What does the health information Portability and Accountability Act HIPAA allow patients to do quizlet?

Upgrade to remove ads

Only ₩37,125/year

1. Science
2. Medicine
3. Health Computing

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Uconn AH 3000

Terms in this set (24)

What does HIPAA stand for?

Health Insurance Portability and Accountability Act of 1996

HIPAA

Public Law 104-191

Designed to:
- Assure health insurance portability
- Reduce health care fraud and abuse
- Guarantee integrity and confidentiality of health information
- Improve the operations of health care systems and reduce administrative costs

HIPAA legislation establishes:

- Standards for privacy
- Standards for security of health data and electronic signatures
- Standards for eight electronic transactions and the code sets to be used in those transactions
- Unique health identifiers

Privacy and Security

Privacy and Security rules applies to:
- Any covered entity that maintains or transmits protected health information in any form:
+ Electronic
+ Oral
+ Written
+ Faxed
+ Etc....

HIPAA Applicability and Scope

Covered Entity:
- Health plans
- Health care clearinghouse
- Health care providers who transmit electronically
- Employers: voluntary

Everyone in healthcare is affected:
- Patients
- Providers
- Members
- Employers
- Clearinghouses
- Billing agents
- Volunteers
- Vendors
- Service organizations

Privacy Standard

- To protect and enhance the rights of the consumer by providing them access to their health information and to control the inappropriate use of that information
- To improve the quality of health care in the U.S. by restoring trust in the system
- To improve the efficiency and effectiveness of health care delivery through a national framework for health privacy

Privacy Applicability and Scope

- Does not preclude stricter state standards that apply to certain types of information
- Makes no distinction about the presumed sensitivity of information, demographic info should be treated the same as clinical info
- The HIPAA Privacy Regulation protects the information itself, not the physical record, regardless of where the information appears.

Security Standard

To assess potential risks and vulnerabilities to the individual health data in its possession and develop, implement and maintain appropriate security measures.

Security

- Establishes the baseline for securing electronic health information for covered entities.
- Types of patient information: stored on magnetic tapes or disks, optical disks, hard drives and servers.
- Types of transmission media: Internet and extranet, leased lines, private networks and removable media.

Individually Identifiable Health Information (IIHI)

Any health information:
- Collected from or on an individual
- Is created or received by a health care provider, health plan, clearinghouse or an employer which:
+ Identifies the individual
+ Provides a reasonable basis to believe that the information can be used to identify the individual
+ Pertains to the health of an individual
+ Pertains to the provision of or payment of healthcare to an individual.

Administrative Requirements

- Designate privacy & security officials to oversee the HIPAA program
- Develop policies and procedures
- Provide training & awareness for staff
- Provide a means for individuals to lodge complaints & settle or resolve complaints
- Develop a system of sanctions for violations

Administrative Requirements cont...

Implement safeguards to protect health information from any misuse
- Computer display terminals turned away from the public
- Patient record areas prohibits unauthorized access
- Conversations on patients and their conditions should not be held in public places
- Information only release with proper authorization

Criminal Penalties - Privacy

Accidental or intentional misuse of protected health information has three potential levels of penalties: (Updates occur for penalties - refer to Federal Register)
1. Not more than $50,000 and/or imprisonment of not more than 1 year
2. If the offense is "under false pretenses," a fine of not more than $100,000 and/or imprisonment of not more than 5 years
3. If the offense is with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of not more than $250,000 and/or imprisonment of not more than 10 years.

HIPAA Administrative Requirements

Notice of Privacy Practices
(NPP)
- Provide to a patient on the first date of service
- Patient signs acknowledgment of receipt of NPP
- May be one page or multi-paged

Individual Rights - Included in NPP

How to have access and obtain a copy of their records

Ability to specify confidential communications

How to make amendments to their record

Patient has the right to:
- an annual accounting of how information was used and who it was provided to
- in the case of a security breach has the right to be notified immediately

Use and Disclosure

When can we use and disclosure PHI?
- To the individual
- Personal representatives of the individual
- Part of Treatment, Payment or Healthcare Operations (TPO)
- Pursuant to an authorization
- Required by law - cases of abuse, etc.
- Coroner or funeral director
- Facilitate organ donation and transplantation
- Public health - communicable disease
- DHHS review
- Defending a legal suit against
- Business associates

Use and Disclosure cont... (1)

When can we use and disclose PHI?
- When it is part of your job function
- Minimum necessary information for a particular purpose
- Need to verify the identity of anyone participating in patient's care
- Restrictions
- Patients can place restrictions on who can and cannot have access to their information

Use and Disclosure cont... (2)

When can we use and disclosure PHI?
- Do's and don'ts of publicity: depending on what the individual has signed or agreed to (e.g. an athlete information may be released to the media)
- Facility Directory: patient has options to give limited information on their room location, general condition. Clergy is the exception.
- Incidental Information: can't be helped, but be sensitive to conversations in open areas such as emergency departments and waiting areas.

Use and Disclosure - Special Cases

Personal Representatives
- Documentation should be supplied and placed within the patient's record as to who they appointed as their representative

Minors
- Does the minor have the ability to consent to treatment? Emancipated minors do but they need to provide proof that they have received that ability from the court system.

Never treat the personal representative as the individual if doing so will place the individual or others at risk...
- Spousal abuse, elder abuse and child abuse must be considered if circumstances present themselves.

Use and Disclosure - Special Cases cont...

Workers Compensation
- No authorization required

Research
- Independent review board may waive authorization

Disaster Relief
- No authorization required

Marketing
- NPP will specify if entity participates in marketing, ie. Distributing their patient info without obtaining consent

Uses and Disclosures Specialized Functions

- Military and Veterans Affairs: complete access to active or retired personnel
- National Security: access to protect all they are assigned to, and can view patient records without authorization
- Law enforcement custodial situations: if patient is in custody they have no rights to prohibit who see their records
- DHHS: must be given access 24/7, 365 days a year

HIPAA and the Clinical Site

- HIPAA training: each site will use different methods, some require a post test.
- Different interpretations of the standards from facility to facility
- Awareness campaigns: There
may be postings that remind
personnel of the need to keep
things private and secure.

HIPAA and the Clinical Site cont...

- Computer terminal displays: should be turned away from public view to maintain confidentiality
- Increased awareness of what can be said to patients and visitors: conversations about the care and condition of the patients should be kept out of common areas
- Privacy & security officers: They are the experts at the site, questions about privacy and security should be directed to these individuals

What Have We Learned?

- Use and disclosure
- Individual organizations
- Notice of privacy practices
- Privacy & security officer
- Authorizations
- Individual rights

Other sets by this creator

MCB 3413 Lab Midterm

3 terms

allisongardner24

Gene Expression 3201 Exam 1

169 terms

allisongardner24

Abnormal Psychology Exam #3

209 terms

allisongardner24

AH 3021 Final Exam (Quiz 1-6 Review)

201 terms

allisongardner24

Other Quizlet sets

Study Guide - DCA #5 - Thermal Energy

11 terms

gearyk211

Anatomy and Physiology

46 terms

explodingteacups

Mastering A&P chapter 21 (part 2)

20 terms

rattata01

psych final chapter 3 ethical and legal issues

21 terms

jfernandez2000

What does the health information Portability and Accountability Act HIPAA allow patients to do?

What does the HIPAA allow patients to do?

What does the Health Insurance Portability and Accountability Act HIPAA regulate quizlet?

What is HIPAA used for quizlet?