SlideShare a Scribd company logo

Hipaa

W
wcmc

HIPAA protects patient privacy by imposing restrictions on how protected health information (PHI) can be used and disclosed. It covers healthcare providers, health plans, clearinghouses, and their business associates. PHI includes any information about a patient's health, treatment, or payment. HIPAA allows use and disclosure of PHI for treatment, payment, and operations, and requires authorization for other uses. It gives patients rights to access and request amendments to their medical records. Covered entities must notify patients of their privacy practices and comply with HIPAA to avoid penalties.

1 of 19
HIPAA
Who does it Cover? o Healthcare providers o Health plans o Healthcare clearinghouses o Business associates who have access to patient records
What does HIPAA do? o Imposes new restrictions on the use and disclosure of Protected Health Information (PHI) o Gives patients greater access to their medical records o Gives patients greater protection of their medical records
What is Protected Health Information (PHI)? o Any information about a patient’s physical or mental health, services rendered or payment for those services. o Includes verbal, recorded, written, or electronic information
Use and Disclosure o You are permitted to use and disclose PHI without written authorization: • For treatment, payment, and health operations • With verbal authorization or agreement from the individual patient • For disclosure to the specific individual patient • For incidental uses such as physicians talking to patients in a semi-private room
Use and Disclosure o You are required to release PHI for use and disclosure without authorization: • When requested or authorized by the patient (some exceptions apply) • When required by the Department of Health and Human services (HHS) for compliance or investigation • When the facility is required by law
Authorization o Written authorization is required: • For any purposes other than treatment, payment, or healthcare operations • For use and disclosure of psychotherapy notes • For research purposes • For marketing activities
Authorization o Written authorization is not required: • To maintain WCMC’s patient directory • To inform family members or other identified persons involved in the patient’s care or notify them on patient location, condition, or death • To inform appropriate agencies during disaster relief efforts • Public health activities related to disease prevention or control
Authorization: Continued... • To report victims of abuse, neglect, or domestic violence • Health oversight activities such as audits, legal investigations, licensure or for certain law enforcement purposes or government functions • For coroners, medical examiners, funeral directors or tissue/organ donations • To avert a serious threat to health and safety
Clergy o Those who have been designated as “clergy” by their church will be able to view a list of patients in the hospital who have agreed to be included in the directory and who have indicated their religious affiliation to be that of the clergy member reviewing the list o For example: the Baptist clergy member can only look at the Baptist list of patients
Minimum Necessary Standard o The use and/or disclosure of PHI is limited to the minimum amount of health information necessary to get the job done right. • WCMC has policies and practices that ensure the least amount of PHI is shared • Employees must be identified who regularly access PHI along with the types of PHI needed and the conditions of access
Notice of Privacy Practices o The patient has the right to have adequate notice concerning the use and disclosure of their PHI o This includes: • The patient’s rights and WCMC’s legal duties • Being available in print • Being displayed at the site of service
The Patient’s Privacy Rights o The Patient has the right to : • Request restricted uses and disclosures, although the covered entity is not required to agree • Have PHI communicated to them by alternate means and at alternate locations to protect confidentiality
The Patient’s Privacy Rights o The Patient has the right to : • Inspect and amend PHI, and obtain copies, (with some exceptions) • Receive the Notice of Privacy Practices at the time of the first delivery of service • Request a history of disclosures for six years prior to the request, except for disclosures made for treatment, payment, healthcare operations or with prior authorization
The Patient’s Privacy Rights : Continued... • Contact WCMC Privacy Officer regarding any privacy concern or breach of privacy within the facility or contact HHS with the information • Parents have the right to access and control the PHI of their minor children, except when state law overrides parental control
Non-Compliance o If you violate the HIPAA Privacy Rule you could face: • A civil penalty of up to $50,000 per offense, up to a maximum of $1.5 Million per year depending on the type of violation • A criminal penalty for knowingly disclosing PHI that may escalate to a maximum of $250,000 for conspicuously bad offenses and could include up to a 10 year prison term
What can you do? o Make sure you fully understand WCMC’s privacy practices o Only use and disclose PHI when you need to do so to perform your job o Only use and disclose the minimum amount of PHI needed to accomplish your job o Make sure you handout the WCMC Notice of Privacy Practices to every patient
What can you do? o Ask patients before talking to family members about their condition o Speak softly when discussing PHI in open areas o Avoid discussing patient issues in the cafeteria, on elevators, etc. o Do not leave PHI laying out in open view - such as lab work, progress notes, or any patient record o Shred any extra copies of PHI not needed o Medical records should not be taken off campus
What can you do? o Don’t leave messages concerning a patient’s condition or test results on any answering machine o When releasing patient information over the phone, verify the identity of the caller o Don’t share your password with anyone o Log off your computer when you will be away from your work area o Report privacy violations to our Compliance Officer, Debbie Hare,380-1062

