HIPAA

1
HIPAA

• Health Insurance Portability and Accountability
  Act
• Overview of HIPAA regulations
• Privacy/confidentiality Video
• Privacy policies

2
Introduction

• HIPAA ( Health Insurance Portability and
  Accountability Act) was passed in 1996.
• Department of Health Human Services (DHHS)
  issued the final Privacy rule in April 2001.
• Regulation requires compliance by April 14, 2003

3
Privacy Objectives

• Protect patients rights by giving them access to
  their health information and control over how it
  will be used
• Improve the quality of care by restoring trust in
  the health care system
• Protect the security privacy of all medical
  records that is used or shared in any form

4
HIPAA Privacy vs. Security Standards

• Privacy Standards - deal with patients
  expectations of providers in terms of the way
  health information is used.
• Example - Limiting who has access to their
  records
• Security Standards - deal with measures that
  covered entities can take to keep their
  information safe
• Example - Encrypting information before it is
  sent over the Internet.

5
Creating a Culture of Confidentiality

• Facts
• One out of every five Americans believes their
  health information is used inappropriately.
• One in six report that they have provided
  inaccurate information to their health care
  provider because they dont feel it will be kept
  confidential.

6
What happens if patients dont trust us?

• Quality care is compromised when patients are
  concerned that their healthcare information isnt
  kept confidential
• Conditions may go undetected or untreated
• Health information may not be complete and
  accurate

7
Who is Included?

• Health Care Providers
• Physicians
• Hospitals
• Social workers
• Pharmacists
• Nursing Homes
• Licensed health care Providers
• Outpatient Physical Therapy
• Certified Nurse-midwife services
• Home Health agencies
• Home dialysis supplies and equipment

8

• Anyone..
• In a healthcare facility who uses or may see
  confidential patient information is included.!!!

9
Also..

• Business Associates
• Persons or entities that
• provide services to or on
• behalf a covered entity but
• are not members of the
• entitys workforce

10
What is Protected Health Information (PHI)?

• Health information created or received by a
  covered entity, regardless of form that could be
  used directly or indirectly to identify an
  individual.
• Name, Address, City, County, Zip Code,
  Fingerprints, Name of relative or employer, DOB,
  Telephone , SS , Fax , Photos, Medical Record
  or Account , License

11
HIPAA Penalties

• HIPAA is serious about patient privacy
• Failure to comply Each violation is 100, with
  the maximum penalty not to exceed 25,000 for
  each identical violation
• Wrongful disclosure of information 50,000 and
  / or one year of prison.
• Obtaining information under false pretense
  100,000 and / or prison for up to 5 years
• Intent to sell 250,000 and / or up to 10 years
  in jail

12
Patient Rights

• Keeping the patient informed
• Notice of Privacy Practices
• Authorization
• Access/control over patients health information
• Access
• Amendment
• Culture of confidentiality
• Restrictions
• Minimum necessary

13
Patients RightsKeeping the patient informed

• Notice of Privacy Practices
• Patients must have access to a written
  explanation of how your facility may use and
  disclose their health information.
• Authorization
• Patient must grant permission for the release of
  medical information for non-routine disclosures
  and most non-health care purposes.

14
Patients RightsAccess/control over patients
health information

• Request for Access
• Request for Amendment
• Restrictions

15
Patients RightsAccurate Documentation

• Medical Records must be
• Accurate
• Complete
• Legible

16
HIPAA is the law

• As a health care provider, it is your
  responsibility to honor these new patient rights
  and to make sure that personal information is
  protected.

17
Provena Health HIPAA Privacy Program

• Overview of HIPAA Privacy Policies
• Governance of HIPAA
• Release of information
• Employee related
• Enforcement

18
Governance of Privacy Program

• Organizational structure (system)
• Privacy Officer
• Managements role
• Your responsibilities

19
Organizational Structure

• Corporate
• Program sponsorship
• Program Management Office
• HIPAA Steering Committee
• Privacy Officer
• Each Facility
• CEO
• Privacy Officer
• Department manager
• Staff

20
Role of Privacy Officer

• Corporate privacy officer
• Develop and implement privacy/ confidentiality
  policies employed through out Provena Health.
• Consistency
• Facility privacy officer- Anne Little
• Investigation/resolution of potential HIPAA
  privacy violations.

