HIPAA Presentation Student 091 by 666yj4


  The University of Toledo

       Lynn Hutt
Compliance/Privacy Officer

o Compliance
  o Privacy
  o Security
o Family Educational Rights and Privacy
  Act - FERPA
o Public Records
o Obama Administration - 2010
Who is the Compliance Officer?

          Lynn Hutt
Health Insurance Portability and
Accountability Act (HIPAA)
o Privacy – covers certain
  health information in any
  form. Written, spoken,
  electronic or any other

o Security – covers
  information that is stored
  or transmitted
  electronically. Internet,
  computer networks.
    What is HIPAA?
o   Law created to improve access to
    health insurance, protect the privacy
    of health information and promote
    standardization of electronic health-
    care related records to improve and
    safeguard their use.

o   Not:
    Hospitals In Pain, Aguish, and Agony
Patient privacy is everyone’s concern.

   It’s a basic part of patient care.
What can happen if you don’t follow the
    Privacy Rule?
o There may be a fine for each
  violation of the rule. Total fines can
  go up to $1.5 million per year.
o A person can be fined or sent to
  o “Fifteen fired, eight disciplined for looking at medical records of
    octuplet mother.” FoxNews.com March 2009

  o “CVS Pays $2.25 Million to Settle HIPAA Privacy Case” HHS.gov Feb

  o “Staff nurse faces jail time for copying medical record with intent to do
     malicious harm. Possible 10 years in prison, fine of $250,000. The
     nursing board is seeking to revoke her license.” Renal and Urology
     News Oct. 2008
   A Closer look at PHI
o Pay attention to information that gives details
  about who a person is:

   o   Name
   o   Social Security Number, Account Number, MRN
   o   All or part of an address
   o   Phone or fax number
   o   Drivers License number, license plate
   o   Date of Birth
   o   Admission or discharge date
   o   Tattoo's
       When combined with health information these could
       be considered PHI. Health Information is protected
       if it could be used to identify somebody.
Examples of PHI:

o Medical record            o Information sent from
o Prescription label          one place to another-
                              computer, fax, phone
o An x-ray                    or mail.
o Doctor’s notes about a    o Computer monitors
  patient                     that can be seen by
o A letter giving patient     the public
  test results              o Information that you
o Facesheet                   say ALOUD.
o Waste material that       o Facebook, pictures of
  contains personal           patients.
  information- patient
  label                        To name a few!!!
HIPAA Rule: Minimum Necessary

o Only access PHI you need to do
  your job.

o Any time you share PHI with
  others provide only the
  information the other person or
  organization needs.
    General rules for
        disclosing and using PHI

o    You may disclose or use PHI for
     health-care purposes.
       Treat a patient
       Get payment for health-care services
       Continuity of Care
       Quality Assessment
       Fraud and Compliance programs
       Competency activities –accreditation
       Federal/State Agencies
       Suspected abuse or neglect
       Organ donation
Permitted disclosures
o T-Treatment
o P-Payment
o O-Health care operations

  In all instances, strict regulations apply.
Incidental disclosures of PHI

o When PHI is seen or heard by
  someone who does not need to

  o Even though UTMC has taken
    appropriate steps to limit the
    information shared or keep the
    information private.

   Example-nurses stations or two patients in the
   same room
Getting authorization to disclose

o Authorization to disclose PHI must
  be obtained when
  o Provided to insurer or other business
    for marketing
  o Information is communicated to an
    employer (pre-employment physical)
Some Do’s and Don’ts when talking
   about patients

DO’s                       DON’Ts
o Speak quietly when       o Share PHI with people
  possible                   who don’t need to
o Avoid using patient        know it to do their job
  names in hallways and    o Share PHI you are not
  public areas               authorized to disclose
o Share information        o Let privacy issues
  needed to treat the        keep you from
  patient                    treating the patient
o Use a private space to     properly
  discuss patient
   Safeguard guidelines

o Shut and lock doors when leaving
o PHI should be not visible or audible
o Computer monitors should be turned away
  from the direction of public view
o Copy only the minimum necessary
o Securely dispose of all PHI
o Home offices subject as well
o Record storage areas must be secure
Safeguard guidelines cont.

o Printers and Fax Machines must be
o Unauthorized personnel may not be left
  alone without supervision
o Policies apply to any Portable Device or
o Visitors must be accompanied
o EVERYONE is responsible for PHI
Protect printed PHI
o Where is printed PHI?
  o   Patient chart
  o   Wrist tag
  o   Prescription bottle
  o   Lab report
  o   X-ray
  o   Log sheets/patient lists
  o   Patient mailing list
  o   Faxes

  o ALWAYS use a shred bin for printed PHI!
Patient rights

o They have them
o They know them
o Respect them
Your responsibility
o Know policies and practice
  appropriate procedures within your

o If unsure, ASK
o The Family
  Educational Rights
  and Privacy Act of

o Protects students
  ent records.
Public records

o The University of Toledo’s
  operational functions are considered
  public records.

o Emails
o Reports
o Contracts
President Obama legislative changes
     to HIPAA
o Health Care Reform
o American Recovery & Reinvestment
  Act of 2009 (ARRA)

o New requirements will include:
  o   Notification of HIPAA breaches
  o   Application of HIPAA to BA’s
  o   Restrictions requested by patients
  o   Electronic Health Records
  o   Increased penalties and enforcement

 How do I report….

o Report concerns in these steps:
  o   First to your professor
  o   Advisor or Dean of College
  o   Student Academic Affairs
  o   Compliance/Privacy Officer, x 6933
What are my rights….
o Non-retaliation policy
o Qui tam provisions (“whistleblower” )
Quiz questions
o Who’s the Compliance/Privacy Officer?
o Name 3 safeguards for PHI?
o What does HIPAA stand for?
o Name 3 examples of PHI.
o Can you be held personally responsible
  for a HIPAA violation?
o What is minimum necessary?
o If you are unsure, what should you do?
o PHI used for TPO are permitted
  disclosures, what does TPO stand for?

    It’s   YOUR Responsibility.

To top