health insurance portability and accountability act of 1996 hipaa privacy training for county...
TRANSCRIPT
![Page 1: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/1.jpg)
Health Insurance Portability and Accountability Act of 1996
HIPAA Privacy Training
for County Employees
![Page 2: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/2.jpg)
Training Objectives
Employees will have a general understanding of the core elements of the HIPAA privacy provisions.
Employees will know who the County’s HIPAA Privacy Officer is and how to contact the Privacy Officer.
Employees will have a general understanding of the County’s HIPAA Privacy Policies and Procedures.
![Page 3: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/3.jpg)
What is HIPAA?
Health Insurance Portability and Accountability Act of 1996.
Administrative Simplification:– Transactions and Code Sets– Security– Privacy
![Page 4: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/4.jpg)
Terminology
PHI Covered Entities Business Associate Minimum Necessary Designated Record Set
![Page 5: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/5.jpg)
HIPAA Privacy Requirements
To comply with HIPAA the county must: Adopt written policies and procedures. Adopt Notice of County Privacy Practices. Designate privacy officer. Designate employees with access to PHI. Train employees on HIPAA. Be in compliance with privacy provisions by
April 14, 2003.
![Page 6: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/6.jpg)
Penalties for Noncompliance
Criminal penalties – Up to $50,000 and one year in prison for
obtaining or disclosing PHI.– Up to $100,000 and up to five years in prison
for obtaining PHI under false pretenses– Up to $250,000 and up to ten years in prison
for obtaining or disclosing PHI with the intent to sell, transfer or use it for commercial advantage or personal gain or malicious harm.
![Page 7: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/7.jpg)
Penalties for Noncompliance
Civil Penalties– A county that violates the privacy standards
will be subject to civil liability which includes fines of $100 per violation, up to $25,000 per person, per year for each requirement or prohibition violated.
![Page 8: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/8.jpg)
County Sanctions for Noncompliance
[insert county sanctions for noncompliance]
![Page 9: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/9.jpg)
State Law Preemption
HIPAA preempts contrary state law unless the state law provides greater protection.
![Page 10: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/10.jpg)
[insert county name] HIPAA Privacy Officer
[insert name]
[insert address]
[insert phone number]
[insert email]
![Page 11: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/11.jpg)
Individual Privacy Rights: Notice of Privacy Practices
Individuals have the right to receive the county’s “Notice of Privacy Practices.”
The Notice of Privacy Practices explains to the individuals how the County routinely manages its confidential data including how PHI is used and disclosed.
![Page 12: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/12.jpg)
Individual Privacy Rights: Access to PHI
Individuals have the right to request access to certain medical records.
Individuals have the right to copy certain medical records.
Individuals have the right to receive a decision within 30 days of the request.
If access denied, the Individual has the right to receive written description of denial.
![Page 13: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/13.jpg)
Individual Privacy Rights:Restriction on Use and Disclosure
Individuals have a right to request restriction on uses and disclosures about treatment, payment or health care operations.
Individuals have the right to request that the county restrict disclosures to family members.
![Page 14: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/14.jpg)
Individual Privacy Rights:Confidential Communications
Individuals have the right to receive communications of PHI by alternate means or at alternate locations.
The county must accommodate reasonable requests for alternate means or alternate locations.
![Page 15: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/15.jpg)
Individual Privacy Rights:Right to Request Amendments
Individuals have the right to request revisions or corrections to any part of the record that the individual believes is incorrect.
Some requests may be denied. Individuals have the right to receive a
decision within 60 days.
![Page 16: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/16.jpg)
Individual Privacy Rights:Accounting of Disclosures
Individuals have the right to an accounting of disclosures, other than treatment, payment or operation, made by the county.
The county is not required to account for disclosures made to the individual or made with a signed authorization.
Individuals have the right to receive a decision within 60 days.
![Page 17: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/17.jpg)
Individual Privacy Rights:Right to File Complaint
Individuals have the right to file a complaint if they believe their rights have been violated.
![Page 18: Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees](https://reader036.vdocument.in/reader036/viewer/2022082818/56649ef05503460f94c01189/html5/thumbnails/18.jpg)
County Responsibilities:Minimum Necessary
The county must make reasonable efforts to limit use and disclosure of PHI to the minimum necessary to accomplish the intended purpose of the use or disclosure.
County must identify those employees who need access to carry out their duties. The county must make reasonable efforts to limit the access of each identified employee.