1 / 15

HIPAA

HIPAA. Health Insurance Portability and Accountability Act. HIPAA: The Law. Health Insurance Portability and Accountability Act Signed into federal law in 1996 Established standards for the use and disclosure of PHI US Department of Health and Human Services

neila
Télécharger la présentation

HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HIPAA Health Insurance Portability and Accountability Act

  2. HIPAA: The Law • Health Insurance Portability and Accountability Act • Signed into federal law in 1996 • Established standards for the use and disclosure of PHI • US Department of Health and Human Services • Responsible for creating regulations • http://www.hhs.gov/ • Office of Civil Rights responsible for enforcement • http://www.hhs.gov/ocr/hipaa/

  3. HIPAA: Three Parts • Standards for electronic exchange of health information • Rules governing transfer of health information between organizations • Privacy of health information • Rules to protect the privacy of health information • Security of health information • Rules to protect against threats, hazards, or unauthorized access to health information

  4. Privacy Vs. Security • Privacy – an individual’s rights to control access and disclosure of their protected or individually identifiable health care information (IIHI) • Establish authorization requirements • Establish administration requirements • Establish individual rights • Establish regulations for use or disclosure of Protected Health Information (PHI) • Security – an organization’s responsibility to control the means by which such information remains confidential • Administrative Procedures • Physical Safeguards • Technical Security Services • Technical Security Mechanisms

  5. Relationship between Privacy and Security • There is a direct relationship between privacy and security • Privacy is the ‘what’ and often the ‘why’ … Security is the ‘how’ • Security is the structure established to protect IIHI • Security is awareness and education addresses ‘what’ is being protected

  6. Definitions • Protected Health Information (PHI) • Individually Identifiable Health Information (IIHI) • Electronic, paper, oral • Created or received by a health care provider, public health authority, employer, school or university • Applies to health information of living and deceased

  7. Individually Identifiable Health Information (IIHI) • Any information that is: • Created or received by a health care provider, health plan, employer, or health care clearinghouse; and • Relates to the physical or mental health or condition of an individual, the provision of health care to an individual, or the payment for the provision of health care to an individual, and • Identifies or may be used to identify an individual.

  8. Name Street address, city, county, zip code Employer Relatives’ names Date of birth Health plan beneficiary number Vehicle id’s and serial numbers Telephone/fax numbers Email, URL’s, and IP addresses/numbers Social Security numbers Medical record number Voice/fingerprints Photos Any other unique identifying number, characteristic, or code IIHI - Data elements that make health information individually identifiable include:

  9. PHI Safeguards • PHI displayed on electronic devices, such ascomputer screens, must not be readily visibleto unauthorized individuals. • Unattended devices with access to PHI mustbe in a state where PHI is not accessible orvisible to unauthorized individuals. • This could be accomplished by:•Physical access restrictions (i.e. a locked room)•Screen lock•Password protected screen saver

  10. Definitions • Minimum necessary • Sharing only the minimum amount necessary to accomplish the specific purpose of the use or disclosure. • Exceptions • Release of information to other health care providers involved in the patient’s treatment • De-identified information - health information that does not contain any elements that have the potential to identify the Individual. De-identified information is not Protected Health Information.

  11. Definitions • Covered Entity • Health care provider who transmits any health information in electronic form in connections with HIPAA regulations (e.g., SCDHHS) • Business Associate • A person or entity who provides certain functions, activities, or services for or to a covered entity (e.g., Enterprise Applications)

  12. HIPAA Penalties • Civil Penalties • Up to $100 per violation • Up to $25,000 per person, per year, per standard • Criminal Penalties • Improperly obtaining or disclosing health information • Up to $50,000 fine and/or 1 year imprisonment • If under false pretenses, $100,000 and/or 5 years • If intent to sell, transfer, or use for commercial advantage, personal gain, or malicious harm: $250,000 and/or 10 years

  13. HIPAA TRAINING • SCDHHS training • G:\ISD\HIPAA\SC HIPAA Split Files\scdhhstrainingtts.htm • Download Authorware if needed • Separate signature page

  14. HIPAA TRAINING • You Are Almost Finished! • Go to link below, print the form and using an ink pen, complete the Date, Employee Name, Signature and User ID Fields. • HIPAA Training Certification Signature Form

  15. MORE INFORMATION • http://www.hipaa.org/ • http://www.cms.hhs.gov/hipaa/ • http://aspe.hhs.gov/admnsimp/ • http://www.hipaa.state.sc.us/ • http://www.hhs.gov/ocr/hipaa/ • http://www.hipaadvisory.com/

More Related