HIPAA Basics

HIPAABasics

HealthInsurancePortabilityandAccountabilityActof1996

WhatIsHIPAA?HIPAA:•  Protectstheprivacyofhealthcareinforma@onforallAmericans,includingtheindividualsyousupport

•  ProtectstheprivacyofProtectedHealthInforma@on(PHI)

•  SetsrulesandlimitsonwhocanlookatandreceivePHI

•  Providesthefreedomofconfiden@almovementofinforma@onbetweenhealthcarebenefitplans

Whatareaperson’srightsunderHIPAA?

•  Access:Therighttoreviewandobtainacopyoftheirprotectedhealthinforma@on

•  Amendment:Therighttoamendorhavecorrec@onsmadetotheirprotectedhealthinforma@on

•  DisclosureAccoun@ng:Therighttoknowhowtheirprotectedhealthinforma@onhasbeenshared

Whatareaperson’srightsunderHIPAA?

•  Restric@onRequest:Therighttorequestthatthesharingofcertainprotectedhealthinforma@onberestrictedundercertaincircumstances

•  Alterna@veCommunica@ons:Therighttorequestanalterna@veloca@on,sayapostofficeboxinsteadofatradi@onalhomeaddress,oralterna@vemeans,forinstanceviae‐mailinsteadofbytelephone,forreceivingcommunica@onsoftheirPHI

WhodoesHIPAAapplyto?

•  HealthCareProviders:Mostdoctors,nurses,pharmacies,hospitals,clinics,nursinghomes,healthcareandotherproviders

•  HealthPlans:Healthinsurancecompanies,HMOsandemployerhealthplans

•  BusinessAssociates:PersonsorcompaniesthatperformservicesforHealthCareProvidersorHealthPlansthatinvolvetheuseorsharingofhealthinforma@on

•  EmployeesofHealthCareProvidersorHealthPlans

WhodoesHIPAAapplyto?

Basically,HIPAAappliestoanyonewhoprovidescare,hearsconversa@ons,andhasaccesstoaperson’shealthinforma@onand/orbillsforhealthcareservices.

Whatinforma@ondoesHIPAAprotect?

ProtectedHealthInforma@on(PHI)isdefinedasindividuallyiden@fiablehealthinforma@onthatistransmiWedormaintainedinanyformofmedium(electronically,oral,orwriWen),asitrelatesto:•  Thepast,present,orfuturephysicalormentalhealthcondi@onofa

person

•  Theprovisionofhealthcaretoaperson•  Thepast,present,orfuturepaymentfortheprovisionofhealthcare

toaperson

Informa@onbecomes“individuallyiden@fiable”ifitdefinesthepersonorthereisareasonablebasistobelievetheinforma@oncanbeusedtoiden@fytheperson.

•  PersonalIden@fyingInforma@on(Name,Address,SS#,etc.)

•  HealthStatus(Diagnosis,MedicalRecords)

•  ProvisionofCare(Servicesreceived)•  PaymentofServices(Howpaymentwillbemade)

•  Billinginforma@on

Anyoneofushasthepoten@altoviolateanindividual’sprivacyandconfiden@ality.ThisiswhyitisimportantforyoutoknowandunderstandhowHIPAAcomplianceprotectstheprivacyandconfiden@alityofthoseyousupport.

HIPAAisallabouttheuseanddisclosureofinforma@on,including:•  Whousesit?•  Whoitisreleasedto?•  Howmuchinforma@onisreleased?

•  Whyinforma@onisreleased?

Individualsyousupporthavetherighttoprivacywhenitcomestothedisclosureoftheirpersonalhealthinforma@on.

Theyhavetherighttocontroltheirpersonalinforma@onandtonothaveitdivulgedorusedbyothersagainsttheirwishes.

Youmustmaintainconfiden@alitybymakingaconsciousefforttokeepprivateANYinforma@onprovidedbyanyoneonbehalfoftheindividualsyousupportintheprocessofreceivingservices.

AsDirectCareprofessionals,youareresponsibletomonitoryourownbehaviorandthebehaviorofothers.Youarelegallyresponsibleforprotec@ngthehealthinforma@onoftheindividualsyousupport.

