1 / 30

A Look At HIPAA Title II

A Look At HIPAA Title II. A Look At HIPAA Title II. TABLE OF CONTENTS MAIN MENU…………………………………………………………………………………............................…Page 3 PRE-INSTRUCTIONAL STRATEGIES……………………………………………………………………….…..…Page 4-8 OVERVIEW………………………………………………………………………………………………………………….Page 9-11

oma
Télécharger la présentation

A Look At HIPAA Title II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Look At HIPAA Title II

  2. A Look At HIPAA Title II TABLE OF CONTENTS MAIN MENU…………………………………………………………………………………............................…Page 3 PRE-INSTRUCTIONAL STRATEGIES……………………………………………………………………….…..…Page 4-8 OVERVIEW………………………………………………………………………………………………………………….Page 9-11 UNIQUE IDENTIFICATIONS……………………………………………………………………………………..…..Pages 12-13 TRANSACTIONS & CODE SETS……………………………………………………………………………………..Pages 14-15 SECURITY RULE.………………………………………………………………………………………………………….Pages 16-17 PRIVACY RULE…………………………………………………………………………………………………………….Pages 18-21 ENFORCEMENT…………………………………………………………………………………………………………..Pages 22-23 SUMMARY………………………………………………………………………………………………………………….Pages 24-26 EVALUATIONS…………………………………………………………………………….………………………………Page 27 CREDITS……………………………………………………………………………………………………………………..Page 28 ELECTRONIC RESOURCES……………………………………………………………………………………………Page 29 SITE MAP……………………………………………………………………………………………………………………Page 30

  3. A Look At HIPAA Title II MAIN MENU Pre-Instructional Strategies Overview Unique Identifications Transactions & Code Sets Security Rule Privacy Rule Enforcement Summary Evaluations Credits Site Map and Exit © 2008 Althea Cameron-Mason, all rights reserved. Contact webmaster at acameron@mail.usf.edu Last modified April 2, 2008

  4. A Look At HIPAA Title II PRE-INSTRUCTIONAL STRATEGIES • Pretest • What is confidential information? • Give four Examples of confidential information • Explain what electronic transfer of information is. • List some types of electronic information transfers. • What does the abbreviation EIN stands for, and list the different ways in which it is used. • Given scenarios, Participants will be able to, name the Rule that is violated 8 out of ten times.

  5. Definition: HIPAA deals with electronic insurance information HIPAA does not deal with licensing of laboratory facilities and personnel. HIPPA Title II Examples of HIPAA Title II: Privacy, Security, Transaction and Code Sets, and the Enforcement rule. Non-Examples: Each lab must have a medical director, a CLIA number for each facility, licensed med techs, and waived tests can be performed by unlicensed workers. A Look At HIPAA Title II PRE-INSTRUCTIONAL STRATEGIES Graphic Organizer Frayer Model- Definition of the Concept HIPAA Title II

  6. A Look At HIPAA Title II PRE-INSTRUCTIONAL STRATEGIES Comparing HIPAA and CLIA HIPAA CLIA • Law • Enforced By HHS • Affects medical labs PHI Licensing & Testing Venn Diagram- Comparison Of HIPAA with CLIA

  7. A Look At HIPAA Title II PRE-INSTRUCTIONAL STRATEGIES Vocabulary

  8. A Look At HIPAA Title II PRE-INSTRUCTIONAL STRATEGIES Goals Objectives • Given case studies examinees will be able to pass a twenty-item multiple-choice test on concepts of HIPAA Title II, by scoring 80 percent on the exam. • Given appropriate scenarios, participants will be able to apply the course contents to real life situations in the workplace. • At the completion of the course, laboratory personnel will be able to name some HIPAA violations, with 80 percent accuracy. • Given a graphic organizer, trainees will be able to match the correct responses, and get at least 8 out of 10 correct. • Given a Cloze Test, students will be able to supply the missing words that describes HIPAA Title II, at the or above 80% mastery.

