HIPPA

HIPPA

• health insurance portability & accountability act of 1996

• federal law signed by Clinton

• mandatory

HIPPA purpose

• health insurance portability (ease of movement) when changing jobs

• reduce fraud & abuse

• security & privacy of info

• enforce standards for health info

• standards for electronic data interchange transactions

Electronic data interchange (EDI) (major focus area of HIPPA)

National privacy & security standards for electronic healthcare transactions & national identifiers for providers, health plans, and employers

Security (major focus area of HIPPA)

administrative, physical, and technical safeguards to keep pt. info safe

Privacy (major focus area of HIPPA)

• medical record use and release

• penalties for misuse of pt. info

• appropriate disclosures of info

• appropriate access for info about self

HIPPA civil fines

$100 per person per violation up to $25,000 a year

criminal penalties

• up to 50k & 1 year jail for intentional violations

• up to 100k and 5 years jail for obtaining PHI with intent to sell, use for personal gain, or material harm

• up to 250k & 10 years jail for obtaining PHI with intent to sell, transfer, use for personal gain or cause material harm

FPO

facility privacy officer

HIM

health information manager

HIM and FPO responsibilities

• privacy program

• patient complaints

• privacy rights of patients

• requests for privacy restriction

• transfer & education of staff

PHI

protected health information

• info that can be communicated orally or written

• individually identifiable

• payment

• physical & mental health

• provision of healthcare

• relative names

• address

• lab results

• name

• DOB

• number

• fax numbers

CE

covered entity (hospital)

• health plans or providers that transmit electronically for billing

• physican practices

• insurance companies

• home health

• hospice

• outpatient clinics

DRS

designated record set (medical record)

AOD

accounting of disclosure

• right to receive accounting of disclosures of PHI made by CE in past 6 years except for disclosures made

  • for TPO

  • to patient

  • for directory purposes

  • to law enforcement or correctional institutions

  • for national security

• must enter info into AOD for

  • state mandated reporting

    • suspected abuse of victims

    • disease reporting (STD)

    • brain injury

  • law enforcement, judicial & administrative proceedings

  • health oversight activities (JCAHO)

Directory

hospital census list used by volunteers & operators with patient name and room number

HIPPA Rules

• coversheets w/ confidential statement used on external faxes with PHI

• cofidential statements at beginning of emails

• charts in secure area

• computers off or away from public

• PHI in shredded containers

• patient info accessed only on “need to know” basis

• no PHI discuss in public areas

• notice of privacy to every admitted patients

• chance to opt out of directory

• patients right to medical record

• authorizations needed for PHI release other than TPO

T/F: u can share info without patient authorization as it relates to TPO

true

verification of requestors

SSN, DOB, and either account number, address, insurance card/policy #, medical record numbers

external faxing guidelines

• limit when possible

• fax number verified

• present numbers utilized

• fax machine in secure location

• use covert sheets

• highly sensitive info never faxed (HIV status, abuse records)

Pts. right to access

• forward to HIM for processing

• must provide access and/or hard copy of record

• if in house, HIM manages access process

pts. right to amend

• forward to HIM for processing

• amend to records

• can’t omit documentation already in medical record (exclude)

• if in house, HIM manages amendment process

pts. right to opt out of directory

• usually during admission process

• can opt out at anytime

• not give info to friends, family, or anyone

right to privacy restrictions

• right to request privacy restriction of PHI

• must be in writing and routed to FPO