health insurance portability and accountability act hipaa n.
Skip this Video
Loading SlideShow in 5 Seconds..
Health Insurance Portability and Accountability Act (HIPAA) PowerPoint Presentation
Download Presentation
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)

125 Vues Download Presentation
Télécharger la présentation

Health Insurance Portability and Accountability Act (HIPAA)

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Health Insurance Portability and Accountability Act (HIPAA)

  2. Sources • Steven C. White, ASHA Director of Health Care Economics and Advocacy • Janet Brown, ASHA, Director, Health Issues Unit • Tim Weise, M.A., Michigan Speech-Language-Hearing Association

  3. HIPAA • The Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191) • Mandates compliance with patient privacy rules designed to maintain confidentiality of medical information • No federal rules to protect privacy of health information existed until Standards for Privacy were published 12/28/2000

  4. HIPAA PRIVACY • Provides Americans with a basic level of protection that is essential to their full participation of care • Final regulation takes effect April 14, 2003 • “Covered entities” include health care providers who conduct certain financial and administrative transactions such as billing electronically

  5. Protected Health Information • All medical records and other individually identifiable health information used by or disclosed by a covered entity in any form, whether electronically, on paper, or orally, are covered by the HIPAA final rule • Patient identifiers - name, SS#, telephone #, medical health #, zip code

  6. What is protected health information? (PHI) • Any information about past, present, or future illnesses • Physical or mental health of an individual • Provision of health care for an individual • Payment information in cases where the patient is individually identifiable

  7. What is required by HIPAA? • Posted privacy regulations • Pts. Must be made aware of privacy rights • Pt. Must sign a consent to have information used and disclosed: • Clearly written • Provider may refuse treatment if patient will not sign consent • Pt. May revoke consent in writing

  8. And… • Provider must retain consent for six years • Clinician consultation with another clinician is considered part of treatment and is covered by consent • Pt. May need to sign Authorization for uses other than those above (billing, etc.)

  9. The covered entity (provider, clinic, etc.) must: • Try to disclose only minimum necessary information • Adopt clear privacy policies in writing • Inform patients of policies • Train employees (students) • Designate a “privacy officer” to oversee • Secure files (hard copy or electronic)

  10. Research and HIPAA • Is allowed if authorization is obtained • If no authorization, may be allowed if waiver is approved by the IRB • Research data (NOMS, for example) needs to be deidentified

  11. What about public and private schools? • Medical information created by the school system for the student record (audiology evaluations completed at school; SLP evaluations) is part of the EDUCATIONAL record and is not covered by HIPAA • Contractors with the school who maintain records must comply with HIPAA standards

  12. Establish Accountability for Medical Records Use and Release • Civil penalties - violation of standards subject to civil liability - $100 per violation, up to $25,000 per person, per year for each requirement or prohibition violated • Federal criminal penalties - up to $50,000 and one year in prison for obtaining or disclosing protected health information; up to $100,000 and up to and up to 5 years in prison for obtaining health info under false pretenses

  13. Criminal Penalties continued • Up to $250,000 and up to 10 years in prison for obtaining or disclosing protected heath information with intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm

  14. Balancing Public Responsibility with Privacy Protections • Final rule permits covered entities to continue certain existing disclosures of health information without individual authorization for specific public responsibilities • Includes emergency circumstances, public health needs, research (generally limited to when a waiver of authorization is independently approved)

  15. Useful Web Sites • • • • (American Health Information Management Association web site)

  16. Compliance Dates • Effective Date of Privacy Rule • April 14, 2003 • Effective Date of EDI Rule • October 16, 2002 • Enforcement • $100/Standard Violation • Maximum $25,000/Year/Violation

  17. What Are Covered Entities? • Health Plans - Insurance Companies, ERISA • Health Care Clearinghouses • Health Care Providers • Who conduct certain electronic financial and administrative transactions, such as electronic billing and funds transfers • Business Associates

  18. What is Protected Health Information (PHI)? • All Medical Records • Individually Identifiable Health Information • Any Such Information Used or Disclosed by a covered Entity in Any Form • Electronic • Paper • Oral • De-Identified Information is Excluded

  19. What Are Covered Transactions? • Requests and Responses to Eligibility Verification • Claims Submissions • Coordination of Benefits (COB) • Explanation of Benefits (EOB) • Remittance Advices (RA) • Encounter Data Submissions

  20. Paper vs Electronic Claims • Can Continue to Use Paper Submissions • Dual Submission Modes - Electronic & Paper • Paper Claims Will be Viewed Disfavorably by 3rd Party Payers • Payers Can (Probably Will) Require Standard Transaction • Must be Stipulated in Contract

  21. Business Associate • Individuals or Organizations Who Contracts with a Covered Entity for a Product or Service that Requires Disclosure of PHI • Not Another Provider, Health Plan or Clearinghouse • Contractual Assurance that the PHI is Secure

  22. What Do I Need To Do? • Carefully Assess How All PHI is Currently Generated, Stored and Transmitted in your Practice Setting (Private Practice, Hospital, SNF, School, etc.) • Become Knowledgeable of HIPAA Privacy and EDI Rules as They Relate to Your Practice Setting • ASHA Web Site (

  23. ASHA Information Sources • www. • Janet Brown ( • Steve White (

  24. Some Questions To Assess Your Situation • Does your program collect oral, paper, or electronic information about clients? • Do you fax records to referral sources? • Do you maintain a fax log? • Do you email patient records in any form that is identifiable? • Do staff have policies