  9. A Look At HIPAA Title II OVERVIEW Introduction To HIPAA The acronym HIPAA stands for Health Insurance and Portability Accountability Act. It was proposed in 1996, to be phased in over a period of three to five years. The main focus of HiPAA is to streamline medical information as it is electronically transmited for numerous purposes such as billing, and determination of illegibility of benefits to name a few reasons. In order to reap maximum benefits from this tutorial, participants need a working knowledge of a laboratory setting, and must be a phlebotomist with two or more years of experience at minimum. Technical knowledge of laboratory procedures and practices along with a 12 grade reading level is critical for success in this course.

  10. A Look At HIPAA Title II OVERVIEW Overview Of HIPAA Title II HIPAA Title II, specifically addresses the uniform and efficient distribution of electronic data in the healthcare sector, while maintaining confidentiality of patients’ data. The Department of Health and Human Services is commissioned by Congress to implement and monitor HIPAA Title II among other sections of the Rule. The Center for Medicaid and Medicare Services (CMS) is the branch of HHS that is instrumental in implementation of The Title II enactment. Armed with this bit of knowledge just provided, you are now ready to take a further look at what HIPAA Title II involves. Let us look at some of the benefits of the course.

  11. A Look At HIPAA Title II OVERVIEW Benefits Of The Course Taking this course will be beneficial to participants and stakeholders of laboratories in several ways: It will aid in becoming compliant with Title II guidelines, improve administration of the lab, save resources (time, money, FTA, etc.), improve customer satisfaction, help to pass Joint Accreditations Commission of health Care Organizations (JAHCO) inspections, and increase the overall proficiency of laboratorians in general. In addition to the above benefits, successful completion of the course will help to clear up many misconceptions of HIPAA Title II. Only the basic tenets of HIPAA will be discussed. No claim is made nor implied as to comprehensiveness coverage of the rules, as such a complex document evades the scope of this course. Attempt to undertake such a venture is not feasible. Please see resources at the end of the tutorial for suggested site for more information on the topic. A breakdown of the 5 Title II rules will aid in understanding the concept, so we will begin with the first one, Unique identifications for all entities.

  12. A Look At HIPAA Title II UNIQUE IDENTIFICATIONS Patients HIPAA requires the use of unique identifiers by entities within the health care delivery business. The adoption of Title II Rules has been in effect for quite some time, as the grace periods has now expired. Unique identifications must be used by practically all entities that process patients’ medical data. One may ask what does it mean to have unique patient identifications? It means having a method whereby records can be linked to one individual only. A good example is by use of a social security number. HIPAA officials initially proposed a universal type of identifications, but public entities have since refuted such request. A variety of patient identifications ranging from social security numbers, medical record number, and other combinations are acceptable for processing PHI transactions. Facilities have implemented software and other technological devices to help generate unique IDs for patients’ records. Next, let us see what is available for medical service providers, which will be discussed in the next slide.

  13. A Look At HIPAA Title II UNIQUE IDENTIFICATIONS Service Providers Requirements similar to that for patient unique identifier exit for service providers, depending on the type of trans actions, and the third party they are working with. HIPAA does not discriminate against the type used, but most providers use one of the following IDs: Employee identification numbers, Medicare/Medicaid number, or Clinical Laboratory Improvement Act (CLIA) number. These options work for third party vendors, and will be discussed below. Note that the difference between these two former mentioned entities Medicare and Medicaid are very fluid. Third Parties Most third party vendors are data clearinghouses, but a few may come under the umbrella of service providers. Good examples are subcontractors such as radiology, reference laboratories, and other specialists. They use the MRN#, CLIA#, and similar numbers primarily as medical identifiers mentioned above. We will now turn our attention to the second rule.

