Sylvia hipaa powerpoint presentation 2010(1)
Transcript of Sylvia hipaa powerpoint presentation 2010(1)
South Arkansas South Arkansas Community CollegeCommunity College
““Where Students Come Where Students Come First”First”
Training Module for Nursing Training Module for Nursing Students and FacultyStudents and Faculty
What We Need to Know about What We Need to Know about HIPAAHIPAA
Sylvia Rainwater, RN, BSNSylvia Rainwater, RN, BSN
PN InstructorPN Instructor
South Arkansas Community CollegeSouth Arkansas Community College
(870) 862-8131 ext. 394(870) 862-8131 ext. 394
HIPAA
Purpose of this TrainingPurpose of this Training
To provide SACC Faculty and Nursing To provide SACC Faculty and Nursing Students with the knowledge & Students with the knowledge & understanding of HIPAA understanding of HIPAA
Why privacy is important. Why privacy is important.
To enhance awareness of the nursing To enhance awareness of the nursing student’s role in protecting a patients student’s role in protecting a patients health information.health information.
Possible consequences and penalties for Possible consequences and penalties for violation HIPAA lawsviolation HIPAA laws
HIPAA HIPAA
HHealthealth
IInsurance nsurance
PPortability and ortability and
AAccountability ccountability
AAct ct
IT’S THE LAW!
Trivia QuestionTrivia Question
How many words are in the Health How many words are in the Health Insurance Portability and Accountability Insurance Portability and Accountability Act?Act?
How many lines are in the Health How many lines are in the Health Insurance Portability and Accountability Insurance Portability and Accountability Act?Act?
How many titles are there?How many titles are there?
Trivia AnswersTrivia Answers
Words-73,840Words-73,840– Source: Microsoft Word: word countSource: Microsoft Word: word count
Lines-5,704Lines-5,704
FiveFive
OverviewOverview
Signed into law by President Clinton Signed into law by President Clinton on August 21, 1996on August 21, 1996
Public Law 104-191Public Law 104-191
HIPAA addresses numerous health HIPAA addresses numerous health care issuescare issues
Purpose of HIPAAPurpose of HIPAA
To amend the Internal Revenue Code of To amend the Internal Revenue Code of 1986 to improve portability and continuity 1986 to improve portability and continuity of health insurance coverageof health insurance coverage
Reduce health care fraud and abuseReduce health care fraud and abuse
To Protect individuals’ rights to privacy To Protect individuals’ rights to privacy and confidentialityand confidentiality
To ensure the security of electronic To ensure the security of electronic transfer of personal informationtransfer of personal information
Health Insurance Portability and Accountability Act of 1996
Title I Title IV Title VTitle IIITitle II
Insurance Portability
Fraud and AbuseMedical Liability Reform
Group HealthPlan Requirements
Revenue Off-sets
Administrative Simplification
Tax Related Health Provision
Privacy
Security
Electronic Data
Transactions
Identifiers
Code Sets
Title ITitle I
Title I of the HIPAA law deals with health Title I of the HIPAA law deals with health care access, portability, and renewability care access, portability, and renewability with the intention of protecting health with the intention of protecting health insurance coverage for workers and their insurance coverage for workers and their families when they change or lose their families when they change or lose their jobs. jobs.
Title IITitle II
Prevention of healthcare fraud and abusePrevention of healthcare fraud and abuse
Administrative Administrative SimplificationSimplification
Administrative SimplificationAdministrative Simplification
Key components Key components – Electronic Data Interchange (EDI)Electronic Data Interchange (EDI)
Transactions standardsTransactions standardsCode setsCode sets
– Privacy Privacy – Security Security – National Standard IdentifiersNational Standard Identifiers
ProviderProviderEmployerEmployerHealth PlanHealth Plan
Who is affected by HIPAA?Who is affected by HIPAA?
The law applies directly to three groups The law applies directly to three groups referred to as “Covered Entities.” referred to as “Covered Entities.” – Health Care ProvidersHealth Care Providers– Health PlansHealth Plans– Health Care ClearinghousesHealth Care Clearinghouses
HIPAA Privacy Rule HIPAA Privacy Rule
Primary Focus of this presentation!Primary Focus of this presentation!
