What is HIPAA Set of rules passed in 1996 that must be followed by doctors hospitals and other healthcare providers to help ensure that all medical records medical billing and patient accounts meet certain consistent standards with regard to documentation handling and privacy ID: 668924
Download Presentation The PPT/PDF document "HIPAA Health Insurance Portability &..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
HIPAA Health Insurance Portability & Accountability Act of 1996Slide2
What is HIPAA?
Set of rules passed in 1996 that must be followed by doctors, hospitals, and other healthcare providers to help ensure that all medical records, medical billing, and patient accounts meet certain consistent standards with regard to documentation, handling, and privacySlide3
What does HIPAA require?
Confidentiality
of
P
ersonal
Health Information (PHI)The ability for all patients to access their own medical records, correct errors or omissions, and be informed about how personal information is shared or used and about privacy procedures.
Shhh
…..Slide4
What health information is covered?
Electronic Records
Paper
Records
Fax Documents
Oral CommunicationSlide5
What health information is NOT covered?
Information that is NOT “individually identifiable”—cannot be linked to a specific personSlide6
Potential consequences for health professionals that don’t follow HIPAA
Termination
LawsuitSlide7
So let’s figure out when HIPAA has been followed and when it has been brokenSlide8
Scenario #1A 32 year old immigrant from a patriarchal country is giving birth in Indianapolis. As she is delivering the baby, she tearfully confesses to her doctor that this is her 4
th child and she simply cannot handle any more children. She tells the doctor that her husband refuses to use contraception or allow her to and she begs her doctor to tie her tubes and not tell her husband. The doctor complies.Slide9
Answer #1The doctor WOULD HAVE violated HIPAA by discussing the matter with the husband after the wife specifically asked her NOT to. Tying her tubes without her husband’s consent would NOT violate HIPAA, though it might violate hospital policies. Many hospitals require husband’s consent for tube-tying to prevent later litigation. The physician’s in a tricky spot on this one!Slide10
Scenario #2An 18-year-old high school senior at RHS gets pregnant. She does not want to have the child and her best friend takes her to a doctor’s office for an abortion. A few days later her mother reads a text about the abortion on her phone and angrily calls the doctor’s office, demanding more information. The receptionist confirms that her daughter visited the office for an abortion.Slide11
Answer #2The receptionist violated HIPAA and could be fired. Because she is 18, the girl’s mother does NOT have any legal rights to her medical information (unless the daughter signed a consent form giving her mother the rights, which seems highly unlikely in this case).Slide12
Scenario #3A mother e-mailed her son’s teacher about his history of seizures. Months later, the teacher replied to the e-mail to tell the mother about discipline problems. Communication eventually became contentious. The teacher forwarded the conversation to her best friend, a teacher at the same school. The information about the boy’s seizures was way at the bottom of the e-mail strain.Slide13
Answer #3The teacher (though not a medical professional) violated confidentiality and was fired (this is a real example!). If the OTHER teacher had the same student in class, though, that teacher would have a right to the medical information. In this case, the teacher that got the message did NOT have the student in class. That’s why confidentiality was violated.Slide14
Scenario #4A 33 year old woman visited her gynecologist for a routine STD screening. The doctor called back a week later to report the results. The husband answered the phone and the doctor shared the results with the husband.Slide15
Answer #4The doctor violated HIPAA UNLESS the woman had signed a consent form, giving her husband access to her medical information (which many women do). OTHERWISE, the doctor would ONLY be authorized to tell the woman herself the information, not to tell it to the person who answered the phone or even leave it on an answering machine.Slide16
Scenario #5A teacher at RHS decides that he needs to attend an in-patient drug rehabilitation program. He tells his employer that he needs time off “for medical reasons.” The employer requires a FMLA (Family Medical Leave Act) form from the employee’s doctor. The doctor fills it out, including information about the patient’s history with drug use.Slide17
Answer #5The physician did NOT violate HIPAA (though some people don’t like this part of the law). If you need time off and your employer asks for an FMLA form, they WILL receive detailed medical information about you!Slide18
Scenario #6Two nurses who work at Random Community Hospital are shopping together at Wal-Mart after work. As they walk around they talk about their patient Barbara. Although she’s in the hospital for diabetes treatment, they discuss the fact that her crazy “bug-eyes” mean she probably has an overactive thyroid (Graves’ disease). They wonder aloud whether to tell Barbara their suspicions.Slide19
Answer #6The nurses DID violate Barbara’s rights because they spoke about her IN PUBLIC and used IDENTIFYING INFORMATION (her first name).Slide20
Answer #7Two doctors are having lunch together in the Physician Dining Room at Random Community Hospital. As they eat they talk about the man with the terrible butt abscesses that they recently treated. They joke about how bad they smelled and about the fact that the juice that squirted out when they punctured one of the abscesses hit the nurse right in the face.Slide21
Answer #7They did NOT violate HIPAA. They were speaking in a PRIVATE area and BOTH physician’s had Bob as a patient. If it had been in public or one doctor had NOT had Bob as a patient, they would have violated HIPAA.Slide22
Scenario #8A 14-year-old freshman from Random High School is pregnant and visits
Gyne Limited. Her mother comes with her and comes into the doctor’s office for the visit. She asks the doctor many questions about the due date, the heart rate of the baby, methods of delivery, genetic risks, etc. The doctor answers all of the mother’s questions.Slide23
Answer #8The doctor did NOT violate HIPAA. All of your medical information may be shared with your parents until you are 18 years old (unless you’re emancipated)Slide24
FAQ’s
Q:What if I’m accidentally overheard
discussing a
client’s
PHI?
