HIPAA Aman Final

7/30/2019 HIPAA Aman Final

1/22

HEALTH INSURANCEPORTABILITY AND

ACCOUNTABILITY ACT1996

Presented by -Dr.Amandeep SinghMatharu

MBA Hospital ManagementRoll No. - 14160


2/22

What is HIPAA and Why Should You Care.?

The Health Insurance Portability and Accountability Act(HIPAA) is a law designed to improve the efficiency andeffectiveness of the health care system.

HIPAA directly affects clinical work and the operationsof any facility. Understanding HIPAA prepares you to step into healthorganizations with a clear understanding of complyingwith requirements for respecting the privacy of protected

health information (PHI).


3/22

Whatsoever things I see or hear concerning the life of men, in myattendance on the sick or evenapart therefrom, which ought not benoised abroad, I will keep silencethereon, counting such things to be

as sacred secrets.Oath of Hippocrates,4th century, BC

HIPPOCRATIC OATH


4/22

Health Insurance Portability and Accountability Act of 1996(HIPAA) amended the Internal Revenue Code of 1986

To improve portability and continuity of health insurancecoverage in the group and individual markets;

To combat waste, fraud, and abuse in health insuranceand health care delivery;

To promote the use of medical savings accounts; To improve access to long term care services andcoverage; To simplify the administration of health insurance.

HIPAA - The first federal law thatgoverns the privacy of

health information.


5/22

CONFIDENTIALITY OF INFORMATIONAND HIPAA PROVISIONS

Any information communicated by a patient to ahealth care provider is privileged communication. is private .PATIENTS HAVE RIGHT TO CONFIDENTIALITY HIPAA privacy and security provisions - Right of privacy.

Security safeguards to ensure that facilities, equipment,and patient information are safe from damage, loss,tampering, theft or unauthorized access.


6/22

HIPAA LEGISLATIONSHIPAA legislation were organized according to

five titles:- Title I Health Care Access, Portability,and Renewability

Title II Preventing Health Care Fraudand Abuse,AdministrativeSimplification, and MedicalLiability Reform

Title III Tax-Related Health Provisions Title IV Application and Enforcement of

Group Health Plan Requirements Title V Revenue Offsets


7/22

PROTECTED HEALTHINFORMATION

It is the information identifiable to an individual (or individual identifiers)- name,- address,- telephone numbers,- date of birth,- Medicaid ID number

- other medical record numbers,- social security number (SSN),- name of employer.


8/22

HIPAA PRIVACY RULES

HIPAA provisions protect the security andconfidentiality of health information.

HIPAA privacy standards protect the confidentiality of health information maintained or transmittedelectronically.

The rule mandates compliance by private and publicsector organizations.


9/22

HIPAA PRIVACY RULESPATIENT RIGHTS

Patient education on privacy protections Re Disclosure of PHI Patient access to their records Disclosures to business associates Patient care and notification Disclosures about deceased patients Limited uses and disclosures when the

patient is not available Obtaining patient authorization beforeinformation is disclosed


10/22

Recourse if privacy protections areviolated

Patient's have the right tofile a formal complaintwith a covered entity,when violations of

privacy protections occur.


11/22

HIPAASECURITY RULES

HIPAA security rule was published onFebruary 20,2003.

It adopts standards and safeguards to protect health information that is

collected, maintained,used,or transmitted electronically.There are three categories of standardsand specifications-

1. Administrative Safeguards 2. Physical Safeguards 3. Technical Safeguards


12/22

ADMINISTRATIVE SAFEGUARDS

Healthcare organizations must adopt a written set of privacy procedures.

Designate a privacy officer responsible for developing andimplementing all policies and procedures. Clearly identify employees who will have access to electronic protectedhealth information (EPHI).

An ongoing training program regarding the handling of PHI for employees. Organizations should ensure third party vendors comply with HIPAArequirements.. Internal audits play a key role in HIPAA compliance by reviewingoperations.Audits should be both routine and event-based. Organization should document instructions for addressing andresponding to security breaches that are identified. A contingency plan should be in place for responding to emergencies.


13/22

PHYSICAL SAFEGUARDS

Controls must govern the introduction andremoval of hardware and software from thenetwork.

Access to equipment containing healthinformation should be carefully controlled

and monitored. Access to hardware and software must belimited to properly authorized individuals.

Required access controls consist of facilitysecurity plans, maintenance records, andvisitor sign-in and escorts.

Policies are required to address proper workstation use.


14/22

TECHNICAL SAFEGUARDS Information systems housing PHI must be

protected from intrusion. Healthcare organization must ensure that the

data within its systems has not been changedor erased in an unauthorized manner.

Digital signature may be used to ensure dataintegrity. Organizations must also authenticate entities

with which they communicate.

Organizations must make documentation of their HIPAA practices available to thegovernment to determine compliance.

Documented risk analysis and risk management programs are required.


15/22

SECURITY RULE PROVISIONS

security provisions include following policies and procedures: Define authorized users of patient information

to control access

Implement a tracking procedure to sign out records to authorized personnel

Limit record storage access to authorized users

Lock record storage areas at all times Require that the original medical record remain in the facility at all times.


16/22

EFFECT OF HIPAA ON RESEARCHAND CLINICAL CARE

Effects on research

HIPAA restrictions have affected the ability to performretrospective, chart-based research as well as to

prospectively evaluate patients by contacting them for follow-up.

Informed consent forms for research now includeextensive detail which made already complex documentseven less user-friendly for patients who are asked to readand sign them.

Effects on clinical care

The complexity of HIPAA, combined with potentiallystiff penalties for violators, lead physicians and medicalcenters to withhold information from those who have aright to it.
http://en.wikipedia.org/wiki/Informed_consenthttp://en.wikipedia.org/wiki/Informed_consent


17/22

CLINICAL RESEARCH ISUNIQUELY AFFECTED BY HIPAA

Specific methods to allow PHI to be used or disclosed for research purposes: All data are de-identified (according to the specific standards of

the Privacy Rule). A limited data set is collected and released. A patient gives a written authorization that his or her data may be used and/or disclosed. Data are collected for preparatory work for research purposes

only (according to the specific standards of the Privacy Rule).

Special provisions are in place for research on a decedents PHI.


18/22

AUTHORIZATION TO DISCLOSE PHIIs Not Required

Public health activities Law enforcement purposes

Judicial and administrative proceedings Identification and location purposes Decedents Research purposes

Food & Drug Administration (FDA) Specialized government functions. Workers compensation


19/22

AUTHORIZATION TO DISCLOSE PHIIs Required

Attorney requests . Employers (except when PHI is released to report

work-related illnesses or injuries). Government agencies . Health care providers that did not render care to the

patient. HIV -related information.


20/22

PATIENTS ACCESS TO RECORDS

An individual has the right to access his or her own protected health information (PHI) for the purpose of inspection and to obtain a copy, except for thefollowing:-

Psychotherapy notes. Information compiled for use in a civil, criminal, or administrative action.

PHI maintained by a covered entity that is

subject to the Clinical Laboratory Improvements.


21/22

HIPPA rules are not a barrier to goodcare.!

The HIPAA Privacy Rule is not intended to prohibit providers from talking to each other and to their patients.

Staff is free to communicate as required for quick,effective, and high-quality health care.

The Privacy Rule also recognizes that overheardcommunications in these settings may be

unavoidable and allows for these incidentaldisclosures.


22/22

Date post:	14-Apr-2018
Category:	Documents
Upload:	matharu-knowlittle
View:	215 times
Download:	0 times

HIPAA Aman Final

Documents