Disability Services Agencies Briefing On HIPAA - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Disability Services Agencies Briefing On HIPAA

Description:

This Training is for the entire DSA workforce to provide an overall awareness of 'What is HIPAA? ... As required by the HIPAA law, most covered entities have ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 16
Provided by: divette
Category:

less

Transcript and Presenter's Notes

Title: Disability Services Agencies Briefing On HIPAA


1
Disability Services Agencies Briefing On
HIPAA
2
Who is this for?
  • This Training is for the entire DSA workforce to
    provide an overall awareness of What is HIPAA?
  • Additional training will be provided to more
    specifically address how HIPAA impacts the
    functions that are performed by the following
    areas
  • Providers
  • Case Managers/ Counselors
  • Administrative/Support Staff
  • Medical Records
  • Admissions

3
History
  • Each time a person sees a doctor, is admitted to
    a hospital, goes to a pharmacist or sends a claim
    to a health plan, a record is made of their
    confidential health information. Congress
    recognized the need for national patient record
    privacy standards, when they approved the Health
    Insurance Portability and Accountability Act of
    1996 (HIPAA).
  • The final rule took effect on April 14, 2001. As
    required by the HIPAA law, most covered entities
    have two full years until April 14, 2003 - to
    comply with the final rule's provisions. The law
    gives the Department of Health and Human Services
    (HHS) the authority to make appropriate changes
    to the rule prior to the compliance date.

4
Brief Introduction to HIPAA
  • Health Insurance Portability Accountability Act
    of 1996 (HIPAA)
  • Public law 104-191
  • Portability Transfer of healthcare when
    employees change jobs
  • COBRA A program that ensures continuous health
    plan coverage
  • Accountability Fraud/Abuse Administrative
    Simplification
  • PRIVACY, SECURITY, TRANACTIONS AND CODE SETS

5

HIPAA has four parts
  • Transactions Billing Rules
  • Unique Health Identifiers and Standard Medical
    Code Sets
  • Security Standards
  • Privacy

6
TODAY WE WILL COVER PRIVACY
  • Privacy in Effect on 4/14/03.
  • HIPAA training will occur annually.
  • Additional training will also be provided for
    Security and Transactions.

7
Who does HIPAA Apply to?
  • Covered Entities are either Health Care
    Providers, Health Plans or Clearinghouses.
  • In the DSA only WWRC is a Covered Entity.
  • Business Associates are all others that may
    receive, transmit or store Protected Health
    Information from a covered entity.
  • All other agencies in the DSA may be Business
    Associates.

8
Who does HIPAA Apply to? (cont)
  • Covered Entities must enter into a contract with
    Business Associates, requiring that Protected
    Health Information be kept confidential by the
    Business Associate receiving information from or
    on behalf of the covered entity.
  • Business Associates are not permitted to use or
    disclose protected health information in ways
    that the covered entity can not.

9
What does HIPAA apply to?
  • Information relating to an individuals health,
    health care treatment, or payment for health
    care, is called Protected Health Information
    (PHI) under HIPAA.
  • Protected Health Information (PHI)
  • Relates to a persons physical or mental health,
    the provision of health care, or the payment of
    health care
  • It identifies, or could be used to identify the
    person who is the subject of the information i.e.
    by name,
  • Is created or received by a covered entity and
  • Is transmitted or maintained in any form or
    medium.

10
What does HIPAA do?
  • Provides Individuals Rights
  • Right to receive written notice of information
    practices from health plans and providers
  • Right to access their own health care information
  • Right to request an amendment or correction of
    protected health information that is inaccurate
    or incomplete
  • Right to receive accounting of when information
    had been disclosed for purposes other than
    treatment, payment and health care operations

11
Consent vs. Authorization
  • Consent - is required for all clients, it
    provides us the authority to share Protected
    Health Information for the purposes of Treatment,
    Payment and HealthCare Operations( i.e. business
    processes necessary to provide services to our
    clients).
  • Authorization is needed anytime PHI is shared
    and it is for reasons other than Treatment,
    Payment, or HealthCare Operations (TPO).
  • Example Financial Institution has requested
    PHI. An authorization will be needed to provide
    this information. The request for this
    information would be outside of the scope of TPO.
  • Disclosures without patient authorization
  • Purposes of effecting treatment, payment
    operations, and health care operations.
  • Certain federal, state, and other oversight
    activities, public health, emergencies, judicial
    proceedings, banking and payment processes, and
    health research.
  • Disclosure of PHI for research must be approved
    by an Institutional Review Board or Privacy
    Board.

12
What do we have to do?
  • Must generally obtain the patients consent prior
    to using or disclosing PHI to carry out
    Treatment, Payment, or health care Operations
    (TPO).
  • Obtain an authorization for any disclosure
    outside of TPO.
  • Develop mechanism for accounting for all
    disclosures outside of TPO.
  • Accommodate requests for amendments or
    corrections.
  • Designate a Privacy Officer responsible for
    privacy activities.
  • Provide Training to all staff who have access to
    PHI.
  • Establish administrative, technical, and physical
    safeguards.
  • Establish Policies and Procedures, and Privacy
    Notice.
  • Develop and apply sanctions from re-training to
    reprimand to termination for HIPAA privacy
    violations.
  • Have available documentation with the regulation
    requirements.
  • Develop methods to disclose minimum amount of
    PHI.
  • Develop and use contracts with business
    associates.

13

Penalties and Enforcement
  • The federal penalties are 25,000 - 250,000
    fines and/or 1 to 10 years imprisonment,
    dependant on the type of violation.
  • Employee Sanctions for inappropriate disclosures

14
WAYS THAT YOU CAN HELP
  • When disposing of paper copies of patient
    records, they should be shredded for disposal.
  • Ensure that workstations cant be viewed by
    visitors.
  • Avoid discussing client information in public
    places such as elevators, cafeterias, and waiting
    rooms.
  • Ensure that all Facsimile copies that are sent
    contain a cover page with the disclaimer
    statement.
  • Change your password regularly
  • Dont use generic passwords and log-on names
  • Secure your workstation when unattended.

15
THINGS YOU MAY NOTICE
  • Ongoing privacy training for workforce
  • Privacy notices and new authorization process
  • New Policy and Procedures
  • Privacy Office to answer HIPAA related questions.
  • Consent and Authorization forms revised
  • Email and Fax Disclosure statements
Write a Comment
User Comments (0)
About PowerShow.com