Title: HIPAA
1HIPAA
- Health Insurance Portability and Accountability
Act
2Not a HIPPO!
Its HIPAA 1 P and 2 As
3HIPAA
4Confidentiality in
- Hospitals
- Skilled Nursing Facilities
- Doctors Offices
- Employers
- Schools
- Anyone with your health information must keep it
confidential and abide by HIPAA. It applies to
ALL health care providers.
5HIPAA is
- Related to all medical records.
- Written
- Computerized
- In use or stored.
6What is Protected Health Information (PHI)?
- According to HIPP all of the following can be
used to identify a patient - Addresses
- Dates
- Telephone or fax numbers
- SSN
- Medical Record Numbers
- Patient Account Numbers
- Insurance Plan Numbers
- Vehicle Information
- License Number
- Photographs
- Fingerprints
- Email Internet addresses
7Protected Health Information (PHI)
PHI is information that is can identify an
individual personal health information.
Removing a persons name is no longer a
sufficient way to de-identify a patient. ANY
Health information that identifies someone or can
be used to identify someone MUST BE PROTECTED.
8Why HIPAA?
- Health information continues to grow and become
more sophisticated. - It requires more protection than ever.
- Identity theft.
- Put in place penalties for violations of the law.
9When HIPAA?
- Mandated to be in place by April 2003.
- Although the actual law was on the books much
earlier in 1999.
10So tell me what you know
- Who has to obey HIPAA laws?
- What does HIPAA stand for?
- Where does HIPAA apply?
- When was HIPAA mandated to be in place?
11HIPAA
- What does this mean to you?
12HIPAA Compliance
- Read only charts and information you need to do
your job or assignment. - Ensure any questions you ask of others to enhance
your learning are done when others are not within
hearing range.
13HIPAA Compliance
- When discussing patient conditions in the
classroom, do not use names or anything that
would allow others to pick the patient out of a
room. - Good A male in his mid-forties had
- Bad The male in room 224.
- Good A teenage girl
- Bad The 16 year old girl, with brown hair
wearing a plaid skirt
14HIPAA Compliance
- Discuss patient information/ condition only with
those who need to know as a part of their job. - Do not discuss patient information in the halls
or in public areas. - You never know who may be listening.
15So tell me what you know
- Explain what HIPAA Compliance means to you.
- What can you do to protect patient privacy?
- Describe someone in this room in a way where we
may not know who they are. - Now describe someone in a way we will be able to
guess.
16Consents
17Consents
- Patients (only) may request their records be
released to others for any number of reasons. - All consents must be in writing and need to be
kept with the medical record.
18Consents
- Life insurance
- Family records
- Family physician
19Consents
- Some releases or authorizations require a
non-staff member to sign as a witness. - Students may not fulfill this request.
20What is TPO?
Treatment- Providing care to patients Payment- Ge
tting paid for caring for patients Operations- No
rmal business activities such as, quality
improvements, training, auditing, customer
service, and resolution of grievances.
21So tell me what you know
- Why are consents important?
- Who can give consent?
- Where should consents be stored?
- What are a few examples of why a patient may want
their medical records.
22Covered Entities Business Agreements
23Covered Entities
- If a facility bills their sources of payment
(insurance companies, MediCare, etc.) via
electronic means, they become a covered entity. - Covered Entities may share information, as needed
to do their job, without the consent of the
individual.
24Covered Entity Example of sharing information
appropriately.
- For example, the hospital bills MediCare for a
patients stay. MediCare request additional
medical records to support the reason for the
length of stay at the hospital. - The hospital may send the information to MediCare
without consent.
25So tell me what you know
- Who is a Covered Entity?
- When can a facility share information with them?
- Does the patient need to consent when records are
sent to a Covered Entity? - Does the patient need to consent when records are
given to a marketing firm?
26Why a Business Agreement?
- If a healthcare provider does business with
another who is not a covered entity. - The non-covered entity requires information about
patients in the healthcare facility to do their
job properly. - The healthcare provider may enter into a Business
Agreement with the non-covered entity.
27What is a Business Agreement?
- A contract between a non-covered entity and a
healthcare provider. - Non-covered entity agrees to use patient
information strictly as a part of their job (i.e.
billing, providing home health services, etc). - Non-covered entity will not use information
inappropriately (sell info to marketing company,
to solicit patient, etc). - Non-covered entity will protect information,
destroy information properly, and abide by HIPAA
rules and laws.
28What is a Business Agreement?
- The Agreement must be reviewed and approved by
the appropriate Officer within the organization,
often the Privacy Officer or Compliance Officer.
- An example would be a DME company who provides
custom wheelchairs to rehabilitated patients. - DME ? Durable Medical Equipment
29So tell me what you know
- Who needs a Business Agreement?
- What is a Business Agreement?
- Why is a Business Agreement necessary?
- Can any staff member approve a Business Agreement?
30Dont leave confused