21
Managements Role

• Implementing Privacy policies and procedures.
• Document alleged HIPPA violations.
• Administrating corrective action

22
Your Responsibilities

• Curb Human Nature
• Curiosity
• Sharing
• Be Sensitive
• Respect the patients right to privacy
• Know and follow your organizations policies

23
PUSMC Policies(Found in Hospital Policy Manual)

• Confidential Agreement - System Policy 1.2
• Confidential Procedure 1.2A
• Release of Information from a Psychiatric
  Patients Medical Record 6.20
• Release of Information from a Non-Psychiatric
  Patients Medical Record 6.21
• AlertLine -- System Policy 4.3
• Statement of Patients Rights and Responsibilities
  4.15
• Electronic Authentication 23.4
• Persons Authorized to Make Entries in the Medical
  Record 23.5

24
Release of InformationOverview

• Minimum necessary / need to know
• Confidential Information in Public Areas
• Speaking in Public Areas.

25
Minimum necessary/need to knowUses and
disclosures of health information

• Limited to minimum necessary to achieve the
  intended purpose of the use or disclosure.
• Access is only given on a need to know basis.
• If in doubt, ask yourself Do I really need
  access to this information to do my job?

26
Confidential Information in Public Areas

• Equipment must not be positioned in a way that
  will encourage health information to be viewed by
  unauthorized individuals.
• Concealing information.

27
Speaking in Public Areas

• Be Sensitive
• Be Aware
• Take steps to reduce the possibility of being
  overheard

28
Employee Related-Overview

• Background Checks
• Confidentiality/ Non-disclosure
• Annual Reviews
• Employees as Patients

29
Confidentiality/Nondisclosure Statements

• Contents include
• Must understand policies pertaining to
  confidentiality.
• All patient information is confidential and the
  property of the organization.
• All workers must sign at job orientation and as
  part of the annual review.

30
Annual Reviews

• An employee may be rated on their understanding
  of and compliance with privacy policies and
  procedures.
• Privacy responsibilities may be incorporated into
  job descriptions as well

31
Employees as Patients

• Same rights to privacy as all other
• patients of the organization
• Must follow standard procedures
• to obtain or view their own
• medical record

32
Enforcement

• Complaints/Incident Reporting
• Corrective Action/Sanctions
• Refrain from retaliation

33
Corrective Actions/Sanctions

• Provena Health will hold
• all employees accountable
• for
• maintaining the privacy of its patients and
• the security and confidentiality of patient
  information.

34
Answers to Frequently Asked Questions

• Q What information can be given to non-
  employed, community clergy?
• A The following information may be given to
  community clergy patient name, location,
  general condition, and religious affiliation.
  Patient however, must authorization being listed
  in the patient directory from which information
  is obtained

35
Answers to Frequently Asked Questions

• Q Who will be watching us to make sure we are
  compliant with HIPAA Privacy Standards and
  confidentiality in general?
• A Most regulatory agencies will have standards
  that require adherence to HIPAA. Agencies such
  as CMS, IDPH, JCAHO, and others. The local HIPAA
  team at PUSMC will oversee the implementation of
  policies and procedures that support compliance
  with HIPAA. Managers and supervisors will
  monitor activities in their departments to manage
  compliance. And each employee is responsible for
  protecting patients privacy.

36
Answers to Frequently Asked Questions

• Q Can I give information to a person who is
  calling on the phone from out of state to inquire
  about their loved one?
• A While it is difficult to verify who is
  really calling, we recommend that you let the
  patient know who is on the phone, what questions
  they are asking, and get the patients verbal
  authorization to release information. If the
  patient is unable to respond due to his/her
  condition, seek a family member who is present to
  talk with the caller. If neither of the above
  are options, ask the caller to give you the
  patients birth date or some other piece of
  information that would help confirm who is
  calling and whether or not they should have
  access to the information.

37
Do you have any questions or comments?
Please use your index card to record your
concerns or processes that need to be reviewed.

• Please complete the 1) EVALUATION QUESTIONNAIRE,
  2) POST-ASSESSMENT, and 3) MODULE EVALUATION

If you are unable to answer YES to each question,
please contact Nicole Boose at 443-5000, Ext.
5373.