HIPAA - chapter 3, law and ethics

What does HIPAA stand for?

Health Insurance Portability and Accountability act

HIPAA was created to bring a balance between:

1. improving flow of information
2. protecting the privacy of patients

When was HIPAA signed into law?

August 21 1996

Which President and congress signed HIPAA into law?

Bill Clinton, 104th congress

What was the original intention of HIPAA?

helping more Americans gain health insurance coverage and ensuring that employees would not lose their health insurance if they changed jobs.

What did HIPAA allow the Department of Health and Human Services (HHS) to set standards for?

1. the safeguarding of identifiable health information
2. increase the efficiency and effectiveness of the healthcare industry as a whole.

How long ago does health care confidentiality date back?

Dates back to the Hippocratic Oath

For how long is your protected health information (PHI) protected for, after you die?

50 years

The Privacy Rule

protects the Personal Health Information (PHI) and medical records of individuals.

The security Rule

defines and regulates the standards, methods, and procedures related to the protection of electronic PHI on storage, accessibility, and transmission.

The transaction rule

regulates data transmission specifications that govern how data is electronically transferred from one computer to another. The rule defines the types of electronic transactions subject to HIPAA, and specifies the exact format for each transaction record.

The identifiers rule

requires all healthcare entities, including individuals, employers, health plans and healthcare providers, to have a unique 10-digit National Provider Identifier number.

The enforcement rule

establishes guidelines for investigations into HIPAA compliance violations.

PHI

1. identifiable information that appears in medical records as well as conversations between healthcare staff

2. Regards patient information

3. includes billing info and any info that could be used to identify an individual in a health insurance company's records

Where can you find PHI?

- medical documents and forms
- records of communication
- doctor/clinic appointments
- prescriptions
- blood tests
- MRI/X-ray results
- Billing info

How many HIPAA complaints has there been since the compliance rule of April 2003?

270,242

What percent of HIPAA complaints have ended in a financial settlement ?

0.04%

What are the 7 patient rights?

1. Receive a copy of an agency’s privacy practices.
2. Know that an agency will use its PHI ONLY for treatment, payment, operations, and certain other permitted uses as required by law
3. Control the use and disclosure of their PHI.
4. Have access to a copy of their PHI
5. Request amendment or addendum to their PHI
6. Receive records of disclosures (times when PHI was given out)
7. File a privacy complaints to an agency officer

In 2020 what state had the highest number of HIPAA complaints?

California

What is the Need to Know principle?

protected health information should not be used or disclosed when it is not necessary to satisfy a particular need or carry out a function.

Email

Sending documents through email has to be encrypted and only if really necessary

Reportable Patient Information

Births
Deaths
Adverse Reactions to Meds or Vaccines
Child Abuse
Elder Abuse
Crimes/Violence
Communicable Diseases
Error by other physicians

The code advises that when, by law, patient confidentiality must be breached, the physician should notify the patient and disclose to law-enforcement authorities the minimal amount of information required