HIPPA PRIVACY RULEHIPPA PRIVACY RULE– Title 45, CFR Parts 164 & 160Title 45, CFR Parts 164 & 160– Protect individuals’ rights to privacy and Protect individuals’ rights to privacy and
confidentialityconfidentiality
The Privacy RuleThe Privacy Rule
The Standards for Privacy of Individually Identifiable Health The Standards for Privacy of Individually Identifiable Health Information established a set of national standards for Information established a set of national standards for
the protection of certain health information the protection of certain health information
The Privacy Rule standards address the use and disclosure The Privacy Rule standards address the use and disclosure of individuals’ health informationof individuals’ health information
PROTECTED HEALTH INFORMATION (PHI) PROTECTED HEALTH INFORMATION (PHI)
Compliance Date: April 14, 2003Compliance Date: April 14, 2003Enforced by: Office of Civil Rights (OCR)Enforced by: Office of Civil Rights (OCR)
Enforcement of HIPAAEnforcement of HIPAA
The Department of Health and Human The Department of Health and Human Services (DHHS) is responsible for Services (DHHS) is responsible for developing and establishing the Privacy developing and establishing the Privacy Rule standards Rule standards
Office of Civil Rights (OCR) is responsible Office of Civil Rights (OCR) is responsible for implementing and enforcing the Privacy for implementing and enforcing the Privacy RuleRule
Health InformationHealth Information
Health information should be protected Health information should be protected from:from:– People who aren’t involved in the patient’s People who aren’t involved in the patient’s
direct treatmentdirect treatment– Insurance agencies using it to deny life or Insurance agencies using it to deny life or
disability coveragedisability coverage– Employers using it in hiring/firing decisionsEmployers using it in hiring/firing decisions– ReportersReporters– Nosy neighbors or family membersNosy neighbors or family members
PrivacyPrivacyStandards for the Privacy of Standards for the Privacy of
HealthHealth
Applies to health Applies to health information in all information in all forms:forms:– WrittenWritten– SpokenSpoken– ElectronicElectronic
Health information Health information includes:includes:– Medical recordsMedical records– Claims informationClaims information– Payment informationPayment information
What is PHI?What is PHI?
PP---PROTECTED---PROTECTED
HH---HEALTH---HEALTH
II---INFORMATION---INFORMATION
PHI is any health information that could PHI is any health information that could identify an individual patientidentify an individual patient
Individually Identifiable Health Individually Identifiable Health InformationInformation
NameName
AddressAddress
Drivers license #Drivers license #
DatesDates– Birth date Birth date – Admission dateAdmission date– Discharge dateDischarge date– Date of deathDate of death
Telephone numbersTelephone numbers
FAX numberFAX number
E-mail addressE-mail address
Social Security Number Social Security Number
Medical record numberMedical record number
Web URLWeb URL
Finger or voice printsFinger or voice prints
Photographic imagesPhotographic images
Account numberAccount number
Use and Disclosure of PHIUse and Disclosure of PHI
Use-Sharing protected health information Use-Sharing protected health information within the entity that maintains the within the entity that maintains the informationinformation
Disclosure-Release or transfer of PHI by Disclosure-Release or transfer of PHI by an entity to persons or organizations an entity to persons or organizations outside of that entityoutside of that entity– Another facilityAnother facility– Nursing home Nursing home
Permitted Uses and DisclosuresPermitted Uses and Disclosures
A covered entity is permitted to use and A covered entity is permitted to use and disclose protected health information disclose protected health information without an individual’s authorization for the without an individual’s authorization for the following:following:– Treatment, Payment, and Health Care Treatment, Payment, and Health Care
OperationsOperations– Opportunity to Agree or ObjectOpportunity to Agree or Object
Facility directoryFacility directory
– Incidental disclosures are permittedIncidental disclosures are permitted– Public InterestPublic Interest
Disclosures not requiring patient Disclosures not requiring patient AuthorizationAuthorization
Required by Federal or State LawRequired by Federal or State Law– Workers compensationWorkers compensation– Birth reportingBirth reporting– Child abuse Child abuse
Required for public health reasonsRequired for public health reasons– Sexually transmitted diseaseSexually transmitted disease
Required for national security reasonsRequired for national security reasons– Prevent a serious threat of harm to the Prevent a serious threat of harm to the
individual or othersindividual or others
Disclosures with AuthorizationDisclosures with Authorization
Authorization is required for certain Authorization is required for certain disclosures to:disclosures to:– AttorneysAttorneys
Disclosures to a patient’s attorney for purposes of Disclosures to a patient’s attorney for purposes of a malpractice lawsuita malpractice lawsuit
Disclosures to a life insurance company, when the Disclosures to a life insurance company, when the individual is seeking to obtain coverageindividual is seeking to obtain coverage
Why HIPAA?Why HIPAA?
