Embed Size (px)
Citation preview
HIPAA Training for Pharmaceutical
Industry Representatives
University of Utah Hospitals & Clinics
Objectives Describe key features of HIPAA and
how it impacts pharmaceutical representatives
Identify when a business associates or shadow agreement is necessary
Describe issues related to reporting ADRs.
HIPAA
Health Insurance Portability and Accountability Act 1996
Continuity of health plan when moving from one plan to another
Fraud enforcement Privacy and security rules
Privacy
An ethical issue; now the law! Individual right to control access
and disclosure of protected health information
Paper, electronic, oral communication
Without the patient’s permission. . . .
Providers directly involved in care may discuss patient’s status
Disclose information to consulting physicians or for referral But not to those without clinical
responsibilities.
Protected Health Information (PHI) Name Biometric
identifiers Full face images Geographic
subdivisions Dates SS
Phone, FAX E-mail, IP, URL MR, health plan # Account #, Cert.,
licenses Vehicle identifiers Device identifiers Other
Security and Confidentiality Agreement
All vendors Covers “incidental” exposure to
PHI Handled as part of our workforce
Exceeds requirements of HIPAA Important to protect the privacy of
our patients
Business Associates Agreement
Another person uses PHI to perform function or activity on behalf of the covered entity
Provide services to the covered entity that involves PHI
Used for ongoing relationship
Shadowing agreement
Use for one time situations with exposure to PHI greater than just “incidental”
Requires consent of patient Approval of service director
If you violate HIPAA . . .
Loss of privileges Dismissal Civil or criminal penalties
TPHA
When can you share patient info? Treatment Payment Healthcare operations Authorized by the patient
Keeping it private . . .
Don’t communicate information that may be potentially patient related
Includes Who you see What you see What you heard
Disclosing PHI without permission There are exceptions—most related to
public health and legal requirements to report Example: Reporting ADRs to FDA
UUHSC must keep a record of any disclosures
Notify HIPAA office if you are informed of an ADR
Myths
HIPAA doesn’t apply to me Not part of workforce Doesn’t apply to drug companies
I don’t need to sign your agreement
This is just for the Hospital, Right?
For more information
UUHSC HIPAA office CDC summary:
www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm
www.HIPAA.org www.cms.hhs.gov/hipaa
Resources
Website http://uuhsc.utah.edu/pharmacy/msr Guidelines All forms Links to privacy office
Database of all representatives in our system
Summary UUHSC sets a higher standard around
privacy issues HIPAA and privacy issues apply any
time you are at one of our facilities In addition to confidentiality and
security agreements, reps must sign a business associates or shadowing agreements when applicable
Report HIPAA issues Ask questions!
Questions Our Business Associates Frequently Ask
Where can I go to get my questions answered quickly? [email protected] http://uuhsc.utah.edu/privacy
How long will it take? Most questions are answered in 1 business
day. Why so much paper work?
To protect our patient’s privacy.
What Can You Do To Make The Process Go Faster?
Understand our goal is: To give outstanding medical care to all
of our patients. To protect the privacy of our patients at
all times. Understand what your role is in
meeting our goal What you see and hear in the hospitals
and clinics stays there.
Making The Process Easier And Faster
Complete and sign our business associate agreement (BAA). BAA’s are self renewing
They can be modified They can be customized
One per company They are found on our web page
Screen shots summary
Main web page http://uuhsc.utah.edu/privacy
Site for faculty, student, staff, volunteers (this page links to the next two) http://intranet.uuhsc.utah.edu/privac
y/workforce/en/index.html
QUESTIONS?
