Get documents about "Meck Hipaa
Shared by: xiuliliaofz
-
Stats
- views:
- 12
- posted:
- 12/29/2010
- language:
- English
- pages:
- 39
Document Sample
HIPAA
November 2010
First Responder In-service
HIPAA
•Health Insurance Portability and Accountability Act
•Federal law passed by Congress in 1996
•Regulations promulgated by the Dept of Health and
Human Services
•Guidelines implemented in April, 2003
1
Why HIPPA?
A Michigan-based health system accidentally posted the medical records of
thousands of patients on the Internet. (The Ann Arbor News, February 10,
1999)
A banker who also served on his county's health board cross-referenced
customer accounts with patient information. He called due the mortgages
of anyone suffering from cancer. (M. Lavelle, "Health Plan Debate Turning
to Privacy: Some Call For Safeguards on Medical Disclosure. Is a Federal
Law Necessary?" The National Law Journal, May 30, 1994)
1, 2
Why HIPPA?
Country singer Tammy Wynette's medical records were sold to the National
Enquirer and Star tabloids by a hospital employee for $2,610. William Cox's
position at the hospital entitled him to authorized access to several medical
record databases. He retrieved medical information about Wynette and faxed it
to the tabloids without her consent. Cox pleaded guilty to one count of wire
fraud and was sentenced to six months in prison. ("Selling Singer's Files Gets
Man Six Months,“ Houston Chronicle, December 2, 2000)
The late tennis star Arthur Ashe's positive HIV status was first disclosed
publicly not by himself but by a newspaper without his permission after
receiving the information from a health care worker.
1, 2
What does HIPAA do?
1.Creates standards for protecting the
privacy of health information
2. Creates standards for the security
and electronic exchange of health
information
1
Privacy Standard
Protects and enhances rights of
patients by providing them access and
control of their information
Specifies who can and can not access
PHI without the patient knowledge
Allows the patient to review and ensure
accuracy of their medical records
1,3
Security & Electronic Exchange
Standards
Ensure the confidentiality, integrity, and
availability of all e-PHI they create, receive,
maintain or transmit
Identify and protect against reasonably
anticipated threats to the security or integrity
of the information
Protect against reasonably anticipated,
impermissible uses or disclosures
Ensure compliance by their workforce
3
Who must follow the guidelines?
Health Plans
Healthcare Clearing Houses
Healthcare Providers
3
Who must follow the guidelines?
In Mecklenburg County each first responder
agency has a signed agreement with MEDIC
and the county, that they abide by HIPAA
regulations and standards.
Protected Health Information (PHI)
Identifies or can be used to identify an
individual
Written, Spoken, or Electronic
Created or received by a health care provider,
public health authority, employer, school or
university
1
PHI Examples
Patient name Vehicle identification and
All geographic subdivisions serial numbers
smaller than state
Device identifiers and serial
All elements of dates related to
patient(Date of Birth, numbers
Admission, Discharge or Death) Web Universal Resources
Telephone numbers Locators (URL)
Fax numbers Internet Protocol (IP) address
Electronic Email Addresses numbers
Social Security numbers
Biometric Identifiers
Medical record numbers
Health plan numbers Full face photographs
Account numbers Any unique identifying
Certificate/license numbers characteristic, number, or
code
1
First Responders Expectations with PHI
Respect the patient’s privacy
Do not share PHI unless absolutely necessary
when providing pt care.
Abide by the “minimum amount necessary”
clause
Follow the “Golden Rule” and common sense
when handling PHI
“Minimum Amount Necessary”
“A covered entity must make reasonable efforts to use,
disclose, and request only the minimum amount of
protected health information needed to accomplish
the intended purpose of the use, disclosure, or
request” 3
Do I need this to do my job?
“Golden Rule”
“Do unto others as you would have them do
unto you.”
Treat everyone's PHI as you would like your
health records to be treated.
