Upgrade to remove ads
Only ₩37,125/year
- Science
- Medicine
- Health Computing
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Uconn AH 3000
Terms in this set (24)
What does HIPAA stand for?
Health Insurance Portability and Accountability Act of 1996
HIPAA
Public Law 104-191
Designed to:
- Assure
health insurance portability
- Reduce health care fraud and abuse
- Guarantee integrity and confidentiality of health information
- Improve the operations of health care systems and reduce administrative costs
HIPAA legislation establishes:
- Standards for privacy
- Standards for security of health data and electronic signatures
- Standards for eight electronic transactions and the code sets
to be used in those transactions
- Unique health identifiers
Privacy and Security
Privacy and Security rules applies to:
- Any covered entity that maintains or transmits protected health information in any form:
+ Electronic
+ Oral
+ Written
+ Faxed
+ Etc....
HIPAA Applicability and Scope
Covered
Entity:
- Health plans
- Health care clearinghouse
- Health care providers who transmit electronically
- Employers: voluntary
Everyone in healthcare is affected:
- Patients
- Providers
- Members
- Employers
- Clearinghouses
- Billing agents
- Volunteers
- Vendors
- Service organizations
Privacy Standard
- To protect and enhance the rights of the consumer by
providing them access to their health information and to control the inappropriate use of that information
- To improve the quality of health care in the U.S. by restoring trust in the system
- To improve the efficiency and effectiveness of health care delivery through a national framework for health privacy
Privacy Applicability and Scope
- Does not preclude stricter state standards that apply to certain
types of information
- Makes no distinction about the presumed sensitivity of information, demographic info should be treated the same as clinical info
- The HIPAA Privacy Regulation protects the information itself, not the physical record, regardless of where the information appears.
Security Standard
To assess potential risks and vulnerabilities to the individual health data in its possession and develop, implement and maintain appropriate security measures.
Security
- Establishes the baseline for securing electronic health information for covered entities.
- Types of patient information: stored on magnetic tapes or disks, optical disks, hard drives and servers.
- Types of transmission media: Internet and extranet, leased lines, private networks and removable media.
Individually Identifiable Health Information (IIHI)
Any health information:
- Collected from or on an individual
- Is created or received by a health care provider, health plan, clearinghouse or an employer which:
+ Identifies the individual
+ Provides a reasonable basis to believe that the information can be used to identify the individual
+ Pertains to the health of an individual
+ Pertains to the provision of or payment
of healthcare to an individual.
Administrative Requirements
- Designate privacy & security officials to oversee the HIPAA program
- Develop policies and procedures
- Provide training & awareness for staff
- Provide a means for individuals to lodge complaints & settle or resolve complaints
- Develop a system of sanctions for violations
Administrative Requirements cont...
Implement safeguards to protect health information from any misuse
- Computer display terminals turned away from the public
- Patient record areas prohibits unauthorized access
- Conversations on patients and their conditions should not be held in public places
- Information only release with proper authorization
Criminal Penalties - Privacy
Accidental
or intentional misuse of protected health information has three potential levels of penalties: (Updates occur for penalties - refer to Federal Register)
1. Not more than $50,000 and/or imprisonment of not more than 1 year
2. If the offense is "under false pretenses," a fine of not more than $100,000 and/or imprisonment of not more than 5 years
3. If the offense is with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain,
or malicious harm, a fine of not more than $250,000 and/or imprisonment of not more than 10 years.
HIPAA Administrative Requirements
Notice of Privacy Practices
(NPP)
- Provide to a patient on the first date of service
- Patient signs acknowledgment of receipt of NPP
- May be one page or multi-paged
Individual Rights - Included in NPP
How to have access and obtain a copy of their records
Ability to specify confidential communications
How to make amendments to their record
Patient has the right to:
- an annual accounting of how information was used and who it was provided to
- in the case of a security breach has the right to be notified immediately
Use and Disclosure
When can we use and
disclosure PHI?
- To the individual
- Personal representatives of the individual
- Part of Treatment, Payment or Healthcare Operations (TPO)
- Pursuant to an authorization
- Required by law - cases of abuse, etc.
- Coroner or funeral director
- Facilitate organ donation and transplantation
- Public health - communicable disease
- DHHS review
- Defending a legal suit against
- Business associates
Use and Disclosure cont... (1)
When can we use and disclose PHI?
- When it is part of your job function
- Minimum necessary information for a particular purpose
- Need to verify the identity of anyone participating in patient's care
- Restrictions
- Patients can place restrictions on who can and cannot have access to their information
Use and Disclosure cont... (2)
When can we
use and disclosure PHI?
- Do's and don'ts of publicity: depending on what the individual has signed or agreed to (e.g. an athlete information may be released to the media)
- Facility Directory: patient has options to give limited information on their room location, general condition. Clergy is the exception.
- Incidental Information: can't be helped, but be sensitive to conversations in open areas such as emergency departments and waiting areas.
Use and Disclosure - Special Cases
Personal Representatives
- Documentation should be supplied and placed within the patient's record as to who they appointed as their representative
Minors
- Does the minor have the ability to consent to treatment? Emancipated minors do but they need to provide proof that they have received that ability from the court system.
Never treat the personal representative as the individual if doing so will place the
individual or others at risk...
- Spousal abuse, elder abuse and child abuse must be considered if circumstances present themselves.
Use and Disclosure - Special Cases cont...
Workers Compensation
- No authorization required
Research
- Independent review board may waive authorization
Disaster Relief
- No authorization required
Marketing
- NPP will specify if entity participates
in marketing, ie. Distributing their patient info without obtaining consent
Uses and Disclosures Specialized Functions
- Military and Veterans Affairs: complete access to active or retired personnel
- National Security: access to protect all they are assigned to, and can view patient records without authorization
- Law enforcement custodial situations: if patient is in custody they have no rights to
prohibit who see their records
- DHHS: must be given access 24/7, 365 days a year
HIPAA and the Clinical Site
- HIPAA training: each site will use different methods, some require a post test.
- Different interpretations of the standards from facility to facility
- Awareness campaigns: There
may be postings that remind
personnel of the need to keep
things private and secure.
HIPAA and the Clinical Site cont...
- Computer terminal displays: should be turned away from public view to maintain confidentiality
- Increased awareness of what can be said to patients and visitors: conversations about the care and condition of the patients should be kept out of common areas
- Privacy & security officers: They are the experts at the site, questions about privacy and security should be directed to these
individuals
What Have We Learned?
- Use and disclosure
- Individual organizations
- Notice of privacy practices
- Privacy & security officer
- Authorizations
- Individual rights
MCB 3413 Lab Midterm
3 terms
allisongardner24
Gene Expression 3201 Exam 1
169 terms
allisongardner24
Abnormal Psychology Exam #3
209 terms
allisongardner24
AH 3021 Final Exam (Quiz 1-6 Review)
201 terms
allisongardner24
Other Quizlet setsStudy Guide - DCA #5 - Thermal Energy
11 terms
gearyk211
Anatomy and Physiology
46 terms
explodingteacups
Mastering A&P chapter 21 (part 2)
20 terms
rattata01
psych final chapter 3 ethical and legal issues
21 terms
jfernandez2000