Complaint/Grievance Procedure
  • CFOP 60-17, Chapter 2 Protected Health
    Information Complaint/Grievance Procedure
  • Policy
  • Complaint investigation process
  • Decision and disposition
  • No retaliation protections
  • Complaints or grievances can be filed with the
    DCF Office of Civil Rights or with the Federal
    HHS Office of Civil Rights

37
The End
Write a Comment
User Comments (0)
About PowerShow.com