How to Protect PHI
Spoken or verbal Written and Electronic
Lower your volume when Ensure access controls for
discussing PHI during reports
transfer of care Ensure HIPAA compliant fax
numbers and email
Provide patient reports in addresses
non-public areas Protect your computer
Do not discuss call after the screen when entering
incident to anyone not reports
involved in patient care Avoid photocopying
Limit the information you Use HIPAA shredders and
broadcast over the radio waste bins
Do not take pictures/video
2, 5
When can PHI be released? (1 of 2)
Written patient authorization must be
obtained before releasing Protected Health
Information for purposes other than:
Treatment
Payment
Operations
1
When can PHI be released? (2 of 2)
YES: NO:
Other responders on scene Press Releases / statements
providing direct patient care Social Networking Websites
MEDIC providing care Department Websites
MedCenter Air Fire dept. members not
Medical Control (in providing patient care
person/radio) Patient’s neighbors/friends
Hospital registration staff
Public Health Department Maybe:
Reporting suspected abuse Law Enforcement
Family / Care provider
Law Enforcement
Covered entities may disclose protected health information to
law enforcement officials for law enforcement purposes under
the following six circumstances, and subject to specified
conditions:
1. as required by law (including court orders, court-ordered
warrants, subpoenas) and administrative requests
2. to identify or locate a suspect, fugitive, material witness, or
missing person
3. in response to a law enforcement official’s request for
information about a victim or suspected victim of a crime
3
Law Enforcement
Covered entities may disclose protected health information to law
enforcement officials for law enforcement purposes under the
following six circumstances, and subject to specified conditions:
4. to alert law enforcement of a person’s death, if the covered
entity suspects that criminal activity caused the death
5. when a covered entity believes that protected health
information is evidence of a crime that occurred on its premises
6. by a covered health care provider in a medical emergency not
occurring on its premises, when necessary to inform law
enforcement about the commission and nature of a crime, the
location of the crime or crime victims, and the perpetrator of
the crime
3
Family / Care Providers
YES: NO:
Patient gives verbal or Patient does not consent
written consent Neighbor arrives asking,
Power of Attorney papers “What happened?”
are present Friends when patient is
If pt is incapacitated; closest incapacitated
relative or care provider HIV status
Psychiatric Issues
What happens if I violate HIPAA?
Civil Penalties Criminal Penalties
$100 per person per Up to $50,000 and/or 1 year
violation in jail for intentional
up to $25,000/year violations
Up to $100,000 and 5 years in
jail for obtaining PHI under
false pretenses
Up to $250,000 and 10 years
in jail for obtaining PHI with
intent to sell, transfer, use for
personal gain or cause
material harm
3,4
HIPAA Scenario 1
56yo male c/o CP, Tell the neighbor that you
dyspnea, n/v. Medic and Medic are taking
arrives and takes over care of a patient and
patient care. They that the information
determine the pt is a she is requesting is
STEMI. private, she’ll have to
Neighbor arrives and asks speak with the patient
if the patient is ok. or family.
What can you tell the
neighbor?
HIPAA Scenario 2
Same patient as before. You may provide the pt’s
You arrive at the name and state they are
hospital and the here for chest pain.
registration staff ask for You can’t tell them they
the pt’s name and are having an MI
reason they are here. because this would
violate “minimum
What can you tell them? amount necessary”
rule.
HIPAA Scenario 3
Your best friend’s sister was Yes – you could tell her that
involved in a wreck and is her daughter was injured
being taken to the trauma and taken to CMC.
center priority 1. You may not give specific
information on injuries or
Can you call your best details of the accident.
friend’s mother and tell “ Health care providers can share
her what happened? patient information as necessary to
identify, locate, and notify family
members, guardians, or anyone
else responsible for the individual's
care of the individual's location,
general condition, or death”3
3
HIPAA Scenario 4
You just provided care to a NO – Obtaining an
Carolina Panther’s autograph or photo is
player. unprofessional and
violates the pt’s privacy
Can you ask for an
autograph or picture? Putting information about
a patient on Face book®
Can you Face book ® his violates the pt’s privacy.
situation?
HIPAA Scenario 5
The patient tells you he has If asked you can tell them
consumed 12 beers in the what the patient has just
past 3 hours. He was told you. You are allowed
involved in a MVC. The to inform law enforcement
police come up and ask about the commission and
you if the pt is nature of a crime.
intoxicated. You may not give the police a
copy of your report, but
What can you say to them? you should document
EXACTLY what the patient
told you.