Cost ConcernsCost Concerns
Genetic AdvancementsGenetic Advancements
MarketingMarketing
TechnologyTechnology
Loss of Patient DataLoss of Patient Data
Privacy ConcernsPrivacy Concerns
Breaches of Patient PrivacyBreaches of Patient Privacy
Cost ConcernsCost Concerns
Billions of dollars being spent on administrative Billions of dollars being spent on administrative services related to health careservices related to health care
Congress estimated that approximately $87 billion Congress estimated that approximately $87 billion could be saved annually if administrative services could be saved annually if administrative services could be improvedcould be improved– Requiring more health care transactions to be Requiring more health care transactions to be
conducted electronically, reduced paperworkconducted electronically, reduced paperwork– Standardizing health care transactionsStandardizing health care transactions
Privacy ConcernsPrivacy Concerns
Privacy ConcernsPrivacy Concerns– The case of Arthur Ashe (the late tennis star) The case of Arthur Ashe (the late tennis star)
his positive HIV status was disclosed by a his positive HIV status was disclosed by a healthcare worker and published by a healthcare worker and published by a newspaper without his permissionnewspaper without his permission
– 53 staff members at UCLA Medical Center 53 staff members at UCLA Medical Center were disciplined for accessing the medical were disciplined for accessing the medical information of Britney Spearsinformation of Britney Spears
Privacy BreachPrivacy Breach
Privacy BreachPrivacy Breach– Case of Ann PressleyCase of Ann Pressley
Up to 6 employees fired from St. Vincent Health Up to 6 employees fired from St. Vincent Health CenterCenter
Routine patient-privacy audit showed 8 people Routine patient-privacy audit showed 8 people gained access to her records improperlygained access to her records improperly
All 8 were immediately placed on leave, pending All 8 were immediately placed on leave, pending an investigation.an investigation.
2 of the 8 were found to have valid reasons for 2 of the 8 were found to have valid reasons for viewing the records viewing the records
PRIVACY AND PRIVACY AND CONFIDENTIALITYCONFIDENTIALITY
REMEMBERREMEMBER– Information about a patient is considered Information about a patient is considered
confidential whether it is written, saved on a confidential whether it is written, saved on a computer, or spoken out loud. computer, or spoken out loud.
– As a student or faculty, It’s important that you As a student or faculty, It’s important that you take steps to protect the privacy of patientstake steps to protect the privacy of patients
– Protecting Privacy is EVERYONE’S JOB!Protecting Privacy is EVERYONE’S JOB!
ASK YOURSELFASK YOURSELF
Would I want someone to gossip about my Would I want someone to gossip about my medical or personal information?medical or personal information?How can I protect someone’s privacy?How can I protect someone’s privacy?Am I willing to riskAm I willing to risk– Prison and/or A FinePrison and/or A Fine– Losing my jobLosing my job– Being Dismissed from Nursing SchoolBeing Dismissed from Nursing School
Because I don’t follow the legal, ethical, and Because I don’t follow the legal, ethical, and RIGHT THING TO DO!RIGHT THING TO DO!
Sshhh!!!Sshhh!!!
Private means PrivatePrivate means Private– If your role as a student requires you to If your role as a student requires you to
communicate healthcare information with communicate healthcare information with patientspatients
Assess the environment before you start talkingAssess the environment before you start talking
Are there other people in the area who might hear Are there other people in the area who might hear the information you are sharing?the information you are sharing?
Are those individuals authorized to hear the Are those individuals authorized to hear the information?information?
The “NEED TO KNOW” RuleThe “NEED TO KNOW” Rule
Believe it or not, as a student, you do not Believe it or not, as a student, you do not have the right to look at all the information have the right to look at all the information available on every patient. For example, a available on every patient. For example, a student on 2student on 2ndnd floor does not have the right floor does not have the right to look at the medical record of a friend on to look at the medical record of a friend on 44thth floor. floor.
The “NEED TO KNOW” RuleThe “NEED TO KNOW” Rule
As a nursing student, you will discuss As a nursing student, you will discuss protected health information only as it protected health information only as it pertains to your education or your patient’s pertains to your education or your patient’s care.care.
