Virginia Department for the Aging HIPAA Overview by 87qxFj6

VIEWS: 6 PAGES: 15

									Virginia Department for
       the Aging

   HIPAA Overview

       April 24, 2002


                          1
                    Agenda
    What is HIPAA?
    The Four Components of Administrative
    Simplification
    Who does HIPAA Apply to?
    Privacy Standards
    Additional Information



November 23, 2011                       2
              What is HIPAA ?
Health Insurance Portability &
 Accountability Act of 1996 (HIPAA)
       Public law 104-191
    1 Portability: Transfer of healthcare
        when employees change jobs
         • COBRA - Completed
    2 Accountability: Fraud/Abuse &
        Administrative Simplification

November 23, 2011                           3
  The Four Components of
Administrative Simplification
     Electronic Health Transactions
         Examples: Claims, Recipient Eligibility, Coordination
          of Benefits (COB’s), Claims Status

     Unique Health Identifiers and Standard
     Medical Code Sets
         Examples of Health Identifiers: National Provider ID,
          National Employer ID, Health Plan ID, National
          Individual ID
         Example of Medical Code Sets: National Drug Codes
          (NDC)

 November 23, 2011                                                4
             Administrative
          Simplification (con’t)
Security Standards & Electronic Signatures
 Security and privacy standards for
  administrative procedures
 Technical security services against
  unauthorized access to data
 Physical safeguards




November 23, 2011                       5
           Administrative
        Simplification (cont.)
   Privacy
       Signed by the Secretary of DHHS under Clinton
        Administration
       Posted to the Federal Register on 12/28/00
       Comply as of 04/13/2003
       Focus on Policy and Procedures protecting
        Individuals’ rights, and audit trails of disclosures of
        personally identifiable health information
        (regardless of whether in electronic form).
       Privacy Officer for Each Organization


November 23, 2011                                             6
 If You Remember Only
One Thing About HIPAA?
   Focus on Policy and Procedures
   protecting Individuals’ rights, and
   audit trails of disclosures of
   personally identifiable health
   information (regardless of whether in
   electronic form).



November 23, 2011                          7
Who does HIPAA Apply to?
 Examples of “Covered Entities” are:
     Health Care Providers
         Doctors, Dentists, Hospitals
     Payers/Plans
         HCFA (Medicare/Medicaid)
         Collection Agencies
         HMO’s, Group Health Plans
     Prescription Drug Dispensing/Testing
         Pharmaceuticals, Drug Stores, Labs
     Clearinghouses/Donor Organizations
         CDC, Blood banks, Organ Donors


November 23, 2011                              8
          Privacy Standards
    Protected Health Information (PHI) by the
    regulation
        Information relating to an individual’s physical or
         mental health, health care treatment, or payment
         for health care.
        Protection continues as long as information in the
         hands of covered entity
        Covered entities are encouraged to de-identify
         health information by removing, encoding,
         encrypting identifiers.
        Personally identifiable health information in any
         form or medium.


November 23, 2011                                              9
             Privacy Standards
   Covered Entity must enter into a
   contract requiring that identifiable
   information be kept confidential by a
   Business Associate receiving
   information from or on behalf of a
   covered entity




November 23, 2011                      10
              Privacy Standards
    Obligations of health care plans and
    providers
        Provide Training to all staff who have access to PHI
        Establish administrative, technical, and physical
         safeguards
        Establish Policies and Procedures
        Develop and apply sanctions from re-training to
         reprimand to termination
        Have available documentation with the regulation
         requirements
        Develop methods to disclose minimum amount of
         PHI
        Develop and use contracts with business partners


November 23, 2011                                           11
           Privacy Standards
    Minimum Necessary Standard:
     “Must maintain every effort not to use or disclose,
       internally or externally, any more information than
       is necessary to accomplish the intended purpose.”


    Preemption:
     Provides a “floor” of privacy protection. State laws
       that are “less protective” of privacy are preempted.
        States are free to enact “more stringent” statutes.




November 23, 2011                                             12
           Privacy Standards
    Penalties and Enforcement
        Civil Liability for each standard provision violated the
         penalty up to $25,000 in any calendar year
        Federal Criminal penalties are fines up to $50,000/and
         or 1 year imprisonment for using or disclosing
         individual identifiable health information
        If disclosure is “under false pretenses, $100,000 fine
         and/ or up to 5 years imprisonment”
        If offense is with intent to sell, transfer, or use
         individual identifiable information for commercial gain,
         $250,000 and / or imprisonment of up to 10 years
        Enforcement has been delegated to the Office for Civil
         Rights (OCR) for civil enforcement and Department of
         Justice (DOJ) for criminal enforcement

November 23, 2011                                              13
           Compliance Gaps –
               Privacy
Paper copies of patient records aren’t shredded
Registration terminals can be viewed by visitors
General lack of awareness as to where identifiable
health information is being sent
Staff discuss patient care in public places such as
elevators, cafeterias, and waiting rooms
Facsimile copies are sent to physicians at
unidentified phone numbers
Lack of ongoing privacy training for workforce
                    Provided by Phoenix Health Systems



November 23, 2011                                        14
                    References
    (www.healthprivacy.org)
    http://aspe.hhs.gov/admnsimp/
    http://www.hipaadvisory.com/

     HIPAA questions to – HIPAA-QUESTION@list.nih.gov

     Privacy question to – ocrprivacy@os.dhhs.gov




November 23, 2011                                       15

								
To top