16
Federal law passed by Congress in 1996 Regulations promulgated by the Dept of Health and Human Services Guidelines implemented in April, 2003

Dustin HIPAA

Embed Size (px)

DESCRIPTION

simple hipaa file

Citation preview

Page 1: Dustin HIPAA

• Federal law passed by Congress in 1996

• Regulations promulgated by the Dept of Health

and Human Services

• Guidelines implemented in April, 2003

Page 2: Dustin HIPAA

HIPAA regulations were designed to:

1) protect individuals’ rights to privacy and confidentiality

2) assure the security of electronic transfer of personal information

Page 3: Dustin HIPAA

Health information is used by multiple agents in the

course of a single episode with a health problem.

Below are some of the agencies and individuals who

may handle health information. This is not all

inclusive:

• Admitting clerks

• Caregivers from the

ED to the morgue

• Physical therapists

• Nutritionists

• Lab personnel

• Receptionists in

MD offices

• Transport techs

• Respiratory therapists

• Billing clerks

• Insurance agents/clerks

• School teachers/nurses

• Home health personnel

• Medical records clerks

• Website managers

Page 4: Dustin HIPAA

After completing this program you will be able to: Discuss the general concepts of HIPAA guidelines Adapt HIPAA guidelines for the various settings in

which you might practice Discuss the seven patient/client rights regarding

his/her health information Differentiate individuals who have a ‘need to know’

from those who don’t. This determines those with whom you can discuss protected health information

Discuss application of HIPAA to the student role List legal and professionalconsequences of violating

HIPAA rules

Objectives

Page 5: Dustin HIPAA

Why HIPAA?? Genetic advancements - as more is known about our genetic

predisposition to diseases, HIPAA will ensure that, for example, an individual is not denied insurance because the company knows that she may eventually develop MS.

Marketing - as information is more easily captured concerning, for example, the prescriptions we purchase, HIPAA is designed to prevent marketing of unsolicited products or services based on harvested marketing data.

Technology - as information is quickly and sometimes loosely moved around networks, HIPAA standards will hold violators accountable for accidental or intentional ‘interception’ of protected health information (PHI).

Page 6: Dustin HIPAA

What Objectives do the Privacy Regulations Accomplish for Patients?

Give patients more control over their health information.

Set boundaries on the use and disclosure of health records.

Establish appropriate safeguards for all people who participate in or are associated with the provision of healthcare to ensure that they honor patients’ rights to privacy of their PHI.

Hold violators accountable through civil and criminal penalties.

Strike a balance when public responsibility requires disclosure of some forms of data--for example, to protect public health.

Page 7: Dustin HIPAA

What are the Seven Patient Rights Regarding Privacy of PHI (Protected Health Information)

Individuals have the right to:

1. Receive notice of an agency’s privacy practices.

2. Know that an agency will use its PHI ONLY for treatment, payment, operations (TPO), certain other permitted uses and uses as required by law

3. Consent to and control the use and disclosure of their PHI.

Page 8: Dustin HIPAA

Seven Rights…continued 4. Access their protected health information (PHI),

except for psychotherapy notes (they might be charged for copies)

5. Request amendment or addendum to their PHI (not always granted)

6. Receive accountings of disclosures

7. File privacy complaints to agency officer

Page 9: Dustin HIPAA

HIPAA Restricts Sharing PHI

Personal information cannot be released to individuals or companies interested in marketing ventures, without the patient’s written permission. For example:

Names of patients with diabetes cannot be released to a company marketing nutritional products to lower blood glucose.

Names and addresses of infants or their parents cannot be released to formula manufacturers.

Contact information of previous patients cannot be used to raise money for any hospital campaign.

Page 10: Dustin HIPAA

Who has Access to PHI? The ‘Need-to-Know’ Principle

PHI should be shared with as few individuals as needed to ensure patient care and then only to the extent demanded by the individual’s role.

For example, the nursing assistant ‘needs to know’ only the facts concerning the patient’s current admission.

As a nurse or other professional, you will discuss PHI only as it applies to your practice or your patient’s care.

Page 11: Dustin HIPAA

Protecting your patient’s PHI

Take all reasonable steps to make sure that individuals without the ‘need to know’ do not overhear conversations about PHI.

DO NOT conduct discussion about PHI in public areas to include but not limited to elevators or cafeterias.

Do not let others see your computer screen while you are working. Be sure to log out when done with any computer file.

Page 12: Dustin HIPAA

• identify the patient/client by initials only

• use other demographic data only to the extent necessary

to identify the patient and his/her needs.

• protect the computer screen, PDA, clip board, or notes

from other individuals who don’t have a ‘need to know’

• protect your printer output from others who don’t have a

‘need to know’

• protect your floppy/zip/CD-ROM/PDA from loss

• consider using Webspace to save your documents

When preparing care plans or other ancillary materials:

Protecting your patient’s PHI

Page 13: Dustin HIPAA

Consequences of HIPAA Violations

In addition to federal laws, failure to comply with HIPAA also violates

Nursing’s Code of Ethics

Board of License

Medical Boards

Page 14: Dustin HIPAA

Potential Consequences of HIPAA Violations

Legal consequences

Criminal penalties up to imprisonment

Civil penalties to include fines (up to $50,000 per individual with up to $1.5 million for institutions)

Professional consequences:

Disciplinary action by the Board of Nurses

Disciplinary action by employer

Termination of employment

Public Embarrassments

Page 15: Dustin HIPAA

HIPAA Supplemental Training for Health Care Settings

Your Name Printed

Your Signature

I have completed this HIPAA training program. I understand the basic provisions

of the law and agree to do my part to ensure the patients’ rights of privacy and

confidentiality. Furthermore, I understand the consequences of failing to do so.

Today’s Date:

Page 16: Dustin HIPAA

HIPPA (1996) The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and security rules retrieved on April 28, 2011 from

http://www.hhs.gov/ocr/privacy/