hipaa basics - dwc training · 2015. 3. 4. · violaon of hipaa could mean the loss of your job,...
TRANSCRIPT
HIPAABasics
HealthInsurancePortabilityandAccountabilityActof1996
WhatIsHIPAA?HIPAA:• Protectstheprivacyofhealthcareinforma@onforallAmericans,includingtheindividualsyousupport
• ProtectstheprivacyofProtectedHealthInforma@on(PHI)
• SetsrulesandlimitsonwhocanlookatandreceivePHI
• Providesthefreedomofconfiden@almovementofinforma@onbetweenhealthcarebenefitplans
Whatareaperson’srightsunderHIPAA?
• Access:Therighttoreviewandobtainacopyoftheirprotectedhealthinforma@on
• Amendment:Therighttoamendorhavecorrec@onsmadetotheirprotectedhealthinforma@on
• DisclosureAccoun@ng:Therighttoknowhowtheirprotectedhealthinforma@onhasbeenshared
Whatareaperson’srightsunderHIPAA?
• Restric@onRequest:Therighttorequestthatthesharingofcertainprotectedhealthinforma@onberestrictedundercertaincircumstances
• Alterna@veCommunica@ons:Therighttorequestanalterna@veloca@on,sayapostofficeboxinsteadofatradi@onalhomeaddress,oralterna@vemeans,forinstanceviae‐mailinsteadofbytelephone,forreceivingcommunica@onsoftheirPHI
WhodoesHIPAAapplyto?
• HealthCareProviders:Mostdoctors,nurses,pharmacies,hospitals,clinics,nursinghomes,healthcareandotherproviders
• HealthPlans:Healthinsurancecompanies,HMOsandemployerhealthplans
• BusinessAssociates:PersonsorcompaniesthatperformservicesforHealthCareProvidersorHealthPlansthatinvolvetheuseorsharingofhealthinforma@on
• EmployeesofHealthCareProvidersorHealthPlans
WhodoesHIPAAapplyto?
Basically,HIPAAappliestoanyonewhoprovidescare,hearsconversa@ons,andhasaccesstoaperson’shealthinforma@onand/orbillsforhealthcareservices.
Whatinforma@ondoesHIPAAprotect?
ProtectedHealthInforma@on(PHI)isdefinedasindividuallyiden@fiablehealthinforma@onthatistransmiWedormaintainedinanyformofmedium(electronically,oral,orwriWen),asitrelatesto:• Thepast,present,orfuturephysicalormentalhealthcondi@onofa
person
• Theprovisionofhealthcaretoaperson• Thepast,present,orfuturepaymentfortheprovisionofhealthcare
toaperson
Whatinforma@ondoesHIPAAprotect?
Informa@onbecomes“individuallyiden@fiable”ifitdefinesthepersonorthereisareasonablebasistobelievetheinforma@oncanbeusedtoiden@fytheperson.
Whatinforma@ondoesHIPAAprotect?
• PersonalIden@fyingInforma@on(Name,Address,SS#,etc.)
• HealthStatus(Diagnosis,MedicalRecords)
• ProvisionofCare(Servicesreceived)• PaymentofServices(Howpaymentwillbemade)
• Billinginforma@on
Whatinforma@ondoesHIPAAprotect?
Anyoneofushasthepoten@altoviolateanindividual’sprivacyandconfiden@ality.ThisiswhyitisimportantforyoutoknowandunderstandhowHIPAAcomplianceprotectstheprivacyandconfiden@alityofthoseyousupport.
Whatinforma@ondoesHIPAAprotect?
HIPAAisallabouttheuseanddisclosureofinforma@on,including:• Whousesit?• Whoitisreleasedto?• Howmuchinforma@onisreleased?
• Whyinforma@onisreleased?
Whatinforma@ondoesHIPAAprotect?
Individualsyousupporthavetherighttoprivacywhenitcomestothedisclosureoftheirpersonalhealthinforma@on.