Before looking at patient information, ask Before looking at patient information, ask yourself, “Do I need to know this to do my yourself, “Do I need to know this to do my job?” If “yes” you are allowed. If “no” you job?” If “yes” you are allowed. If “no” you are NOT ALLOWED. are NOT ALLOWED.
The “NEED TO KNOW” RuleThe “NEED TO KNOW” Rule
Remember the rule of thumb-ask yourself, Remember the rule of thumb-ask yourself, ““Do I need to know this to do my jobDo I need to know this to do my job?” ?” You should You should NOT NOT access any information access any information that you that you do not need to knowdo not need to know in order to in order to provide patient care or to complete your provide patient care or to complete your clinical assignment/observation.clinical assignment/observation.
How do we protect patient privacy?How do we protect patient privacy?
Do Do NOTNOT talk about patients in public talk about patients in public placesplaces
CafeteriaCafeteria
ElevatorElevator
Waiting roomsWaiting rooms
Parking lotParking lot
How do we protect patient privacy?How do we protect patient privacy?
Do Do NotNot leave messages regarding the leave messages regarding the patients condition or test results on patients condition or test results on message machines or with anyone other message machines or with anyone other than the patient. than the patient. Leave only your name and number on Leave only your name and number on message machines when you are asking a message machines when you are asking a patient to call you back. patient to call you back. Avoid paging patients using information Avoid paging patients using information that could reveal their health issues. that could reveal their health issues.
How do we protect patient privacy?How do we protect patient privacy?
Close curtains & speak softly in semi-Close curtains & speak softly in semi-private rooms when discussing treatment private rooms when discussing treatment & administering procedures. & administering procedures.
Be sure no one can see your computer Be sure no one can see your computer screen while you are workingscreen while you are working
Never share your access codeNever share your access code
Log off of your computer when not workingLog off of your computer when not working
How do we protect patient privacy?How do we protect patient privacy?
Never leave charts open for others to seeNever leave charts open for others to see
Never leave lab results, medications or Never leave lab results, medications or other sensitive information out in the open other sensitive information out in the open where others can see it. where others can see it.
Do not use the intercom to provide health Do not use the intercom to provide health information to patients or other staff information to patients or other staff members.members.
How do we protect patient privacy?How do we protect patient privacy?
DO NOT GIVE HEALTH INFORMATIONDO NOT GIVE HEALTH INFORMATION to family members or friends to family members or friends If unsure about whether or not you should If unsure about whether or not you should provide information about a patient, ask provide information about a patient, ask your instructor for assistance. your instructor for assistance. If you over hear employees, students or If you over hear employees, students or observers discussing patients observers discussing patients inappropriately, remind them of inappropriately, remind them of confidentiality. confidentiality.
How do we protect patient privacy?How do we protect patient privacy?
Shred or properly dispose of all Shred or properly dispose of all documents containing protected health documents containing protected health information that is not part of the official information that is not part of the official medical record. medical record.
Know who you are speaking to on the Know who you are speaking to on the phone, if not surephone, if not sure– Get a name and number to call back after you Get a name and number to call back after you
find out it is ok to do so.find out it is ok to do so.
Clinical AssignmentClinical Assignment
When preparing your clinical assignments:When preparing your clinical assignments:– Identify the patient by initials onlyIdentify the patient by initials only– Use other demographic data only to the Use other demographic data only to the
extent necessary to identify the patient and extent necessary to identify the patient and his or her needs to the instructor. his or her needs to the instructor.
– Protect your notes or other sources of Protect your notes or other sources of information from individual who don’t have a information from individual who don’t have a “need to know”“need to know”
Clinical AssignmentClinical Assignment
Preparing your clinical assignment:Preparing your clinical assignment:– Protect your printer output from others who don’t have Protect your printer output from others who don’t have
a “need to know”a “need to know”– Protect your flash drive/zip/CD/PDA from being lost or Protect your flash drive/zip/CD/PDA from being lost or
stolenstolen– DO NOT put notes/scrape paper with patient’s health DO NOT put notes/scrape paper with patient’s health
information in the trash.information in the trash.– Students are Students are NOTNOT to photoduplicate or fax patient to photoduplicate or fax patient
documents in the process of working with your documents in the process of working with your patient’s PHI. patient’s PHI.
