HIPPA FOR HEALTHCARE PROFESSIONALS

1
HIPPA FOR HEALTHCARE PROFESSIONALS
2
WHAT IS HIPAA?

• INCORRECT ANSWER-HIPPOPOTAMUS?

• CORRECT ANSWER-
• HEALTH INSURANCE PORTABILITY AND
  ACCCOUNTABILITY ACT OF 1996

3
WHY HIPAA??

• To improve access to health insurance
• To protect the privacy of healthcare information
• To promote standardization of electronic
  healthcare related records

4
How does HIPAA improve healthcare??

• By standardizing how insurance claims are
  processed
• By making sure health information is transmitted
  securely
• By protecting the privacy of patients

5
HIPAA Privacy Rule

• Healthcare organizations were required to be in
  compliance by April 2003.
• This rule limits how personal health information
  can be used.
• It requires security of health records in paper,
  electronic or other form.
• It lets patients know what their rights are.

6
HIPAA Privacy Rule

• It allows patients to receive a copy of their
  health records.
• It allows patients to ask for changes in their
  health records.
• It allows patients to find out and limit how
  their personal health information may be used.

7
WHAT IS PHI??

• Health information is any information that
  applies to a health condition now, in the past or
  in the future.
• PHI is
• health information that includes data that
  would let someone identify a patient.
• An example is a lab report, because it
  contains a patients name or patient ID number,
  and information about his/her health.

8
In order for Healthcare Organizations to enforce
the HIPAA Privacy Rule

• They must
• Ensure patients are told about their rights and
  how their health information can be used
• -by receiving a written notice of privacy
• -this must be mailed or handed to each patient
  treated
• -proof (such as a signature from the
  patient) must be received
• -Copies of this Privacy Notice may be posted
  around the organization
• -Set up and follow privacy policies
• Train employees to follow the privacy policies
• Have a privacy official who is responsible for
  making sure privacy rules are followed
• Make sure certain patient information remains
  private

9
In order for Healthcare Personnel to abide by the
Privacy Rule

• They may be required to
• Follow certain rules to protect patient
  information
• Tell patients about their rights
• Make sure it is alright to use or share certain
  patient information

10
General Guidelines for disclosing and using PHI

• If it is required by law, such as a court order
• To public health officials, in order to prevent
  or control disease
• In the case of abuse or domestic violence
• To help law enforcement officials find a suspect,
  material witness or missing person
• To notify law enforcement officials of a
  suspicious death
• To funeral directors or coronors

11
General Guidelines for disclosing and using PHI
(cont)

• For the purpose of organ donation
• In the case of some government actions, such as
  military missions or security actions
• To provide information to meet workers
  compensations laws.
• To help in disaster relief efforts.

12
What may happen if a healthcare organization does
not follow the Privacy Rule?

• Civil penalties are 100 per incident, up to
  25,000 per violation per year per standard.
• Federal criminal penalties exist for knowingly
  and
• improperly disclosing information or
  obtaining information under false pretenses.
• Criminal penalties include fines up to 50,000
  and one year in prison for improperly obtaining
  or disclosing PHI up to 100,000 and up to five
  years in prison for obtaining PHI under false
  pretenses and up to 250,000 and up to10 years
  in prison for obtaining or disclosing PHI with
  the intent to sell, transfer or use it for
  commercial advantage, personal gain or malicious
  harm.

13
Important terms to help understand the Privacy
Rule

• Disclosure
• Means to give out PHI.
• Examples might include, providing information
  for the purpose of billing or talking about a
  patients condition in a public place

14
Important terms to help understand the Privacy
Rule

• Minimum Necessary Information
• Is the least amount of information you need to do
  your job.
• You should
• access only the information you need
• use this information only to do your job
• limit the information you share with a
• person to what he or she needs to know in
  or to
• do his or her job.

15
Important terms to help understand the Privacy
Rule

• Incidental disclosure
• This may happen when PHI is seen or heard by
  somebody who does not need to know, even through
  the organization has taken appropriate steps to
  limit the information shared or to keep the
  information private

16
Know where PHI can be seen or heard by others!!

• When speaking aloud while talking to or about a
  patient
• When information is printed and then posted in a
  public place
• When information may be seen on a computer
  monitor by people passing by
• When information is thrown in a trash can and
  contains personal information about a patient
  such as a used IV bag with a patient label on it
• When information that is sent from one place to
  another by computer, fax, phone, mail or xerox

17
PROTECT PHI

• BY
• Locking filing cabinets, file rooms, offices
  where PHI is located
• Using a password-not revealing it to anyone, and
  changing it as required
• Logging off a computer system containing PHI when
  you leave the computer or locking the office door
  to secure the computer
• Turning computer monitors so that they may not be
  viewed by others passing by
• Shredding documents or disposing of them in a
  SHRED-IT container
• Disposing of old equipment and storage devices,
  such as disks and CDs properly.

18
REMEMBER LIMIT THE PHI YOU GIVE OR TAKE!!

• Ask patients to use a sign-in sheet, but ask only
  for their name not the reason for their visit
• Call out a patients name in a waiting room if
  necessary, but dont reveal any other information
  about the patients condition or reason for the
  visit

19
PATIENT PRIVACY IS EVERYONES CONCERN

• IT IS A BASIC PART OF PATIENT CARE