HIPAA BasicsA Matter of Integrity

Introduction

• “A Matter of Integrity” defines HIPAA and protecting patient health information.

• Success depends on our compliance in how we conduct ourselves in the work environment and how we react when exposed to certain types of information.

What is HIPAA?

• HIPAA (not HIPPA or HIPPO) is the acronym for the Health Insurance Portability and Accountability Act. The act was introduced in 1996, but not fully implemented until 2003.

• HIPAA was created for two reasons:– To ensure that people who lost their jobs would have access to

quality health care coverage, since in the past it was difficult or impossible to change insurance carriers without facing lowered coverage or exorbitant premiums.

– To protect private health care information and create a uniform standard for dispersing personal information.

What are the main objectives of HIPAA?

• Accountability. HIPAA, hopefully, will reduce waste, fraud, and abuse.

• Insurance Reform. HIPAA offers continuity of health insurance as well as providing limits on pre-existing provisions.

• Administrative simplification. HIPAA mandates standards on electronic data transactions in a confidential and secure manner.

What is the “Privacy Rule?”

• The “Privacy Rule” was adopted under HIPAA in 1996. The date of compliance was April 14, 2003.

• The “Privacy Rule” gives patients more control over their “Protected Health Information (PHI).” The rule addresses:– When you can share information and when you can’t.– What are patient rights regarding their PHI.

The Privacy Rule Gives Patients the Right to:

– Have their PHI protected – Review and obtain a copy their records – Request that PHI in their records be corrected or

changed – Ask how their PHI is used or shared – Ask that they be contacted such as at work and not at

home – Request a list of disclosures made of their PHI

Who must comply with HIPAA?

• Any healthcare provider that electronically stores, processes or transmits medical records, medical claims, remittances or certifications must comply with HIPAA.

• HIPAA is for OUR protection as well as patients!

Notice of Privacy Practices (NPP)

• Health care providers and health plans usually give out a Notice of Privacy Practices (NPP).

• The NPP describes how PHI is used/shared, the patients’ rights, their responsibilities regarding PHI, and usually a contact person.

• It is important that you know your rights if you are a patient!

What NOT to Share! Protected Health Information

Names, addresses, zip codesDates

Telephone/fax numbersEmail addresses

Social Security NumbersMedical Record Numbers

Health Plan NumbersLicense/VIN Numbers

Account NumbersFull Face Photos

PHI also includes Information that is: Sent or stored in any form or

Identifies a patient or can be used to identify a patient

Protecting PHI … A Matter of Integrity

• Take steps or reasonable safeguards to secure and protect PHI. For example: – Speak softly if communicating information regarding a patient– Please do not discuss confidential information in hallways, open

areas or elevators – Except in rare circumstances, we should never use each other’s

computer and share passwords

What is “Incidental Disclosure?”

• Incidental Disclosure: in most cases, refers to sharing of PHI that occurs related to allowable disclosures of PHI.

• An “incidental disclosure” is allowed if steps are taken to limit them. For example, visitors may hear a patient’s name as it’s called out in a waiting room or overhear a clinical discussion in a hallway on a unit.

What are penalties for HIPAA non-complicance?

• Fines up to $25,000 for multiple violations, $250,000 or imprisonment up to 10 years in jail for knowing abuse or misuse of individually-identifiable health information.

HIPAA …

• Your integrity is the best control in the area of HIPAA compliance.

• Ask yourself: Do I need to know this information?

A Matter of Integrity