– Shred all patient health information-Do not take home Shred all patient health information-Do not take home patient report sheetspatient report sheets
CONSEQUENCES OF HIPAA CONSEQUENCES OF HIPAA VIOLATIONSVIOLATIONS
Legal Consequences:Legal Consequences:– Civil or Criminal penaltiesCivil or Criminal penalties
Fines plus imprisonmentFines plus imprisonment
Professional ConsequencesProfessional Consequences– Disciplinary action by the State Board of Nursing Disciplinary action by the State Board of Nursing
Academic Consequences:Academic Consequences:– ReprimandsReprimands– Loss of points toward grade or failure of courseLoss of points toward grade or failure of course– Dismissal from School of NursingDismissal from School of Nursing
Civil PenaltiesCivil Penalties
Civil penaltiesCivil penalties– $100 per person per violation-up to $25,000/year $100 per person per violation-up to $25,000/year – person should have known betterperson should have known better– US Dept. of Health and Human Service for Civil Rights US Dept. of Health and Human Service for Civil Rights
enforces civil penaltiesenforces civil penalties
PROTECT PATIENT INFORMATIONPROTECT PATIENT INFORMATION
Criminal PenaltiesCriminal Penalties
Criminal penaltiesCriminal penalties– Up to $50,000 and 1 year prison; Knowingly Up to $50,000 and 1 year prison; Knowingly
releasing patient informationreleasing patient information– Up to $100,000 and 5 years prison; gaining Up to $100,000 and 5 years prison; gaining
access to health information under false access to health information under false pretensespretenses
– Up to $250,000 and 10 years prison; releasing Up to $250,000 and 10 years prison; releasing patient information with harmful intent or selling patient information with harmful intent or selling patient information. patient information.
– US Department of Justice enforces criminal US Department of Justice enforces criminal penaltiespenalties
HIPAA VIOLATIONHIPAA VIOLATION
REMEMBERREMEMBER
HIPAA VIOLATIONS CAN HAVE HIPAA VIOLATIONS CAN HAVE SERIOUS CONSEQUENCES!SERIOUS CONSEQUENCES!
STOPSTOP
Think about how you would feel if your Think about how you would feel if your own health information were used or own health information were used or disclosed in a way that was harmful to disclosed in a way that was harmful to you or your family. you or your family.
CONCLUSIONCONCLUSION
As students and faculty we must As students and faculty we must remember to protect the privacy of remember to protect the privacy of patients patients If you have a question about the proper If you have a question about the proper way to handle a patient’s privacy, ask your way to handle a patient’s privacy, ask your instructor, supervisor or manager in your instructor, supervisor or manager in your clinical area, or contact the Privacy clinical area, or contact the Privacy Compliance Officer of the institution you Compliance Officer of the institution you are working in. are working in.
SOUTH ARKANSAS COMMUNITY COLLEGEBETTY OWEN SCHOOL OF NURSING
CONFIDENTIALITY AGREEMENTPatient confidentiality at the health care facilities used by SACC Betty Owen School of Nursing is of primary importance. In addition to each agency policy, HIPAA requires health information to be kept confidential. In order to protect individual rights to confidentiality and to comply with federal and state laws, students must agree to hold all information or records pertaining to patients, employees, and other company information gained through their clinical assignments at any agency used by the Betty Owen School of Nursing in strictest confidence. Confidentiality includes but is not limited to:•Discussing patients or their health conditions with persons who do not have a need to know•Accessing confidential information (which includes, but limited to photographic images, medical and demographic information) that is not within the scope of your assignment•Misusing, disclosing with proper authorization, or altering confidential information•Removing any documents with individually identifiable patient data from any agencyI understand the terms of this Student Confidentiality Agreement, and I agree to abide by the above confidentiality requirements. I understand that any breach of any confidential information during or after my clinical experience(s) will result in immediate dismissal from the school of nursing as described in the Practical Nursing Handbook.__________________________________ __________________________________Printed Student Name Printed School Official Name___________________________________ ____________________________________Student Signature School Official Signature___________________________________ ______________________________________Date Date
INSTRUCTIONSINSTRUCTIONS
You have three weeks to complete this You have three weeks to complete this assignment. assignment.
Once you have reviewed the PowerPoint Once you have reviewed the PowerPoint presentation, print the confidentiality agreement presentation, print the confidentiality agreement located on blackboard.located on blackboard.
You will also need to take the online test which You will also need to take the online test which is available on blackboard. is available on blackboard.
When you have completed the test you can then When you have completed the test you can then print out a certificate. Print one for yourself and print out a certificate. Print one for yourself and one for your instructor. one for your instructor.