Health Insurance Portability and Accountability Act

Health Insurance Portability and Accountability Act

Team Bo

Team Bo

BACKGROUND INFORMATIONBACKGROUND INFORMATION• Congress enacted the Health Insurance Portability and

Accountability Act in 1996 to provide safeguards to protect security and confidentiality of patient information.

• This Act granted Congress 3 years to enact comprehensive legislation regarding health care privacy.

• In 1999, US Department of Health and Human Services (HSS) proposed regulations protecting patient’s rights against misuse of disclosure of personal information.

• Finalized regulations were implemented in April 2003 that governed the protection of confidential information.

• Congress enacted the Health Insurance Portability and Accountability Act in 1996 to provide safeguards to protect security and confidentiality of patient information.

• This Act granted Congress 3 years to enact comprehensive legislation regarding health care privacy.

• In 1999, US Department of Health and Human Services (HSS) proposed regulations protecting patient’s rights against misuse of disclosure of personal information.

• Finalized regulations were implemented in April 2003 that governed the protection of confidential information.

REGULATIONS COVERED UNDER HIPAA

REGULATIONS COVERED UNDER HIPAA

• Consumer control over health information. – Patients are not required to provide personal

information during registration process at health care facilities.

– Written explanation of conditions to use and disclose health information must be provided to patients.

• Rules regarding medical record release and use.– Health information may not be disclosed to patient’s

employers or financial institutions without patient authorization.

– Emergency circumstances, identifying deceased, limited law enforcement activities, and national security needs are areas HIPAA rules permit allow disclosure of health information without individual authorization.

• Consumer control over health information. – Patients are not required to provide personal

information during registration process at health care facilities.

– Written explanation of conditions to use and disclose health information must be provided to patients.

• Rules regarding medical record release and use.– Health information may not be disclosed to patient’s

employers or financial institutions without patient authorization.

– Emergency circumstances, identifying deceased, limited law enforcement activities, and national security needs are areas HIPAA rules permit allow disclosure of health information without individual authorization.

REGULATIONS COVERED UNDER HIPAA Cont…

REGULATIONS COVERED UNDER HIPAA Cont…

• Accountability for medical record use and release. – Civil and criminal penalties are established for

violating patient privacy.

• Balancing public responsibilities and privacy protections.– All medical records and other electronic health

information used or disclosed are protected.– With situations that involve more stringent state laws

that are already in placed, health care organizations must follow the most restrictive law, protecting patient privacy.

– The provisions of HIPAA apply equally to private and public health care sectors.

• Accountability for medical record use and release. – Civil and criminal penalties are established for

violating patient privacy.

• Balancing public responsibilities and privacy protections.– All medical records and other electronic health

information used or disclosed are protected.– With situations that involve more stringent state laws

that are already in placed, health care organizations must follow the most restrictive law, protecting patient privacy.

– The provisions of HIPAA apply equally to private and public health care sectors.

RAMIFICATION FOR NON-MEDICAL SECURITY IN ITRAMIFICATION FOR NON-MEDICAL SECURITY IN IT

• Reduce security transaction costs for affiliated practices. – Physicians care about one thing - caring for their

patients. – By helping these independent practices identify,

purchase and manage security solutions, the healthcare organization can help educate their physicians while lowering their own public exposure

• Reduce security transaction costs for affiliated practices. – Physicians care about one thing - caring for their

patients. – By helping these independent practices identify,

purchase and manage security solutions, the healthcare organization can help educate their physicians while lowering their own public exposure

RAMIFICATION FOR NON-MEDICAL SECURITY IN IT Cont…

RAMIFICATION FOR NON-MEDICAL SECURITY IN IT Cont…

• Security technology will provide at least this minimum level of compliance.

• Also provides extra protection over and above the HIPAA standard.

• Security technology will provide at least this minimum level of compliance.

• Also provides extra protection over and above the HIPAA standard.

HIPAA ADVISORYHIPAA ADVISORY

• As technology marches on, challenges related to information security will be a critical topic, and remain under the radar of the Security Rule.

• There may have been "final rules" established for HIPAA, but the delivery and business of healthcare is ever changing.

• As technology marches on, challenges related to information security will be a critical topic, and remain under the radar of the Security Rule.

• There may have been "final rules" established for HIPAA, but the delivery and business of healthcare is ever changing.

NATIONAL SECURITY ISSUESNATIONAL SECURITY ISSUES

• Since 9/11, terrorism, biological warfare, emergency preparedness, and homeland security have climbed to the top of the country's "hot topics" list.

• These concerns are bringing healthcare-related issues - and new initiatives - to the forefront.

• How we integrate the HIPAA regulations (both current and new) presents overwhelming challenges for the healthcare industry.

• Since 9/11, terrorism, biological warfare, emergency preparedness, and homeland security have climbed to the top of the country's "hot topics" list.

• These concerns are bringing healthcare-related issues - and new initiatives - to the forefront.

• How we integrate the HIPAA regulations (both current and new) presents overwhelming challenges for the healthcare industry.

FUTURE FOR HIPAAFUTURE FOR HIPAA• A search of the internet readily yields hundreds, if not

thousands of websites which detail how industry organizations are addressing the ongoing challenge of maintaining HIPAA-compliant cultures as they respond to new initiatives and opportunities.

• HIPAA re-assessments, privacy, and security program updates, new training, and new opportunities for return on investment (ROI) are being recognized as a necessary part of any plan for new capabilities and operational enhancements.

• A search of the internet readily yields hundreds, if not thousands of websites which detail how industry organizations are addressing the ongoing challenge of maintaining HIPAA-compliant cultures as they respond to new initiatives and opportunities.

• HIPAA re-assessments, privacy, and security program updates, new training, and new opportunities for return on investment (ROI) are being recognized as a necessary part of any plan for new capabilities and operational enhancements.

PREVENT INAPPROPIATE PRIVACY-RELATED BEHAVIOR

AMONG STAFF

PREVENT INAPPROPIATE PRIVACY-RELATED BEHAVIOR

AMONG STAFF

• Helping the members of your staff integrate HIPAA privacy practices into their daily routines.

• Providing authoritative guidelines, explanations, scenarios and scripts will show workers how they can meet their HIPAA privacy obligations.

• Helping the members of your staff integrate HIPAA privacy practices into their daily routines.

• Providing authoritative guidelines, explanations, scenarios and scripts will show workers how they can meet their HIPAA privacy obligations.

REFERENCESREFERENCES

• Raymond S. Edge and John Randall Groves. (2006). Ethics of Health Care: A Guide for Clinical Practice. Retrieved August 28, 2007, from University of Phoenix ebook collection.

• http://www.scmagazine.com/asia/news/article/419684/hipaa-comes-security-challenge/

• http://www.hipaadvisory.com/action/notdone.htm

• Raymond S. Edge and John Randall Groves. (2006). Ethics of Health Care: A Guide for Clinical Practice. Retrieved August 28, 2007, from University of Phoenix ebook collection.

• http://www.scmagazine.com/asia/news/article/419684/hipaa-comes-security-challenge/

• http://www.hipaadvisory.com/action/notdone.htm