112 HIPAA Overview Health Insurance Portability and Accountability Act HIPAA was first introduced by Congress in 1996 due to the advancements in electronic technology in healthcare The goal was to improve the efficiency and effectiveness of the healthcare system and to create national standar ID: 933926
Download Presentation The PPT/PDF document "Privacy and Confidentiality of Health In..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Slide2Privacy and Confidentiality of Health Information
11.2
Slide3HIPAA Overview
Health Insurance Portability and Accountability Act (HIPAA) was first introduced by Congress in 1996 due to the advancements in electronic technology in healthcare.
The goal was to improve the efficiency and effectiveness of the healthcare system and to create national standards for electronic healthcare transactions.
The Department of Health and Human Services (HHS) published a final regulation in the form of the Privacy Rule in December 2000, which became effective on April 14, 2001.
The Rule set national standards for the protection of health information, in regards to three types of covered entities: health plans, healthcare clearing houses, and healthcare providers who conduct certain healthcare transactions electronically.
April 14, 2003, the compliance date, required that all covered entities must implement standards to protect and guard against the misuse of individually identifiable health information.
Slide4Security Rule
HIPAA Privacy Rule protects the privacy of individually identifiable health information, called
protected health information
(PHI).
Generally, the Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI (electronic protected health information).
Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.
Identify and protect against reasonably anticipated threats to the security or integrity of the information.
Protect against reasonably anticipated, impermissible uses or disclosures.
Ensure compliance by their workforce.
Slide5The Importance of Protecting Patient Health Information
Employees may only access patient information on a “need to know” basis.
Keep all information confidential.
Access or use information only as required to perform job.
Provide the minimum necessary information.
Do not discuss information with others unless it is administratively or clinically necessary.
Do not use any electronic media to copy or transmit information unless specifically authorized to do so.
Slide6American Recovery and Reinvestment Act (ARRA)
The ARRA was a multibillion economic stimulus package.
A part of the Act was adoption of health information technology and the protection of the privacy and security of medical records.
Healthcare received around $150 billion in new funds.
$87 billion for Medicaid.
$24.7 billion to subsidize private health insurance.
$19.2 billion for health information technology (EHRs).
$10 billion for the National Institutes of Health.
Slide7Health Information Technology for Economic and Clinical Health Act
A
portion of the ARRA bill is called the Health Information Technology for Economic and Clinical Health Act (HITECH).
The HITECH Act, beginning in 2011, stipulated that providers would be offered financial incentives for demonstrating meaningful use of Electronic Health Records (EHR) until 2015.
If providers did comply with EHR use by 2015, penalties would be imposed.
ARRA, HITECH and HIPAA are separate and unrelated Acts but they do reinforce each other in certain ways.
Slide8Confidentiality Policy and Procedures
Limit access to patient information to authorized individuals only.
Implement technical, administrative and physical safeguards to protect medical record files and computerized data against unauthorized use, access and disclosure and ensure data confidentiality, integrity and availability.
Ensure institutional policies and practices with respect to confidentiality, security and release of information are consistent with regulations and laws.
Educate patients about organizational policies on confidentiality and use the notice of privacy practices as required by the HIPAA Privacy Rule.
Slide9Consequences of HIPAA Violations
Inappropriate disclosure of confidential information is subject to discipline:
Dismissal from employment.
L
icensed professionals are also subject to discipline by licensing and credentialing bodies.
The American Recovery and Reinvestment Act of 2009 (ARRA) established a tiered civil penalty structure for HIPAA violations.
Individuals whom knowingly obtain or disclose individually identifiable health information may be fined and/or imprisoned.
Slide10Ensuring EHR/EMR Documentation Integrity
There are a number of existing rules and regulations on documentation principles and guidelines.
Documentation integrity involves the accuracy of the complete health record.
It encompasses information governance, patient identification, authorship validation, amendments and record corrections.
Slide11Amendments to a Medical Record
An amendment is the alteration of document by corrections, addendums, retractions, deletions, late entries, re-sequencing, and reassignment.
An amendment is made after the original documentation has been completed and signed by the provider.
All amendments should be timely and bear the current date and time of documentation.
Slide12Addendum
An addendum is an entry added to a health record to provide additional information in conjunction with a previous entry.
The addendum should be timely, bear the current date, time, and reason for the additional information being added to the health record, and be electronically signed.
Slide13Correction
A correction is change in the information meant to correct inaccuracies after the original electronic document has been signed or rendered complete.
Corrections may also involve removing information from one record and posting it to another within the electronic document management system.
Slide14Retraction
Retraction is the action of removing information that was incorrect, invalid, or made in error, and preventing its display or hiding the entry or documentation from further general views.
The original information is available in the previous version.
An annotation should be viewable to the clinical staff so that the retracted document can be consulted if needed.
Slide15Deletion
A deletion is the action of permanently removing information that is not tracked in a previous version.
Most EHRs do not allow permanent deletion.
Slide16Late Entry
An addition to the health record when a previous entry was missed or was not written in a timely manner.
The late entry should be timely, bear the current date, time, and reason for the additional information being added to the health record and be electronically signed.
Slide17Re-sequencing
The process of moving a document from one location in the EHR to another within the same episode of care, such as a progress note that was linked to the wrong date.
No annotation of this action is necessary.
Slide18Reassignment
The process of moving one or more documents from one event of care to another event of care within the same patient record.
An annotation should be viewable to the clinical staff so that the reassigned document can be consulted if needed.