Theyhavetherighttocontroltheirpersonalinforma@onandtonothaveitdivulgedorusedbyothersagainsttheirwishes.
Youmustmaintainconfiden@alitybymakingaconsciousefforttokeepprivateANYinforma@onprovidedbyanyoneonbehalfoftheindividualsyousupportintheprocessofreceivingservices.
Whatinforma@ondoesHIPAAprotect?
AsDirectCareprofessionals,youareresponsibletomonitoryourownbehaviorandthebehaviorofothers.Youarelegallyresponsibleforprotec@ngthehealthinforma@onoftheindividualsyousupport.
WhencanPHIbeshared?
ProtectedHealthInforma@onmaybesharedfor:• Treatment(residen@alservices,dayprograms)
• Payment(billingforservices)
• HealthCareOpera@ons(qualityassurance,programoversight)
Onlytheminimumamountofinforma@onnecessarytoaccomplishtheintendedpurposeshouldbeprovided.
WhencanPHIbeshared?
AccessingPHIwithnolegi@mateneedorwithoutspecificpurposetodelivercareisaviola@onofanIndividual’sconfiden@ality.
AsDirectSupportProfessionals,youmustbecarefultonotbecomecasualwithPHIrememberingalwaysyourresponsibilitytokeepprivateinforma@onprivate.
ThereareanumberofotherpossiblecircumstanceswhenPHImaybedisclosedfor“publicneed”[email protected],butarenotlimitedto:• GovernmentAudits• PublicHealthandSafety• AsubpoenafromtheCourts
WhencanPHIbeshared?
Whenisanauthoriza@ontosharePHIneeded?
Anauthoriza@on/consentmustbeobtainedinwri@ngforanyuseorsharingofprotectedhealthinforma@onthatisnotfortreatment,payment,healthcareopera@ons,orotherwiseallowed.
Allauthoriza@onsmustbewriWeninplainlanguage.
Whenisanauthoriza@ontosharePHIneeded?
Theauthoriza@onmust:
• Describetheprotectedhealthinforma@ontobeshared
• Iden@fytheperson(s)whomayshareandreceivethePHI,aswellasthepurposeofthesharing
Otherrequirementsinclude:
• Anexpira@ondate• Statementsrela@ngtocancellingandre‐sharingofinforma@on
• Givingtheindividualacopyoftheauthoriza@ononceithasbeensignedanddated
Whenisanauthoriza@ontosharePHIneeded?
Whatstepsmustbetakentoprotectaperson’sPHI?
• HIPAArequiresthataperson’sprotectedhealthinforma@onremainssecure.
• Itisyourresponsibilitytobeawareandtofollowthepoliciesandproceduressetforthbyyouremployerwithrespecttotheconfiden@ality,integrity,andavailabilityofprotectedhealthinforma@on.
Whatstepsmustbetakentoprotectaperson’sPHI?
• Confiden'alitymeansthatprotectedhealthinforma@onisonlyusedbyauthorizedpeople.
• IntegritymeansthatPHIisnotalteredordestroyed.
• AvailabilitymeansthatPHIcanbeusedasneededbyanauthorizedperson.
• Itisalsoimportantforyoutoprotectagainstthreats,hazards,ormisuseofPHI.
Whatstepsmustbetakentoprotectaperson’sPHI?
• Don’tdiscussinforma@onaboutindividualsyousupportinapublicplacewhereotherscanoverhear
• Makesurefilesarenotle`whereunauthorizedpeoplecanseethemandthattheyareinasecureloca@onwhennotinuse
• WhensendingaFAX,makesureanauthorizedpersonisontheotherendtoreceiveit
Whatstepsmustbetakentoprotectaperson’sPHI?
