HIPAA

1
HIPAA

• Health Insurance Portability and Accountability
  Act

2
Not a HIPPO!
Its HIPAA 1 P and 2 As
3
HIPAA

• Who? What? Why? When?

4
Confidentiality in

• Hospitals
• Skilled Nursing Facilities
• Doctors Offices
• Employers
• Schools
• Anyone with your health information must keep it
  confidential and abide by HIPAA. It applies to
  ALL health care providers.

5
HIPAA is

• Related to all medical records.
• Written
• Computerized
• In use or stored.

6
What is Protected Health Information (PHI)?

• According to HIPP all of the following can be
  used to identify a patient
• Addresses
• Dates
• Telephone or fax numbers
• SSN
• Medical Record Numbers
• Patient Account Numbers
• Insurance Plan Numbers
• Vehicle Information
• License Number
• Photographs
• Fingerprints
• Email Internet addresses

7
Protected Health Information (PHI)
PHI is information that is can identify an
individual personal health information.
Removing a persons name is no longer a
sufficient way to de-identify a patient. ANY
Health information that identifies someone or can
be used to identify someone MUST BE PROTECTED.
8
Why HIPAA?

• Health information continues to grow and become
  more sophisticated.
• It requires more protection than ever.
• Identity theft.
• Put in place penalties for violations of the law.

9
When HIPAA?

• Mandated to be in place by April 2003.
• Although the actual law was on the books much
  earlier in 1999.

10
So tell me what you know

• Who has to obey HIPAA laws?
• What does HIPAA stand for?
• Where does HIPAA apply?
• When was HIPAA mandated to be in place?

11
HIPAA

• What does this mean to you?

12
HIPAA Compliance

• Read only charts and information you need to do
  your job or assignment.
• Ensure any questions you ask of others to enhance
  your learning are done when others are not within
  hearing range.

13
HIPAA Compliance

• When discussing patient conditions in the
  classroom, do not use names or anything that
  would allow others to pick the patient out of a
  room.
• Good A male in his mid-forties had
• Bad The male in room 224.
• Good A teenage girl
• Bad The 16 year old girl, with brown hair
  wearing a plaid skirt

14
HIPAA Compliance

• Discuss patient information/ condition only with
  those who need to know as a part of their job.
• Do not discuss patient information in the halls
  or in public areas.
• You never know who may be listening.

15
So tell me what you know

• Explain what HIPAA Compliance means to you.
• What can you do to protect patient privacy?
• Describe someone in this room in a way where we
  may not know who they are.
• Now describe someone in a way we will be able to
  guess.

16
Consents
17
Consents

• Patients (only) may request their records be
  released to others for any number of reasons.
• All consents must be in writing and need to be
  kept with the medical record.

18
Consents

• Life insurance
• Family records
• Family physician

19
Consents

• Some releases or authorizations require a
  non-staff member to sign as a witness.
• Students may not fulfill this request.

20
What is TPO?
Treatment- Providing care to patients Payment- Ge
tting paid for caring for patients Operations- No
rmal business activities such as, quality
improvements, training, auditing, customer
service, and resolution of grievances.
21
So tell me what you know

• Why are consents important?
• Who can give consent?
• Where should consents be stored?
• What are a few examples of why a patient may want
  their medical records.

22
Covered Entities Business Agreements
23
Covered Entities

• If a facility bills their sources of payment
  (insurance companies, MediCare, etc.) via
  electronic means, they become a covered entity.
• Covered Entities may share information, as needed
  to do their job, without the consent of the
  individual.

24
Covered Entity Example of sharing information
appropriately.

• For example, the hospital bills MediCare for a
  patients stay. MediCare request additional
  medical records to support the reason for the
  length of stay at the hospital.
• The hospital may send the information to MediCare
  without consent.

25
So tell me what you know

• Who is a Covered Entity?
• When can a facility share information with them?
• Does the patient need to consent when records are
  sent to a Covered Entity?
• Does the patient need to consent when records are
  given to a marketing firm?

26
Why a Business Agreement?

• If a healthcare provider does business with
  another who is not a covered entity.
• The non-covered entity requires information about
  patients in the healthcare facility to do their
  job properly.
• The healthcare provider may enter into a Business
  Agreement with the non-covered entity.

27
What is a Business Agreement?

• A contract between a non-covered entity and a
  healthcare provider.
• Non-covered entity agrees to use patient
  information strictly as a part of their job (i.e.
  billing, providing home health services, etc).
• Non-covered entity will not use information
  inappropriately (sell info to marketing company,
  to solicit patient, etc).
• Non-covered entity will protect information,
  destroy information properly, and abide by HIPAA
  rules and laws.

28
What is a Business Agreement?

• The Agreement must be reviewed and approved by
  the appropriate Officer within the organization,
  often the Privacy Officer or Compliance Officer.
  
• An example would be a DME company who provides
  custom wheelchairs to rehabilitated patients.
• DME ? Durable Medical Equipment

29
So tell me what you know

• Who needs a Business Agreement?
• What is a Business Agreement?
• Why is a Business Agreement necessary?
• Can any staff member approve a Business Agreement?

30
Dont leave confused