  14. A Look At HIPAA Title II TRANSACTIONS & CODE SETS Types of Transactions Codes The final HIPAA mandate requires all entities filing medical claims on patients’ behalf to use specific Transaction Codes Sets. After much debating and input from the public, it was finally decided by HIPAA that the employer identification number (EIN) is to be used as the national drug code (NDC). The national drug code is to be used by pharmacies and other retail dispensaries for processing claims.Other entities such as hospitals and doctors’ offices can use one or more of the following codes. The transaction code sets authorized for use by non-retail businesses varies from ICD-9, CPT-4, HCPCS, etc. Please note these are only a few of the more popular ones in use. For a more current update on the codes and other information please visit http://www.cms.hhs.gov/hipaa/hipaa2. As mentioned in the introduction of this tutorial, two of the purposes of HIPAA Title II are to promote efficiency and provide uniform transmission of electronic PHI. To this end we will momentarily look at exchange of how data are to be exchanged.

  15. A Look At HIPAA Title II TRANSACTIONS & CODE SETS Protecting Electronic Transfers As patient data is moved along the electronics highway, ensuring that this information is protected and remains private is not just of paramount concern to users, but the law. Apart from using codes for transmitting this data, most entities use one or more forms of technology to aid in safe and confidential relay of protected data. Some of these transfers involve very sensitive information such as wiring of money, sending test results, passwords, and military information. Here are measures that can be taken by your facilities to promote safe electronic transfers: Code and encrypt data, turn on firewalls on PCs, use VPN, Access internet using routers, and install and use anti-fishing software. Most importantly, do not discard confidential information carelessly (shred unwanted documents). As we continue discussion of The Title II Rules, we will be taken to the third one, The Security Rule. I choose to discuss this before The Privacy Rule, since records must be secured before they can be private.

  16. A Look At HIPAA Title II THE SECURITY RULE Securing Patient Health Information Some of the security measures required by HIPAA title II were touched upon in the previous slide, buy a closer look will be taken now. Can you think of instances in which you would want your information to be secured from unauthorized use and revelation? Some of your answers will include the following data: Bank accounts, medical info, grades, and addresses. As consumers of medical services we too can personally relate to the concept of security. Title II makes it unlawful for insurance companies, medical facilities, and clearinghouses to handle your records in a reckless fashion. A current practice in place in the lab, before HIPAA was enacted, is requiring persons other than the patients and their physician to produce written authorization from the patient prior to medical information is disclosed. Another pre-HIPAA safeguard practiced in the lab is requirement for positive identification from entities that ask for patients’ medical information. Title II is a more comprehensive guideline, as it covers not just lab data, but others such as billing, demographics, and other histories. These require further elaboration, which will be done in the next slide.

  17. A Look At HIPAA Title II THE SECURITY RULE The Security Of Data In the previous slide we looked at some critical data that should be secured. Now we will pay closer attention to HIPAA’s take on the subject of security. The law requires entities to be compliant with all HIPAA mandates. What does this mean? Well, a common saying goes like this, “it is one’s responsibility to know the law, since not knowing it, does not exempt one from the penalties.” This is a good reason for performing gap analysis in order to find breaches of The Rules. Gap analysis according to CMS, “ is a technical systems development tool used to ensure HIPAA compliance.” (2003) Any compromise in a lab’s system or protocol need to be addresses immediately so as not to experience the wrath of HIPAA. You have taken the first step in becoming Title II compliant, by taking this course, from which you will get some vital pointers. Do not settle for just this initial step, however, visit HIPAA’s website in order to keep abreast of new information. So far we have gone over three of the five rules: Unambiguous patient record IDs, coded transactions, and securing medical data. The fourth rules to be presented is The Privacy Rule.

  18. A Look At HIPAA Title II THE PRIVACYRULE Protected Health Information The Privacy Rule as the name states deals with keeping protected information private. Before we progress, let me define protected health information. According to HHS, “Protected Health Information (PHI) is any information about health status, provisions of health care, or payment of healthcare that can be linked to an individual. This is interpreted as any part or all of a patient’s medical record or payment history” (HHS, 2002). With proper documentation, facilities should release requested PHIs to parties within thirty days of receiving such requests. In some cases though, PHIs can be released without patients’consent. Examples are in cases of getting DNA in a rape case and court subpoena. Take a look at this site http://www.hhs.gov/ocr/hipaa or contact HIPAA at 1-866-627-7748 for more information on The Privacy Standard.The Privacy Ruleprobably carries the most weight compared with all other rules. For this reason a little more time will be devoted to it. The next slides will focus on some scenarios in which HIPAA Title II would have been violated if the situations were real. The correct responses will be give. I strongly suggest making some scenarios of your own later, and practice among coworkers.