A:
It is not a violation as long as you were taking reasonable precautions and were discussing the protected health information for a legitimate purpose. The HIPAA privacy rule is not meant to prevent care providers from communicating with each other and their clients during the course of treatment. These "incidental disclosures" are allowed under HIPAA.Slide25
FAQ’s
Q: If I overhear patient care information in the elevator or in the hallway, how should I handle it?
A:
If appropriate, remind
the
speakers of
the policy in private. If the conversation clearly violates policies or regulations, report it to the Privacy Officer.Slide26
FAQ’s
Q: I work in the hospital and don't need to access PHI for my job, but every now and then a client’s family member asks me about a client.
What
should I do?
A:
Explain that you do not have access to that information, and refer the individual to the client’s healthcare providerSlide27
FAQ’s
Q: What should I do if a government agency or law enforcement person requests information
about a client
?
A:
If working with law enforcement is not part of
your responsibility, contact your supervisor. If it is your responsibility, provide only the minimum amount necessary to support the investigation after verification of the authority of the individual or organization making the request. Always consult your supervisor or the Privacy Officer if you are unsure what to do. The privacy rules are very specific in this area. Slide28
FAQ’s
Q: When I am speaking to a
client, and friends or family members are
in the
treatment room,
do I
assume the client has given me permission to speak of the PHI in front of these people or do I need to ask them to leave?A:It is ok to speak, unless the client objects. If you are uncertain, you can ask the client if it is okay to discuss his/her PHI in front of the person or persons in the room.Slide29
FAQ’s
Q:Can someone else pick up a client's x-rays, prescriptions, or
medical supplies
?
A:
Yes, if in the care provider's professional judgment it is okay to give the prescriptions,
x-rays, or medical supplies to that individual. Slide30
FAQ’s
Q:What if I get a phone call looking for information, and the caller says he/she’s the client? What should I do?
A:
If the request is made by phone and the requester identifies
him/herself
as the client, you can ask him/her to provide personal information for verification, such as his/her birth date or Social Security number.Slide31
FAQ’s
Q:I know that clients have a right to their PHI, but what about
parents/guardians of incompetent
clients?
A:
If someone other than
the client has the legal right to make healthcare decisions for the client, that person is the client's personal representative and has the right to access the client's PHI. However, if you have good reason to believe that informing the personal representative could result in harm to the client or others, then you do not have to disclose the PHI.Slide32
FAQ’s
Q:When the law requires me to make a disclosure, such as reporting HIV infection, do I need to tell the client that I disclosed the information?
A:
You need to tell the client
only
if he/she asks for an accounting of disclosures, and the disclosure was made without an authorization. If there is good reason to believe that informing the client could result in harm to that individual, then you may not be required to tell him/her. In some cases, government agencies can also require that the client not be informed. If you are in doubt, contact the Privacy Officer.Slide33
FAQ’s
Q:As part of my job, I have access to a client’s PHI. How do I know which family and friends can be told this information?
A:
Always ask the client who can receive this information and document the
client’s
response in the medical recordSlide34
FAQ’s
Q:If
the client is not conscious, to whom can we
disclose the PHI?
A:
You will have to decide this
on a case-by-case basis. If you know the client's preferences, as in “you can tell my spouse, but not my sister,” then document the request and follow it. Otherwise, use your professional judgment. Always use the Minimum Necessary standard--disclose only information that is directly relevant to the person's involvement with the client's healthcare. Once a client has regained consciousness, he/she will determine when and how to share protected health information.Slide35
FAQ’s
Q:What about requests to leave protected information on voice mail, an answering machine, or FAX machine
?
A:
If you are asked to send
or leave
messages, verify with the client or other approved individual that it is okay to leave messages. Make sure you confirm the number and leave only the minimum information necessary. Use a cover sheet identifying the proper recipient. Avoid leaving sensitive information in this manner.Slide36
FAQ’s
Q:What do I do
if I
receive a
request for PHI by fax
?
A:Most often, faxed requests for PHI will come from other healthcare providers or payers, like billing agencies or insurance companies although clients may occasionally ask to have information faxed to them. If a client, health provider, or payer requests that you fax PHI, get a specific fax number from them and double-check the number before sending.Slide37
FAQ’s
Q: What if I find a fax went to a wrong number?
A:
In the event that a fax went to a wrong number, try to retrieve the communication containing the PHI that was faxed to the wrong number or ensure that the information has been destroyed in a secure fashion.Slide38
FAQ’s
Q: Can I look up my own records online
?
A:
Yes, healthcare employees can look up their own records if they have access to the systems containing this information.Slide39
FAQ’s
Q: Can I
look up
information about my spouse or other family members?
A:
It depends. You may
access a spouse’s PHI only if you have your spouse's prior written permission. Otherwise, it is a serious violation. The same policy applies looking up family, friends, or co-workers. You must get their prior permission in writing. Slide40
FAQ’s
Q: Can I look up my children’s records
?
A:
It depends. Healthcare
employees
are allowed to look up the records of children in their custody who are under 11 years old. If your children are 11 years or older, you do not have the right to look up their records, and using the computer to access information inappropriately is a serious violation. You may, however, request information from your children's care providers. Slide41
FAQ’s
Q: What will happen if the PHI regulations have been violated?
A:
The
healthcare
system may
face civil or criminal penalties and be substantially fined. Further, employees who knowingly misuse protected health information may be subject to prosecution, fines, and/or imprisonment up toten years, in addition to any disciplinary actions by their employer.Slide42
Want to know more about HIPAA?
U.S. Department of Healthand Human Services
www.hhs.gov/ocr/hippa
If you have questions or need additional information, visit the official website
and take advantage of frequently
updated resources there.