More Related Content

Hipaa

  • 2. Who does it Cover? o Healthcare providers o Health plans o Healthcare clearinghouses o Business associates who have access to patient records
  • 3. What does HIPAA do? o Imposes new restrictions on the use and disclosure of Protected Health Information (PHI) o Gives patients greater access to their medical records o Gives patients greater protection of their medical records
  • 4. What is Protected Health Information (PHI)? o Any information about a patient’s physical or mental health, services rendered or payment for those services. o Includes verbal, recorded, written, or electronic information
  • 5. Use and Disclosure o You are permitted to use and disclose PHI without written authorization: • For treatment, payment, and health operations • With verbal authorization or agreement from the individual patient • For disclosure to the specific individual patient • For incidental uses such as physicians talking to patients in a semi-private room
  • 6. Use and Disclosure o You are required to release PHI for use and disclosure without authorization: • When requested or authorized by the patient (some exceptions apply) • When required by the Department of Health and Human services (HHS) for compliance or investigation • When the facility is required by law
  • 7. Authorization o Written authorization is required: • For any purposes other than treatment, payment, or healthcare operations • For use and disclosure of psychotherapy notes • For research purposes • For marketing activities
  • 8. Authorization o Written authorization is not required: • To maintain WCMC’s patient directory • To inform family members or other identified persons involved in the patient’s care or notify them on patient location, condition, or death • To inform appropriate agencies during disaster relief efforts • Public health activities related to disease prevention or control
  • 9. Authorization: Continued... • To report victims of abuse, neglect, or domestic violence • Health oversight activities such as audits, legal investigations, licensure or for certain law enforcement purposes or government functions • For coroners, medical examiners, funeral directors or tissue/organ donations • To avert a serious threat to health and safety
  • 10. Clergy o Those who have been designated as “clergy” by their church will be able to view a list of patients in the hospital who have agreed to be included in the directory and who have indicated their religious affiliation to be that of the clergy member reviewing the list o For example: the Baptist clergy member can only look at the Baptist list of patients
  • 11. Minimum Necessary Standard o The use and/or disclosure of PHI is limited to the minimum amount of health information necessary to get the job done right. • WCMC has policies and practices that ensure the least amount of PHI is shared • Employees must be identified who regularly access PHI along with the types of PHI needed and the conditions of access
  • 12. Notice of Privacy Practices o The patient has the right to have adequate notice concerning the use and disclosure of their PHI o This includes: • The patient’s rights and WCMC’s legal duties • Being available in print • Being displayed at the site of service
  • 13. The Patient’s Privacy Rights o The Patient has the right to : • Request restricted uses and disclosures, although the covered entity is not required to agree • Have PHI communicated to them by alternate means and at alternate locations to protect confidentiality
  • 14. The Patient’s Privacy Rights o The Patient has the right to : • Inspect and amend PHI, and obtain copies, (with some exceptions) • Receive the Notice of Privacy Practices at the time of the first delivery of service • Request a history of disclosures for six years prior to the request, except for disclosures made for treatment, payment, healthcare operations or with prior authorization
  • 15. The Patient’s Privacy Rights : Continued... • Contact WCMC Privacy Officer regarding any privacy concern or breach of privacy within the facility or contact HHS with the information • Parents have the right to access and control the PHI of their minor children, except when state law overrides parental control
  • 16. Non-Compliance o If you violate the HIPAA Privacy Rule you could face: • A civil penalty of up to $50,000 per offense, up to a maximum of $1.5 Million per year depending on the type of violation • A criminal penalty for knowingly disclosing PHI that may escalate to a maximum of $250,000 for conspicuously bad offenses and could include up to a 10 year prison term
  • 17. What can you do? o Make sure you fully understand WCMC’s privacy practices o Only use and disclose PHI when you need to do so to perform your job o Only use and disclose the minimum amount of PHI needed to accomplish your job o Make sure you handout the WCMC Notice of Privacy Practices to every patient
  • 18. What can you do? o Ask patients before talking to family members about their condition o Speak softly when discussing PHI in open areas o Avoid discussing patient issues in the cafeteria, on elevators, etc. o Do not leave PHI laying out in open view - such as lab work, progress notes, or any patient record o Shred any extra copies of PHI not needed o Medical records should not be taken off campus
  • 19. What can you do? o Don’t leave messages concerning a patient’s condition or test results on any answering machine o When releasing patient information over the phone, verify the identity of the caller o Don’t share your password with anyone o Log off your computer when you will be away from your work area o Report privacy violations to our Compliance Officer, Debbie Hare,380-1062