  19. A Look At HIPAA Title II THE PRIVACY RULE Sharing of Patient Information Scenario 1: Janenoticed her neighbor Joyce, lost all the hair from her head within the past months. She learned from another neighbor that the hair loss was due to a dye that was used; but Jane thinks it was due to chemotherapy, because she have seen her at least once per week at the hospital Jane works for. It so happened that the following week after their conversation, Joyce went to Jane’s lab to have some blood tests done. Jane works as a phlebotomist at the lab, so she convinced the technologist that was examining Joyce’s slide, to let her take a look at the slide. When the lab tech stepped away, Jane looked up Joyce’s information in the computer, and discovered that the neighbor was indeed diagnosed with chronic lymphocytic leukemia. HIPAA Violation: Jane is guilty of unauthorized access of a patient’s protected health information, and is subject to disciplinary actions. The Privacy and Security Rules were not adhered to.

  20. A Look At HIPAA Title II THE PRIVACY RULE Releasing PHI Scenario 2: Dr Brown just reviewed Mrs. Robert’s labs and decided that her patient must undergo a very expensive surgery. She is breaking this news to Mrs. Roberts, but hidden from your view in the far corner of the room, two housekeepers were busily working, and over-heard the conversation. Not only this, Dr Brown pulled up the patient’s billing account to show the patient, and has since left it on the computer screen where it can be viewed by anyone from the hallway. HIPAA Violation: The two breaches here are one, discussing the patient’s information within hearing range of other individuals that have no need to know this information. Second, displaying of billing information on the computer where unauthorized persons can view it, is a violation of electronic transfer of PHI. The following rules were broken: The Privacy and The Security Rules were breached.

  21. A Look At HIPAA Title II THE PRIVACY RULE Electronic Data Scenario 3: Dennis an employee from a data processing company used by Maximum Insurance Company called the laboratory to verify some procedures that the facility billed the insurance for on behalf of a patient. When the medical technologist answered the phone, he did not verify who was on the line. Rather, after hearing Dennis introduced himself as a bill processor, the Med Tech pulled up the patient in question lab reports and emailed copies of every procedure done within the last three months to Dennis. This included records for which claims were not processed by Dennis’s company. HIPAA Violations: The first offence committed, is not positively identifying who was on the phone requesting protected information. The technologist assumed the individual on the phone had the right to the records. Second, the lab tech sent three months of the patient’s records, and did not bother to provide only the records for which Dennis was billing. The Transactions and Code sets, the Privacy, Security, and the Unique identifiers rules were violated. We will now look at how sanctions are enforced against violators of HIPAA Title II.

  22. A Look At HIPAA Title II ENFORCEMENT OF RULES Breaking The Rules Violation of HIPAA Title II can cost companies a lot of money. Apart from being the right thing to do, promotion of efficient and confidential handling of protected health information prevents negative impact on entities’ financial security. As medical laboratory employees, this bit of news is not foreign, as those of you familiar with CLIA regulations, already know too well the implications of breaking rules, and the harsh fines that could be levied consequently. HHS is the same governing body that enforces CLIA, so you can draw parallels between the two (HIPAA and CLIA). On the next page, there is a list that highlights HHS’s plans on dealing with some deviations from the standards. The list is not extensive, therefore I recommend visiting the site listed in the electronic resources at the end of the course content, for more succinct information.

