HIPAA - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

HIPAA

Description:

With Unauthorized / Unlawful Release of Personal Health Information? ... After news of actress Nicole Kidman's surgery was leaked to the press, photos of ... – PowerPoint PPT presentation

Number of Views:1130
Avg rating:3.0/5.0
Slides: 19
Provided by: jerryc2
Category:
Tags: hipaa | kidman | nicole

less

Transcript and Presenter's Notes

Title: HIPAA


1
HIPAA
  • ...and Patient Confidentiality

Health Information Portability and
Accountability Act
2
Is There a Problem With Unauthorized / Unlawful
Release of Personal Health Information?
  • Here are just a few of the incidents leading up
    to the establishment of HIPAA
  • After news of actress Nicole Kidmans surgery was
    leaked to the press, photos of her leaving the
    UCLA Medical Center appeared in papers with
    commentary about her health status. (Parade
    Magazine, May 10, 1998)
  • In a 1996 survey, 206 respondents reported
    discrimination as a result of access to genetic
    information, culminating in loss of employment
    and insurance coverage, or ineligibility for
    benefits. (Science and Engineering Ethics, 1996)
  • In Tampa, Florida, a public health worker walked
    away with a computer disk containing the names of
    4,000 people who tested positive for HIV. The
    disks were sent to two newspapers. (USA Today,
    October 10, 1996)

3
Problem?....
  • A survey found that 35 of Fortune 500 Companies
    look at peoples medical records before making
    hiring and promotion decisions. (Unpublished
    study, University of Illinois at
    Urbana-Champaign, 1996)
  • The Harvard Community Health Plan, a Boston-based
    HMO, admitted to maintaining detailed notes of
    psychotherapy sessions in computer records that
    were accessible by all clinical employees.
    Following a series of press reports describing
    the system, the HMO revamped its computer
    security practices.
  • A banker who also served on his countys health
    board cross referenced customer accounts with
    patient information. He called due the mortgages
    of anyone suffering from cancer. (The National
    Law Journal, May 30, 1994)

4
Problem?...
  • New York Congresswoman Nydia Velasquez
    confidential medical records including details
    of a bout with depression and a suicide attempt
    were faxed from a New York hospital to a local
    newspaper and television station on the eve of
    her 1992 primary. After overcoming the fallout
    from this disclosure and winning the election,
    Rep. Velasquez testified about her experiences
    before the Senate Judiciary Committee as it was
    considering a health privacy proposal.
  • In Maryland, eight Medicaid clerks were
    prosecuted for selling computerized record
    printouts of recipients and dependents
    financial resources to sales representatives of
    managed care companies.

5
Problem?...
  • The 13-year-old daughter of a hospital employee
    took a list of patients names and phone numbers
    from the hospital when visiting her mother at
    work. As a joke, she contacted patients and told
    them that they were diagnosed with HIV. (The
    Washington Post, March 1, 1995)
  • The director of a work site health clinic
    operated by a large manufacturing company
    testified that he was frequently pressured to
    provide personal information about his patients
    to his supervisors.
  • The late tennis star Arthur Ashes positive HIV
    status was disclosed by a health care worker and
    published by a newspaper without his permission.

6
Background
  • HIPAA is an acronym for Health Insurance
    Portability and Accountability Act of 1996
  • Also known as Public Law 104-91
  • Title II of this Act provided for
  • Improved efficiency in healthcare delivery by
    standardizing electronic data interchange
  • Protection of confidentiality and security of
    health data through setting and enforcing
    standards
  • (Phoenix Health Systems, 2006)

7
  • HIPAA Called upon the Department of Health
    Human Services (HHS) to publish rules to insure
  • Standardization of electronic patient health,
    administrative, and financial data
  • Unique health identifiers for individuals,
    employers, health plans, and health care
    providers
  • Security standards protecting the confidentiality
    and integrity of individually identifiable
    health informationpast, present, and future

8
  • HIPAA calls for severe civil and criminal
    penalties for noncompliance
  • Fines up to 25,000 for multiple violations
    within the same calendar year
  • Fines up to 250,000 and / or imprisonment of up
    to 10 years for knowingly misusing individually
    identifiable health information

9
  • Compliance requirements include
  • Building initial organizational awareness of
    HIPAA
  • Comprehensive assessment of the organizations
    privacy practices, information security systems
    and procedures, and use of electronic
    transactions
  • Developing an action plan for compliance with
    each rule
  • Developing a technical and management
    infrastructure to implement the plans
  • Implementing a comprehensive implementation plan.

10
  • Implementation of the comprehensive action plan
    includes
  • Developing new policies, processes, and
    procedures to insure privacy, security, and
    patients rights
  • Building business associate agreements with
    business partners to support HIPAA objectives
  • Developing a secure technical and physical
    information infrastructure
  • Updating information systems to safeguard
    protected health information (PHI) and enable use
    of standard claims and related transactions
  • Training of all workforce members
  • Developing and maintaining an internal privacy
    and security management and enforcement
    infrastructure, including providing a Privacy
    Officer and Security Officer

11
HIPAAThe Privacy Rule
  • Imposes restrictions on the use or disclosure of
    personal health information
  • Provides the individual with greater assurance
    that their security information is guarded from
    intrusion
  • Provides greater protection for the individual's
    health information and health record

12
Protected Health Information(PHI)
  • What is PHI?
  • Any time the individual gives personal health
    information to a provider, it becomes Protected
    Health Information, including
  • Verbal information
  • Written Information
  • Recorded Information
  • Electronic Information, e.g., faxes, e-mail
  • Patients name, address, SSN, Doctors or Nurses
    Notes, Billing Information

13
Authorization Guidelines
  • Patient authorization for release of PHI must be
    obtained
  • Use or disclosure of psychotherapy notes
  • For use or disclosure to third parties
  • For research purposes

14
Authorization Guidelines
  • PHI can be released without patient authorization
    for the following reasons
  • Public health activities related to disease
    control or prevention
  • To inform appropriate agencies, as directed by
    law or regulation
  • To report victims of abuse, neglect, or domestic
    violence
  • To funeral homes
  • To tissue / organ banks or programs
  • To avert any serious threat to public safety or
    health

15
Informed Consent
  • Patients have the right to adequate and timely
    notice when PHI has been disclosed

16
Protective Mechanisms for Health Information
  • Physical Safeguards e.g., Computer terminals and
    screens not within or visible to public areas
  • Technical Safeguards e.g., every employee must
    safeguard their computer access code
  • Administrative Safeguards e.g., Set policy
    procedure for releasing patient information

17
Enforcement
  • Each organization is required by regulation to
    have a Safety and / or Privacy Officerpatient
    may forward complaint to that individual
  • Or
  • The Director, U.S. Department of Health and Human
    Services

18
Bibliography
  • Phoenix Health Systems (2006). HIPAA primer.
    Retrieved November2, 2006 from http//www.hipaadvi
    sory.com/REGS?HIPAAprimer.htm
  • Privacy Rights Clearinghouse (2006). How private
    is my medical information? Retrieved November 4,
    2006 from http//www.privacyrights.org/fs/fs8-med.
    htm
Write a Comment
User Comments (0)
About PowerShow.com