• Computers:– Allcomputersshouldbepasswordprotected
– Yourcomputerscreenshouldfaceawayfrompublicarea/viewing
– Whensteppingawayfromacomputerinuse,youcanprotectinforma@onbyclosingallapplica@onsandusingascreensaver
– DonotsendPHIviae‐mailunlessitisencrypted
• Verifytheiden@tyofanypersonreques@nganIndividual’spersonalhealthinforma@ontoensuretheycanreceivetheinforma@on
• Donotgiveoutinforma@onoverthetelephoneunlessyouhaveauthoriza@ontodoso
• DonottakeanIndividual’spersonalhealthinforma@onoutofthehomeorworkprogramunlessauthorizedtodoso
Whatstepsmustbetakentoprotectaperson’sPHI?
• Keepconfiden@alinforma@onconfiden@al• Whenindoubt,donotgiveanyinforma@onout
• Youshouldreviewyouremployer’spoliciesandprac@ceswithrespecttokeepingPHIsecureandconfiden@al
Whatstepsmustbetakentoprotectaperson’sPHI?
HowtodisposeofdocumentscontainingPHI?
AnythingcontainingPHIhastobedisposedofinawaythatmakestheinforma@onunreadable,suchasshredding.
Howtoreportaviola@on?
IfyoususpectorareawareofaHIPAAviola@onregardingprotectedhealthinforma@on,youmustact.
FollowthespecificwriWenpoliciesandproceduressetforthbyyouremployerwhichmayincludeimmediatelycontac@ngyoursupervisororyouragency’sPrivacyOfficer,orfillingoutawriWenreport.
Howtoreportaviola@on?
Inaddi@on,ifyouareabletotakereasonablecorrec@veac@ontolessentheHIPAAviola@on,youshoulddosoimmediately.
WhatcanhappenifyouviolatetheHIPAAlaworyourcompany’s
privacyprac@ces?• Apersonwhopurposelyusesorsharesindividually
iden@fiablehealthinforma@oninviola@onofHIPAAfacesafineof$50,000anduptooneyearinjail
• Thecriminalpenal@esincreaseto$100,000anduptofiveyearsinjailiftheviola@oninvolvesfalsepretensesorlying
• Iftheviola@oninvolvesthesaleoruseofindividuallyiden@fiablehealthinforma@onforpersonalgainormaliciousharm,thecriminalpenal@esincreaseto$250,000anduptotenyearsimprisonment
• Aviola@onofyouremployer’sHIPAAprivacyprac@cescanleadtocompanypenal@esuptoandincludingtermina@onofyourjob
• Youcouldpoten@allyloseanyprofessionallicense(s)thatyoumayneedtoperformyourjob
• PleaserememberthatsimplyviewingthePHIofanyonewhoisnotunderyourcareandsharingsuchinforma@onwithothersisaviola@onofHIPAA
WhatcanhappenifyouviolatetheHIPAAlaworyourcompany’s
privacyprac@ces?
• TheboWomlineisthatjustoneviola@onofHIPAAcouldmeanthelossofyourjob,thelossofwhateverprofessionallicensesyoumayhave,thepaymentofalargefine,andajailterm
• HIPAAisseriousbusinessandneedsyourundividedaWen@on
WhatcanhappenifyouviolatetheHIPAAlaworyourcompany’s
privacyprac@ces?
Howdoyoupreventthisfromhappeningtoyou?
• FollowEmployerpoliciesandprocedures:YouremployershouldhavepoliciesandproceduresthatcoveralmostanyHIPAAissuethatyouarelikelytoencounter
• Strictlyobserve“MinimumNecessary”(NeedtoKnow):Onlyusespecificinforma@onthatyourequireforthatpar@cularjobfunc@on
Howdoyoupreventthisfromhappeningtoyou?
• BeCau@ous:Nevervieworuseprotectedhealthinforma@onunlessyouhaveaproperreasonfordoingso
• UseandsharePHIonlyaspermiWedbylawandyourapplicableemploymentpoliciesandprocedures
• Usecommonsenseandwhenindoubt,ASK