420 likes | 565 Vues
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU). December 2010 rb. Disclaimer.
E N D
Health Insurance Portability and Accountability Act (HIPAA)Presented by: APS HealthcareSouthwestern PA Health Care Quality Unit(HCQU) December 2010 rb
Disclaimer Information or education provided by the HCQU is not intended to replace medical advice from the individual’s personal care physician, existing facility policy or federal, state and local regulations/codes within the agency jurisdiction. The information provided is not all inclusive of the topic presented. Certificates for training hours will only be awarded to those who attend a training in its entirety. Attendees are responsible for submitting paperwork to their respective agencies.
Note of Clarification While mental retardation (ID/DD) is still recognized as a clinical diagnosis, in an effort to support the work of self-advocates, the APS SW PA HCQU will be using the terms intellectual and/or developmental disability (ID/DD) to replace mental retardation (ID/DD) when feasible.
Objectives • The Participant will be able to: • Define Protected Health Information (PHI) • Describe safeguards to protect PHI • List individual rights afforded by HIPAA • Describe how the Privacy Rule affects an individual with intellectual and developmental disabilities ID/DD
What Is HIPAA? • Health Insurance Portability and Accountability Act of 1996 • Four Primary Purposes of this Act • Guarantee health insurance access, portability, and renewal • Reduce healthcare fraud and abuse • Enforce standards for health information • Guarantee security and privacy of health information • Privacy Rule • Controls the use and disclosure of protected health information (PHI)
HIPAA History • August, 1996 – Final HIPAA bill passed by Congress • December, 2000 – Privacy Rule was published • August, 2002 – Final version with modifications published • April 14, 2003 – Deadline for Compliance
Why is HIPAA Needed? • No uniform laws existed regarding • the privacy of health information • individual rights with regards to their health information • Rapid evolution of health information systems • Made health care information available to unauthorized persons
Why is HIPAA Needed? • Maximize the effectiveness of protections while not compromising availability or quality of medical care • Can promote higher quality care by assuring health information will be protected from inappropriate uses and disclosures
Who Must Comply? • Health Plans • Health Care Clearinghouses • Health Care Providers
Who Must Comply? • Business Associates • Contractors or Vendors who perform service for a covered entity • Attorneys • Accountants • Accreding bodies • Billing Companies • Answering Services • Collection Agencies • Laboratories
What is PHI? • Protected Health Information • Information that the provider receives or creates that relates to the past, present, or future physical or mental health of an individual, and identifies or is likely to identify the individual
PHI Includes • Paper Records • Electronic Records • Oral Communication
Necessary Safeguards • Administrative Safeguards • Technical Safeguards • Physical Safeguards
Disclosure of PHI PHI may be used or disclosed without individual authorization for Treatment Payment Operational Purposes
Disclosure of PHI • Public health activities • Child abuse reporting • Response to court order or legal process • Coroner pursuant to official duties
Valid Authorizations • Consents to use or disclose PHI that must include: • A description of the PHI to be disclosed • Name of releasing entity • Name of entity where PHI is to be sent • Description of the purpose for the release
Valid Authorizations Expiration date for the authorization Individual must sign and date Individual has the right to revoke authorization Statement regarding redisclosure State that signing authorization will not be a condition of treatment
Personal Representatives • A person authorized by law to act on behalf of a individual to make healthcare decisions. • Health Care Power of Attorney • Legal Guardian
Individual Rights • To receive a copy of the Privacy Notice • To make a complaint about privacy violations • To request restrictions on use of PHI • To make reasonable requests concerning how their PHI is communicated to them • To have access to their PHI • To request amendments to their PHI • To have an accounting of disclosures of their PHI
Privacy Notices • Individuals • have the right toreceive written notice of a covered entity’s privacy notice • should acknowledge that they have received the notice
Complaint Process • Individuals • Have the right to make complaints regarding privacy violations without fear of intimidation or retaliation • May file a complaint directly with the entity or with the Secretary of Health and Human Services
Request Restrictions • An individual has the right to request restrictions on the use of PHI
Confidential Communications • Individuals • Have the right to make reasonable requests concerning how PHI is communicated to them • Providers • Must permit individuals to place the request • Must accommodate reasonable requests • May not ask individual to explain reason for request • May ask that request be put in writing • May require payment information and method of contact
Access to PHI • Individuals have a right to have access to their PHI • If written request is required, it must be stated in the Privacy Notice • Requests must be acted on within 30 days of receipt of request • Extra 30 days granted if individual is informed
Denial of Access • An individual may be denied access to PHI • Denial without review rights may be given if specific circumstances exist • Individual participating in a research study • Information was obtained from someone other than a provider
Denial of Access • Denial of access with review rights required may occur • Access is likely to be harmful to the individual • Often tied to instances where PHI refers to abuse • If individual requests a review of a denial • Provider must designate a reviewing official who is a licensed health care provider • This person must not have participated in decision to deny access
Amendment Requests • Individuals have the right to request amendments to their PHI • Individual must be informed if the provider accepts or denies the amendment
Accounting of Disclosures • Individuals have a right to an accounting of disclosures made of their PHI • Providers do not have to account for disclosures made for treatment, payment, or operations to individuals for their own PHI, or for any disclosures made with a valid authorization
Penalties • Civil penalties are imposed whenever there is a violation of the Privacy Rule without intent • Civil penalties are imposed whenever there is a violation of the Privacy Rule without intent.
HIPAA Compliance • Records must be retained for a period of 6 years • Due diligence records • On-going documentation
What Can You Do? • Look at your space and secure it • Look at your habits and make necessary changes
What Can You Do? • Disclose PHI only when authorized • Help each other to maintain individual privacy • Make certain you are familiar with The Privacy Rule
HIPAA and People with ID/DD • It gives them new rights regarding the use and disclosure of PHI. • It decreases their vulnerability for misuse of their PHI. • It adds to the concept of self-determination. • It gives them added privacy protection.
HIPAA Outcomes • Compliance • 78% Providers compliant/18% non-compliant • 90% Payers compliant/6% non-compliant • Privacy Breaches • 60% Providers • 66% Payers • Complaints • 10,785 (thru Jan. 31, 2005) • 62% resolved
HIPAA Outcomes • Caused a short term increase in costs to the covered entities • Improved consumer privacy • More informed employees and individuals
Conclusion • HIPAA is on-going process • Education / Reeducation • Monitoring • Identification of problems • Changes
References • Health Information Privacy. Retrieved September 27, 2010 from http://www.hhs.gov/ocr/privacy/index.html • Annual Report to Congress on the Implementation of the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act. Retrieved September 27, 2010 from http:www.ncyhs.hhs.gov/100511hipaarpt.pdf
To register for future trainings,orfor more information on this or any other physical or behavioral health topic, please visit our website at www.hcqu.apshealthcare.com
EvaluationPlease take a few moments to complete the evaluation form found in the back of your packets.Thank You!
Test ReviewThere will be a test review after all tests have beencompleted and turned in to the Instructor.