Hipaa basics pp2
-
Upload
martykoepke -
Category
Education
-
view
372 -
download
2
description
Transcript of Hipaa basics pp2
![Page 1: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/1.jpg)
THE BASICS OF HIPAA
![Page 2: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/2.jpg)
HIPAA: WHAT IS IT?
• HIPAA does the following:• Creates standards for protecting the
privacy of health information • Creates standards for the security of
health information • Creates standards for electronic exchange
of health information
![Page 3: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/3.jpg)
WHAT IS COVERED BY HIPAA?
• Protected Health InformationThe HIPAA privacy rule covers and sets standards for the collecting, sharing and storing of a person’s Protected Health Information, or PHI, for short. PHI is information that:
• Relates to past, present or future physical or mental health or condition, payments and provisions about healthcare.
• Identifies the individual in a personal way. • Provides a reasonable basis to be used to identify the
individual.• Is created or received by a Covered Entity.
![Page 4: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/4.jpg)
WHAT IS PRIVATE HEALTH INFORMATION?
Protected health information (PHI) is:• Individually identifiable health information • Transmitted or maintained in any form or medium
by a Covered Entity or its Business Associate • Health information, including demographic
information • Relates to an individual’s physical or mental
health or the provision of or payment for health care
• Identifies the individual
![Page 5: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/5.jpg)
TYPES OF PHI
• Billing Information• Medical Insurance Forms• Prescriptions• Patient Charts/Records (Paper or Electronic)
![Page 6: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/6.jpg)
WHAT DOES HIPAA APPLY TO?
• Forms• Spoken Communication• E-mails• Faxes
![Page 7: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/7.jpg)
PROTECTING PHI WITH HIPAA MEANS:
• Removal of certain identifiers so that the individual who is subject of the PHI may no longer be identified
• Application of statistical method or • Stripping of listed identifiers such as:
• Names • Geographic subdivisions < state • All elements of dates • SSNs
• Not discussing PHI with anyone, other than those directly responsible for providing health care (provider, clinician, technician, etc.)
![Page 8: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/8.jpg)
PATIENT’S RIGHTS
• Patients have the right to obtain and amend their PHI to:
Request restrictions on uses and disclosures,Request more confidential communications,Receive an accounting of disclosures,Complain about privacy violations
• Use and disclosure of PHI:Patients have the right to know how their PHI
Patients are entitled to know how their PHI will be used and who will receive their PHI.
• Patients have a right to see privacy disclosures regarding their PHI
![Page 9: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/9.jpg)
SPECIAL RULES OF HIPAA
• Special rules for certain types of entities:• Some Covered Entities have additional privacy
regulations covering areas like directories, marketing and fund raising.
• Administrative requirements of Covered Entities may keep details record-keeping and procedural compliance issues.
![Page 10: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/10.jpg)
ENFORCEMENT OF HIPAA
• There are potential penalties and fines for noncompliance.• Penalties start at $100, and can be as strict as $25,000
per year
• If an employee or patient makes a complaint, it will be investigated, and if necessary, subsequent corrective action will follow.
• Covered Entities or programs will have a process to receive and investigate complaints.
![Page 11: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/11.jpg)
ANTI-RETALIATION POLICY
• Retaliation against anyone who may file a complaint is strictly prohibited
• Individuals may file a complaint with either the Covered Entity or the U.S. Department of Health and Human Services.
![Page 12: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/12.jpg)
REASONABLE PHYSICAL AND TECHNOLOGICAL SAFEGUARDS
• Telephones – How do you know the person you are talking to is authorized to receive an employee’s PHI?
• Disposing of PHI – When you dispose of PHI (both hard copy and electronic) how can you be certain that it is appropriately destroyed?
• E-mail – How can you be sure PHI is secure when it’s sent via e-mail?
• Fax machines – When faxing PHI, how can you be sure the right person will read it on the other end?
• Mail – Sending PHI through the mail may have restrictions.• Storing PHI – Safeguarding PHI on computer databases, file
cabinets, even laptop computers will have to follow procedure.
![Page 13: Hipaa basics pp2](https://reader036.fdocuments.us/reader036/viewer/2022081907/54bb79af4a79595f4d8b456e/html5/thumbnails/13.jpg)
WHAT DOES THIS MEAN TO YOU?
• Do not let anyone use your username and password• Log off of your computer, when you walk away from it, • Do not use anyone else’s username and password• Do not discuss private health information of any patient
outside of the care setting• Do not discuss private health information of any patient
with someone other than a direct care giver• Do not look up any health records, unless it is a patient
under your care and the information is for the purpose of providing patient care
• Do not look up your own private health information