1 / 15

Virginia Department for the Aging HIPAA Overview

Virginia Department for the Aging HIPAA Overview. April 24, 2002. Agenda. What is HIPAA? The Four Components of Administrative Simplification Who does HIPAA Apply to? Privacy Standards Additional Information. What is HIPAA ?.

terry
Télécharger la présentation

Virginia Department for the Aging HIPAA Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virginia Department for the Aging HIPAA Overview April 24, 2002

  2. Agenda • What is HIPAA? • The Four Components of Administrative Simplification • Who does HIPAA Apply to? • Privacy Standards • Additional Information

  3. What is HIPAA ? Health Insurance Portability & Accountability Act of 1996 (HIPAA) • Public law 104-191 • Portability: Transfer of healthcare when employees change jobs • COBRA - Completed • Accountability: Fraud/Abuse & Administrative Simplification

  4. The Four Components of Administrative Simplification • Electronic Health Transactions • Examples:Claims, Recipient Eligibility, Coordination of Benefits (COB’s), Claims Status • Unique Health Identifiers and Standard Medical Code Sets • Examples of Health Identifiers: National Provider ID, National Employer ID, Health Plan ID, National Individual ID • Example of Medical Code Sets: National Drug Codes (NDC)

  5. Administrative Simplification (con’t) • Security Standards & Electronic Signatures • Security and privacy standards for administrative procedures • Technical security services against unauthorized access to data • Physical safeguards

  6. Administrative Simplification (cont.) • Privacy • Signed by the Secretary of DHHS under Clinton Administration • Posted to the Federal Register on 12/28/00 • Comply as of 04/13/2003 • Focus on Policy and Procedures protecting Individuals’ rights, and audit trails of disclosures of personally identifiable health information (regardless of whether in electronic form). • Privacy Officer for Each Organization

  7. If You Remember Only One Thing About HIPAA? • Focus on Policy and Procedures protecting Individuals’ rights, and audit trails of disclosures of personally identifiable health information (regardless of whether in electronic form).

  8. Who does HIPAA Apply to? Examples of “Covered Entities” are: • Health Care Providers • Doctors, Dentists, Hospitals • Payers/Plans • HCFA (Medicare/Medicaid) • Collection Agencies • HMO’s, Group Health Plans • Prescription Drug Dispensing/Testing • Pharmaceuticals, Drug Stores, Labs • Clearinghouses/Donor Organizations • CDC, Blood banks, Organ Donors

  9. Privacy Standards • Protected Health Information (PHI) by the regulation • Information relating to an individual’s physical or mental health, health care treatment, or payment for health care. • Protection continues as long as information in the hands of covered entity • Covered entities are encouraged to de-identify health information by removing, encoding, encrypting identifiers. • Personally identifiable health information in any form or medium.

  10. Privacy Standards • Covered Entity must enter into a contract requiring that identifiable information be kept confidential by a Business Associate receiving information from or on behalf of a covered entity

  11. Privacy Standards • Obligations of health care plans and providers • Provide Training to all staff who have access to PHI • Establish administrative, technical, and physical safeguards • Establish Policies and Procedures • Develop and apply sanctions from re-training to reprimand to termination • Have available documentation with the regulation requirements • Develop methods to disclose minimum amount of PHI • Develop and use contracts with business partners

  12. Privacy Standards • Minimum Necessary Standard: “Must maintain every effort not to use or disclose, internally or externally, any more information than is necessary to accomplish the intended purpose.” • Preemption: Provides a “floor” of privacy protection. State laws that are “less protective” of privacy are preempted. States are free to enact “more stringent” statutes.

  13. Privacy Standards • Penalties and Enforcement • Civil Liability for each standard provision violated the penalty up to $25,000 in any calendar year • Federal Criminal penalties are fines up to $50,000/and or 1 year imprisonment for using or disclosing individual identifiable health information • If disclosure is “under false pretenses, $100,000 fine and/ or up to 5 years imprisonment” • If offense is with intent to sell, transfer, or use individual identifiable information for commercial gain, $250,000 and / or imprisonment of up to 10 years • Enforcement has been delegated to the Office for Civil Rights (OCR) for civil enforcement and Department of Justice (DOJ) for criminal enforcement

  14. Compliance Gaps – Privacy • Paper copies of patient records aren’t shredded • Registration terminals can be viewed by visitors • General lack of awareness as to where identifiable health information is being sent • Staff discuss patient care in public places such as elevators, cafeterias, and waiting rooms • Facsimile copies are sent to physicians at unidentified phone numbers • Lack of ongoing privacy training for workforce Provided by Phoenix Health Systems

  15. References • (www.healthprivacy.org) • http://aspe.hhs.gov/admnsimp/ • http://www.hipaadvisory.com/ HIPAA questions to – HIPAA-QUESTION@list.nih.gov Privacy question to – ocrprivacy@os.dhhs.gov

More Related