HIPAA Scenario 6
You responded to a house You may discuss the fire
fire and only suppression aspects of
participated in the fire the incident.
suppression . You saw Tell the news, “patient
three people treated by care is something you
Medic while you were will need to speak to
on scene. one of Medic’s PIOs
When the news asks you about.”
about pt. injuries what
can you say?
HIPAA Scenario 7
Should you take a picture Not advisable – PHI is so
of a car wreck and put it prevalent that it would
on your department or be very difficult to
personal website? remove all of it from a
photo. All victims,
license plates, and
anything else that can
be used to identify the
victims would have to
be removed.
HIPAA Scenario 8
You plan on faxing a copy You should call the
of your CPR intended recipient and
documentation to verify the fax number,
medical services. then include a cover
sheet. Once finished
How should you proceed? you should contact the
individual again and
ensure they received it.
HIPAA Scenario 9
You get back to the station No. This would violate the
after responding to a patient’s right to
medical call at an privacy. They were not
apartment complex. involved in the patient
Can you tell the other care and have no right
members of your to know.
station what happened
even though they were
not there?
HIPAA Scenario 10
You are on scene of a call. Yes – “Covered entities may
The patient tells you he disclose protected health
and a friend plan to kill 12 information that they
of his classmates and believe is necessary to
gives you a “hit list.” prevent or lessen a
serious and imminent
Can you call the police and threat to a person or the
tell them what was said? public, when such
disclosure is made to
someone they believe can
prevent or lessen the
threat (including the
target of the threat)”3
HIPAA Scenario 11
You run a cardiac arrest Yes – Dissemination of PHI
and need the patient’s is not just to a higher
name and DOB for your trained individual. It
report. works both ways. You
Can you contact the have the right to get
Medic crew for this basic demographic
information? information form the
Medic crew.
HIPAA Scenario 12
An insurance investigator Follow your department
arrives at your station guidelines as to giving
and wants a copy of the out fire reports.
house fire report you You must refer the
responded to last week. investigator to Medic
They also want the for names of the injured
names of all the people and patient care report
injured. information.
What can you give them?
HIPAA Scenario 13
The news camera crew is on No - News outlet and the
scene and they are public are subject to
filming you treating a common domain laws
patient. and HIPAA does not apply
to them. You can’t stop
Can you make them stop? them from filming.
Are you required to shield You could as a courtesy
the patient? shield the pt as best as
possible, but you are not
required to shield them.
HIPAA Scenario 14
You are on scene of a Yes - radio transmissions,
priority patient. while not private, are
permitted because it
Can you call Medic and involves treatment and
give them a patient care care of the patient. The
report over the radio? information you give
should be “minimally
necessary”.
HIPAA Scenario 15
After the call, Medic or the Yes - PHI is able to be
hospital wants to know disclosed for education
about a call you ran. They and research purposes.
state they are doing As part of Medic’s
research on first disclosure with all
responders and on scene patients they are notified
trauma times. that their information
could be used for that
Can you give them the purpose.
information they request
without a subpoena?
Summary (1 of2)
HIPAA provides for privacy and security
protections of healthcare information.
The penalties are severe for violating HIPAA.
You are required as a first responder agency to
protect PHI.
Your department should have written
guidelines for complying with HIPAA and you
should follow them.
Summary (2 of2)
Never provide any PHI without the patient’s
authorization unless you are dealing with
someone directly treating the patient.
When in doubt don’t provide information until
you are sure who it is going to and that they
have a right to the information.
Works Cited
1. http://www.mag.maricopa.gov/pdf/cms.resource/TAG_2007
_01-18_HIPAA-Security-PPP75683.pdf
2. www.utexas.edu/nursing/docs/hipaa.ppt
3. http://www.hhs.gov/ocr/privacy/
4. http://www.austincc.edu/hipaa/training/HIPAA-final-12-17-
05.pdf
5. CHS HIPAA ACE Module 2009
