HIPAA suicide attempt

Document Sample
HIPAA suicide attempt Powered By Docstoc

...and Patient Confidentiality

*Health Information Portability and Accountability Act
Is There a Problem
With Unauthorized / Unlawful Release of
Personal Health Information?
   Here are just a few of the incidents leading up to the
    establishment of HIPAA:

   After news of actress Nicole Kidman’s surgery was leaked
    to the press, photos of her leaving the UCLA Medical Center
    appeared in papers with commentary about her health
    status. (Parade Magazine, May 10, 1998)

   In a 1996 survey, 206 respondents reported discrimination
    as a result of access to genetic information, culminating in
    loss of employment and insurance coverage, or ineligibility
    for benefits. (Science and Engineering Ethics, 1996)

   In Tampa, Florida, a public health worker walked away with a
    computer disk containing the names of 4,000 people who
    tested positive for HIV. The disks were sent to two
    newspapers. (USA Today, October 10, 1996)

          Area Wide Health Care Facility Orientation               2
   A survey found that 35% of Fortune 500 Companies
    look at people’s medical records before making
    hiring and promotion decisions. (Unpublished study,
    University of Illinois at Urbana-Champaign, 1996)

   The Harvard Community Health Plan, a Boston-
    based HMO, admitted to maintaining detailed notes
    of psychotherapy sessions in computer records that
    were accessible by all clinical employees. Following
    a series of press reports describing the system, the
    HMO revamped its computer security practices.

   A banker who also served on his county’s health
    board cross referenced customer accounts with
    patient information. He called due the mortgages of
    anyone suffering from cancer. (The National Law
    Journal, May 30, 1994)
        Area Wide Health Care Facility Orientation        3
   New York Congresswoman Nydia Velasquez’
    confidential medical records —including details of a
    bout with depression and a suicide attempt — were
    faxed from a New York hospital to a local
    newspaper and television station on the eve of her
    1992 primary. After overcoming the fallout from this
    disclosure and winning the election, Rep. Velasquez
    testified about her experiences before the Senate
    Judiciary Committee as it was considering a health
    privacy proposal.

   In Maryland, eight Medicaid clerks were prosecuted
    for selling computerized record printouts of
    recipients’ and dependents’ financial resources to
    sales representatives of managed care companies.

        Area Wide Health Care Facility Orientation       4
   The 13-year-old daughter of a hospital employee
    took a list of patient’s names and phone numbers
    from the hospital when visiting her mother at work.
    As a joke, she contacted patients and told them that
    they were diagnosed with HIV. (The Washington
    Post, March 1, 1995)

   The director of a work site health clinic operated by
    a large manufacturing company testified that he was
    frequently pressured to provide personal information
    about his patients to his supervisors.

   The late tennis star Arthur Ashe’s positive HIV
    status was disclosed by a health care worker and
    published by a newspaper without his permission.

        Area Wide Health Care Facility Orientation      5

   “HIPAA” is an acronym for Health
    Insurance Portability and
    Accountability Act of 1996
   Also known as Public Law 104-91
   Title II of this Act provided for :
o    Improved efficiency in healthcare delivery by
     standardizing electronic data interchange
o    Protection of confidentiality and security of health
     data through setting and enforcing standards
    (Phoenix Health Systems, 2006)

         Area Wide Health Care Facility Orientation         6
   HIPAA Called upon the Department
    of Health & Human Services (HHS)
    to publish rules to insure:
o   Standardization of electronic patient health,
    administrative, and financial data
o   Unique health identifiers for individuals, employers,
    health plans, and health care providers
o   Security standards protecting the confidentiality and
    integrity of “individually identifiable health
    information”—past, present, and future

        Area Wide Health Care Facility Orientation      7
   HIPAA calls for severe civil and
    criminal penalties for
o   Fines up to $25,000 for multiple violations
    within the same calendar year
o   Fines up to $250,000 and / or
    imprisonment of up to 10 years for
    knowingly misusing individually identifiable
    health information

       Area Wide Health Care Facility Orientation   8
   Compliance requirements
o   Building initial organizational awareness of HIPAA
o   Comprehensive assessment of the organization’s
    privacy practices, information security systems and
    procedures, and use of electronic transactions
o   Developing an action plan for compliance with each
o   Developing a technical and management
    infrastructure to implement the plans
o   Implementing a comprehensive implementation

        Area Wide Health Care Facility Orientation        9
   Implementation of the
    comprehensive action plan includes:
o   Developing new policies, processes, and procedures
    to insure privacy, security, and patient’s rights
o   Building business associate agreements with
    business partners to support HIPAA objectives
o   Developing a secure technical and physical
    information infrastructure
o   Updating information systems to safeguard protected
    health information (PHI) and enable use of standard
    claims and related transactions
o   Training of all workforce members
o   Developing and maintaining an internal privacy and
    security management and enforcement
    infrastructure, including providing a Privacy Officer
    and Security Officer

        Area Wide Health Care Facility Orientation      10
The Privacy Rule
   Imposes restrictions on the use or
    disclosure of personal health
   Provides the individual with greater
    assurance that their security
    information is guarded from intrusion
   Provides greater protection for the
    individual's health information and
    health record

       Area Wide Health Care Facility Orientation   11
Protected Health Information
   What is PHI?
o   Any time the individual gives personal
    health information to a provider, it becomes
    Protected Health Information, including:
o   Verbal information
o   Written Information
o   Recorded Information
o   Electronic Information, e.g., faxes, e-
o   Patient’s name, address, SSN, Doctor’s
    or Nurse’s Notes, Billing Information
       Area Wide Health Care Facility Orientation   12
Authorization Guidelines

   Patient authorization for release
    of PHI must be obtained:
   Use or disclosure of psychotherapy
   For use or disclosure to third parties
   For research purposes

       Area Wide Health Care Facility Orientation   13
Authorization Guidelines

   PHI can be released without patient
    authorization for the following
o   Public health activities related to disease control or
o   To inform appropriate agencies, as directed by law
    or regulation
o   To report victims of abuse, neglect, or domestic
o   To funeral homes
o   To tissue / organ banks or programs
o   To avert any serious threat to public safety or health
        Area Wide Health Care Facility Orientation       14
Informed Consent

   Patients have the right to
    adequate and timely notice
    when PHI has been

      Area Wide Health Care Facility Orientation   15
    Protective Mechanisms for
    Health Information
   Physical Safeguards: e.g.,
    Computer terminals and screens not
    within or visible to public areas
   Technical Safeguards: e.g., every
    employee must safeguard their
    computer access code
   Administrative Safeguards: e.g., Set
    policy & procedure for releasing
    patient information

        Area Wide Health Care Facility Orientation   16

   Each organization is required by
    regulation to have a Safety and /
    or Privacy Officer—patient may
    forward complaint to that
   Or…
   The Director, U.S. Department
    of Health and Human Services
      Area Wide Health Care Facility Orientation   17
   Phoenix Health Systems (2006). HIPAA primer. Retrieved
    November2, 2006 from

   Privacy Rights Clearinghouse (2006). How private is my medical
    information? Retrieved November 4, 2006 from

         Area Wide Health Care Facility Orientation              18

Shared By: