1 / 42

December 2010 rb

Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU). December 2010 rb. Disclaimer.

gage-newman
Télécharger la présentation

December 2010 rb

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Health Insurance Portability and Accountability Act (HIPAA)Presented by: APS HealthcareSouthwestern PA Health Care Quality Unit(HCQU) December 2010 rb

  2. Disclaimer Information or education provided by the HCQU is not intended to replace medical advice from the individual’s personal care physician, existing facility policy or federal, state and local regulations/codes within the agency jurisdiction. The information provided is not all inclusive of the topic presented. Certificates for training hours will only be awarded to those who attend a training in its entirety. Attendees are responsible for submitting paperwork to their respective agencies.

  3. Note of Clarification While mental retardation (ID/DD) is still recognized as a clinical diagnosis, in an effort to support the work of self-advocates, the APS SW PA HCQU will be using the terms intellectual and/or developmental disability (ID/DD) to replace mental retardation (ID/DD) when feasible.

  4. Objectives • The Participant will be able to: • Define Protected Health Information (PHI) • Describe safeguards to protect PHI • List individual rights afforded by HIPAA • Describe how the Privacy Rule affects an individual with intellectual and developmental disabilities ID/DD

  5. What Is HIPAA? • Health Insurance Portability and Accountability Act of 1996 • Four Primary Purposes of this Act • Guarantee health insurance access, portability, and renewal • Reduce healthcare fraud and abuse • Enforce standards for health information • Guarantee security and privacy of health information • Privacy Rule • Controls the use and disclosure of protected health information (PHI)

  6. HIPAA History • August, 1996 – Final HIPAA bill passed by Congress • December, 2000 – Privacy Rule was published • August, 2002 – Final version with modifications published • April 14, 2003 – Deadline for Compliance

  7. Why is HIPAA Needed? • No uniform laws existed regarding • the privacy of health information • individual rights with regards to their health information • Rapid evolution of health information systems • Made health care information available to unauthorized persons

  8. Why is HIPAA Needed? • Maximize the effectiveness of protections while not compromising availability or quality of medical care • Can promote higher quality care by assuring health information will be protected from inappropriate uses and disclosures

  9. Who Must Comply? • Health Plans • Health Care Clearinghouses • Health Care Providers

  10. Who Must Comply? • Business Associates • Contractors or Vendors who perform service for a covered entity • Attorneys • Accountants • Accreding bodies • Billing Companies • Answering Services • Collection Agencies • Laboratories

  11. What is PHI? • Protected Health Information • Information that the provider receives or creates that relates to the past, present, or future physical or mental health of an individual, and identifies or is likely to identify the individual

  12. PHI Includes • Paper Records • Electronic Records • Oral Communication

  13. Necessary Safeguards • Administrative Safeguards • Technical Safeguards • Physical Safeguards

  14. Disclosure of PHI PHI may be used or disclosed without individual authorization for Treatment Payment Operational Purposes

  15. Disclosure of PHI • Public health activities • Child abuse reporting • Response to court order or legal process • Coroner pursuant to official duties

  16. Valid Authorizations • Consents to use or disclose PHI that must include: • A description of the PHI to be disclosed • Name of releasing entity • Name of entity where PHI is to be sent • Description of the purpose for the release

  17. Valid Authorizations Expiration date for the authorization Individual must sign and date Individual has the right to revoke authorization Statement regarding redisclosure State that signing authorization will not be a condition of treatment

  18. Personal Representatives • A person authorized by law to act on behalf of a individual to make healthcare decisions. • Health Care Power of Attorney • Legal Guardian

  19. Individual Rights • To receive a copy of the Privacy Notice • To make a complaint about privacy violations • To request restrictions on use of PHI • To make reasonable requests concerning how their PHI is communicated to them • To have access to their PHI • To request amendments to their PHI • To have an accounting of disclosures of their PHI

  20. Privacy Notices • Individuals • have the right toreceive written notice of a covered entity’s privacy notice • should acknowledge that they have received the notice

  21. Complaint Process • Individuals • Have the right to make complaints regarding privacy violations without fear of intimidation or retaliation • May file a complaint directly with the entity or with the Secretary of Health and Human Services

  22. Request Restrictions • An individual has the right to request restrictions on the use of PHI

  23. Confidential Communications • Individuals • Have the right to make reasonable requests concerning how PHI is communicated to them • Providers • Must permit individuals to place the request • Must accommodate reasonable requests • May not ask individual to explain reason for request • May ask that request be put in writing • May require payment information and method of contact

  24. Access to PHI • Individuals have a right to have access to their PHI • If written request is required, it must be stated in the Privacy Notice • Requests must be acted on within 30 days of receipt of request • Extra 30 days granted if individual is informed

  25. Denial of Access • An individual may be denied access to PHI • Denial without review rights may be given if specific circumstances exist • Individual participating in a research study • Information was obtained from someone other than a provider

  26. Denial of Access • Denial of access with review rights required may occur • Access is likely to be harmful to the individual • Often tied to instances where PHI refers to abuse • If individual requests a review of a denial • Provider must designate a reviewing official who is a licensed health care provider • This person must not have participated in decision to deny access

  27. Amendment Requests • Individuals have the right to request amendments to their PHI • Individual must be informed if the provider accepts or denies the amendment

  28. Accounting of Disclosures • Individuals have a right to an accounting of disclosures made of their PHI • Providers do not have to account for disclosures made for treatment, payment, or operations to individuals for their own PHI, or for any disclosures made with a valid authorization

  29. Penalties • Civil penalties are imposed whenever there is a violation of the Privacy Rule without intent • Civil penalties are imposed whenever there is a violation of the Privacy Rule without intent.

  30. HIPAA Compliance • Records must be retained for a period of 6 years • Due diligence records • On-going documentation

  31. What Can You Do? • Look at your space and secure it • Look at your habits and make necessary changes

  32. What Can You Do? • Disclose PHI only when authorized • Help each other to maintain individual privacy • Make certain you are familiar with The Privacy Rule

  33. HIPAA and People with ID/DD • It gives them new rights regarding the use and disclosure of PHI. • It decreases their vulnerability for misuse of their PHI. • It adds to the concept of self-determination. • It gives them added privacy protection.

  34. HIPAA Outcomes • Compliance • 78% Providers compliant/18% non-compliant • 90% Payers compliant/6% non-compliant • Privacy Breaches • 60% Providers • 66% Payers • Complaints • 10,785 (thru Jan. 31, 2005) • 62% resolved

  35. HIPAA Outcomes • Caused a short term increase in costs to the covered entities • Improved consumer privacy • More informed employees and individuals

  36. HIPAA DISCUSSION QUESTIONSWhat Should You Do?

  37. Conclusion • HIPAA is on-going process • Education / Reeducation • Monitoring • Identification of problems • Changes

  38. References • Health Information Privacy. Retrieved September 27, 2010 from http://www.hhs.gov/ocr/privacy/index.html • Annual Report to Congress on the Implementation of the Administrative Simplification Provisions of the Health Insurance Portability and Accountability Act. Retrieved September 27, 2010 from http:www.ncyhs.hhs.gov/100511hipaarpt.pdf

  39. To register for future trainings,orfor more information on this or any other physical or behavioral health topic, please visit our website at www.hcqu.apshealthcare.com

  40. EvaluationPlease take a few moments to complete the evaluation form found in the back of your packets.Thank You!

  41. Test ReviewThere will be a test review after all tests have beencompleted and turned in to the Instructor.

More Related