  23. A Look At HIPAA Title II ENFORCEMENT OF RULES Consequences According to CMS, there is punishment for breaking the rules. Below is an excerpt from a HIPAA site, which outlines some of the sanctions that can be levied against entities that do not adhere to the standards. The law does provide for fines for non-compliance. The Secretary of HHS may impose a civil monetary penalty on any person or covered entity who violates any HIPAA requirement. The civil monetary penalty for violating transaction standards is up to $100 per person per violation and up to $25,000 per person per violation of a single standard per calendar year. Keep in mind, CMS sees its primary role as a promoter of compliance and would only impose a monetary fine as a last resort. As discussed earlier, organizations that exercise “reasonable diligence” and make efforts to correct problems are unlikely to be subject to civil penalties. However, if the covered entity does not respond to CMS, fines could be imposed as a last resort.(CMS, 2003). As the tutorial nears an end, a summary of HIPAA Title II is in order. The next two slides will condense the key points of the concepts discussed so far.

  24. A Look At HIPAA Title II SUMMARY Debrief Of HIPAA Title II As the tutorial approaches its end, consideration is appropriate for to the five main themes that make up HIPAA Title II. The goal is that you have learned the key elements tabulated below, after which a general revision will be given.

  25. A Look At HIPAA Title II SUMMARY Division of the Pie HIPAA Title II is sometimes seen by most individuals as the hippopotamus of healthcare organizations. This fear does not have to be so, as there are good information to be found on the web and courses such as the one you have just taken. Remember, the main goal of Title II is to streamline the process of how business is conducted among entities. By standardizing the way business is conducted, efficiency, productivity, customer satisfaction, confidentiality, and resources are maximized. The five standard, Privacy, Security, Unique identifications, Enforcing, and Transaction Codes rules provide a guideline from which the goals mentioned above can be attained. It is your responsibility to know them and comply. With this said, the last slide will address ways in which a laboratory can stay within the confines of the law by listing some dos and don’ts. It is easier than it is usually conceived to stay within the law.

  26. A Look At HIPAA Title II SUMMARY • Dos And Don’ts Of HIPAA • DON’TS: • Do not leave patient information in locations where it may be accessed by unauthorized persons. • Do not assume all requests for PHI are legitimate ones. • DO: • Ask for identification before you release protected health information to another party. • Verify that entities requesting PHI have a need to know the information. • Knowwhich entities are exempt by law from getting patients’ permission prior to release of PHI (i.e. the court). • Protect your computers and other electronic devices used for transmission of protected health data.

  27. A Look At HIPAA Title II EVALUATIONS Comprehensive Exam Directions Click on the links below to access the exam and quiz. There are ten items on the test and four response options. You are to select the option that is the most correct. You are encouraged to guess if you are unsure of an answer, since you will not be penalized for guessing. You may repeat the exam as many times as you wish, as you need to score at least 80% to pass. Successful candidates will be notified within two weeks of taking the test of their grades. If the link below does not launch from this application, copy it and past it to your browser. Test: http://uk1.hotpotatoes.net/ex/24965/SGPFETNL.php Quiz:http://uk1.hotpotatoes.net/ex/24965/CCYIPUAX.php

  28. A Look At HIPAA Title II CREDITS Works Cited The Center for Medicaid and Medicare Services (2003). Retrieve on 3/26/08 from http://www.cms.hhs.gov/hipaa/hipaa2. Federal Register/ Vol. 67, No. 157 Rules and Regulations: Standards forPrivacy of Individually Identifiable Health Information. Microsoft Clip Arts. Retrieved 3/26/08 from http://www.Microsoft.com. Morrison, G., Ross, S., and Kemp, J. (2007). Designing Effective Instruction. Hoboken, New Jersey: John Wiley & sons. United States Department of Health & Human Services. HIPAA. Retrieved on 3/26/08 from http://www.hhs.gov/news/press/2002pres/hipaa.html.

  29. A Look At HIPAA Title II RESOURCES • Electronic Sources • United States Department of Health & Human Services. HIPAA. http://www.hhs.gov/news/press/2002pres/hipaa.html. • The Center for Medicaid and Medicare Services (CMS) http://www.cms.hhs.gov/hipaa/hipaa2 • http://www.cms.hhs.gov/SecurityStandard/

More Related