WhencanPHIbeshared?

ProtectedHealthInforma@onmaybesharedfor:•  Treatment(residen@alservices,dayprograms)

•  Payment(billingforservices)

•  HealthCareOpera@ons(qualityassurance,programoversight)

Onlytheminimumamountofinforma@onnecessarytoaccomplishtheintendedpurposeshouldbeprovided.

WhencanPHIbeshared?

AccessingPHIwithnolegi@mateneedorwithoutspecificpurposetodelivercareisaviola@onofanIndividual’sconfiden@ality.

AsDirectSupportProfessionals,youmustbecarefultonotbecomecasualwithPHIrememberingalwaysyourresponsibilitytokeepprivateinforma@onprivate.

ThereareanumberofotherpossiblecircumstanceswhenPHImaybedisclosedfor“publicneed”purposeswithoutauthoriza@on.Theseinclude,butarenotlimitedto:•  GovernmentAudits•  PublicHealthandSafety•  AsubpoenafromtheCourts

WhencanPHIbeshared?

Whenisanauthoriza@ontosharePHIneeded?

Anauthoriza@on/consentmustbeobtainedinwri@ngforanyuseorsharingofprotectedhealthinforma@onthatisnotfortreatment,payment,healthcareopera@ons,orotherwiseallowed.

Allauthoriza@onsmustbewriWeninplainlanguage.

Theauthoriza@onmust:

•  Describetheprotectedhealthinforma@ontobeshared

•  Iden@fytheperson(s)whomayshareandreceivethePHI,aswellasthepurposeofthesharing

Otherrequirementsinclude:

•  Anexpira@ondate•  Statementsrela@ngtocancellingandre‐sharingofinforma@on

•  Givingtheindividualacopyoftheauthoriza@ononceithasbeensignedanddated

Whatstepsmustbetakentoprotectaperson’sPHI?

•  HIPAArequiresthataperson’sprotectedhealthinforma@onremainssecure.

•  Itisyourresponsibilitytobeawareandtofollowthepoliciesandproceduressetforthbyyouremployerwithrespecttotheconfiden@ality,integrity,andavailabilityofprotectedhealthinforma@on.

•  Confiden'alitymeansthatprotectedhealthinforma@onisonlyusedbyauthorizedpeople.

•  IntegritymeansthatPHIisnotalteredordestroyed.

•  AvailabilitymeansthatPHIcanbeusedasneededbyanauthorizedperson.

•  Itisalsoimportantforyoutoprotectagainstthreats,hazards,ormisuseofPHI.

•  Don’tdiscussinforma@onaboutindividualsyousupportinapublicplacewhereotherscanoverhear

•  Makesurefilesarenotle`whereunauthorizedpeoplecanseethemandthattheyareinasecureloca@onwhennotinuse

•  WhensendingaFAX,makesureanauthorizedpersonisontheotherendtoreceiveit

•  Computers:– Allcomputersshouldbepasswordprotected

– Yourcomputerscreenshouldfaceawayfrompublicarea/viewing

– Whensteppingawayfromacomputerinuse,youcanprotectinforma@onbyclosingallapplica@onsandusingascreensaver

– DonotsendPHIviae‐mailunlessitisencrypted

•  Verifytheiden@tyofanypersonreques@nganIndividual’spersonalhealthinforma@ontoensuretheycanreceivetheinforma@on

•  Donotgiveoutinforma@onoverthetelephoneunlessyouhaveauthoriza@ontodoso

•  DonottakeanIndividual’spersonalhealthinforma@onoutofthehomeorworkprogramunlessauthorizedtodoso

•  Keepconfiden@alinforma@onconfiden@al•  Whenindoubt,donotgiveanyinforma@onout

•  Youshouldreviewyouremployer’spoliciesandprac@ceswithrespecttokeepingPHIsecureandconfiden@al

HowtodisposeofdocumentscontainingPHI?

AnythingcontainingPHIhastobedisposedofinawaythatmakestheinforma@onunreadable,suchasshredding.

Howtoreportaviola@on?

IfyoususpectorareawareofaHIPAAviola@onregardingprotectedhealthinforma@on,youmustact.

FollowthespecificwriWenpoliciesandproceduressetforthbyyouremployerwhichmayincludeimmediatelycontac@ngyoursupervisororyouragency’sPrivacyOfficer,orfillingoutawriWenreport.

Howtoreportaviola@on?

Inaddi@on,ifyouareabletotakereasonablecorrec@veac@ontolessentheHIPAAviola@on,youshoulddosoimmediately.

WhatcanhappenifyouviolatetheHIPAAlaworyourcompany’s

privacyprac@ces?•  Apersonwhopurposelyusesorsharesindividually

iden@fiablehealthinforma@oninviola@onofHIPAAfacesafineof$50,000anduptooneyearinjail

•  Thecriminalpenal@esincreaseto$100,000anduptofiveyearsinjailiftheviola@oninvolvesfalsepretensesorlying

•  Iftheviola@oninvolvesthesaleoruseofindividuallyiden@fiablehealthinforma@onforpersonalgainormaliciousharm,thecriminalpenal@esincreaseto$250,000anduptotenyearsimprisonment

•  Aviola@onofyouremployer’sHIPAAprivacyprac@cescanleadtocompanypenal@esuptoandincludingtermina@onofyourjob

•  Youcouldpoten@allyloseanyprofessionallicense(s)thatyoumayneedtoperformyourjob

•  PleaserememberthatsimplyviewingthePHIofanyonewhoisnotunderyourcareandsharingsuchinforma@onwithothersisaviola@onofHIPAA

privacyprac@ces?

•  TheboWomlineisthatjustoneviola@onofHIPAAcouldmeanthelossofyourjob,thelossofwhateverprofessionallicensesyoumayhave,thepaymentofalargefine,andajailterm

•  HIPAAisseriousbusinessandneedsyourundividedaWen@on

privacyprac@ces?

Howdoyoupreventthisfromhappeningtoyou?

•  FollowEmployerpoliciesandprocedures:YouremployershouldhavepoliciesandproceduresthatcoveralmostanyHIPAAissuethatyouarelikelytoencounter

•  Strictlyobserve“MinimumNecessary”(NeedtoKnow):Onlyusespecificinforma@onthatyourequireforthatpar@cularjobfunc@on

Howdoyoupreventthisfromhappeningtoyou?

•  BeCau@ous:Nevervieworuseprotectedhealthinforma@onunlessyouhaveaproperreasonfordoingso

•  UseandsharePHIonlyaspermiWedbylawandyourapplicableemploymentpoliciesandprocedures

•  Usecommonsenseandwhenindoubt,ASK

HIPAA Basics - DWC training · 2015. 3. 4. · violaon of HIPAA could mean the loss of your job,...

Documents

HIPAA Strategy

HIPAA Compliance Manual - tasconline.com HIPAA...HIPAA Compliance Manual 3 What is HIPAA? What is HITECH? HIPAA is a federal law that governs entities that handle “Protected Health

Hipaa basics.pp2

HIPAA Privacy:

HIPAA Privacy Training1 HIPAA Privacy: HOW IT AFFECTS YOU !!!

HIPAA AND SOCIAL MEDIA “TIPS TO AVOID HIPAA VIOLATIONS ”

Kit Robinson Director kit.robinson@vontu.com Data Loss Prevention and HIPAA

Corporate Compliance HIPAA Privacy HIPAA Security

Data Loss/ARRA/HIPAA

HIPAA/HITECH Training HIPAA/HITECH Training (Clinical Non - Patient Care Areas) HIPAA Job Specific Education

Hipaa Compliance

HIPAA Compliance Template Suites - HIPAA Training...HIPAA Compliance Template Suites Covered Entity HIPAA Compliance Tool (Less than 50 employees) 1) Small Business HIPAA Security

Dustin HIPAA

HIPAA 101 Basic Privacy and Security HIPAA Training

HIPAA Compliance - ww1.prweb.comww1.prweb.com/prfiles/2015/04/13/12849114/HIPAA Compliance wit… · HIPAA Compliance: The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA 2010

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic

Minnesota HIPAA Collaborative Minnesota HIPAA Collaborative

Outline What is HIPAA Components of HIPAA Examples Review