Hipaa Online Test

Health Insurance Portability & Accountability Act

Federal privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers.

Took effect on April 14, 2003.

Access to their medical records and more control over how their personal health information is used and disclosed

limiting administrative cost of health care, privacy issues, and preventing fraud and abuse were of primary importance. The law has also had to include privacy and confidentiality rules to protect the patient

Privacy and Confidentiality rules

To protect the patient

Department of Health and Human Services (HHS)

It's uniform, federal floor of privacy protections for consumers across the country.

State laws providing additional protections to consumers are not affected by this new rule

It reduces health care fraud, guarantee security and privacy of healthcare info., enforce standards for electronic data interchange

1. Portability 2. Standardization 3. Administration Simplification 4. Accountability 5. Privacy Protection

Continuity of coverage access; denial of coverage based on pre-existing conditions

Of billing of format and language

Same computer language industry wide

Same computer language industry wide

Oral, written, electronic information management

1. Uniform billing process 2. Use of electronic transmittals 3. Continuity in patient care 4. Employment opportunities-HIPAA officers, Office of Civil Rights expanded, fraud squads, hotlines 5. Violation of confidentiality now a federal crime !!!

1. Patient's expectations of privacy and confidentiality are important to providing quality care 2. Affects all aspects of care: hospitals, outpatient, diagnostic, or the business office 3. Laws have increased in strength in response to situations in which private information has ended up in the wrong hands

1. Protects the privacy and the security of individually identifiable health information 2. Establishes the 6 patient rights of health information

1. Receive notice of privacy policies 2. Access to health information on file 3. Limit uses and disclosures of medical information 4. Make amendments to medical record 5. Revoke authorizations 6. Have an accounting of info disclosures for up to 6 years

1. Electronic Data Interchange 2. Security 3. Privacy

A. Any person who deals with individually identifiable health information B. Direct care providers C. People who handle billing D. People who plan health operations E. Those providing pieces of service

When patients provide information to their providers they expect only people who are caring for them will see it and it be used to help care for them

1. Physical and Mental health 2. Provision of health care to patient 3. Payment for the patient's health care 4. Anything that can be communicated orally in written form or through other media Ex. Name, date of birth, SS #, address, phone #, patient account #, date, location of healthcare service, Dx., Tx., meds, email address, photo, lab results.

Determine what services patients are to receive Use confidential information to be able to bill patients or their insurance companies Quality control directors review information to make sure patients are receiving quality care

1. Selling information for databases 2. Advertising

From The Patient

Must be in writing and the patient voluntarily agrees to let the organization use the information for a particular purpose

Patients have the right to revoke at any time

•Information about an organ donor •About a deceased patient •For fundraising as long as the information is limited to individual demographics and dates of service

•When public responsibility requires disclosure

1. Crime has been committed 2. Abuse 3. STD's,TB 4. Organ donation 5. Death- funeral; director

1) Technology

Information can be disclosed to other health care providers if the information is for treatment. Only minimal amount of PHI is handled

Patient's consent for release.

Ex. Limit use of faxes for highly sensitive information, verify numbers & availability of receiver, keep fax machines secure, remove fax promptly on arrival.

How much information are you planning to use or disclose? •How important is it that you use/disclose this information? •What is the likelihood that further uses or disclosures could occur? •Where is the information being disclosed (location) and in what form (paper, verbal, or electronic)

•If someone asks for information about a patient's case, ask why it is needed and disclose only the minimum amount necessary for that person to do his or her job.

•Establish clear policies and practices that minimize information revealed •Maintain training •Obtain authorizations and maintain files

Must have a written privacy procedure (Notice of Privacy practices- this tells patients their rights to their own records, make copies, and request amendments to them) •Must educate their staff on proper procedures for maintaining confidentiality •HCP are permitted but not obligated to disclose confidential inform. For public health purposes

•HIPAA gives the patients the right to inspect and copy the PHI that your facility keeps about them

•Specific forms such as General Records Release, Authorization for Use or Disclosure of PHI

•When the HCP believes that it is not in the patient's best interest •When it may endanger the life of physical safety of the patient or another person

•Psychiatric situations •Genetic Treatment •HIV/AIDS

-Inadvertent -civil -Criminal

Inadvertent-standards in place, safe guards present, still happened: None

Example: Nurse takes copy of lab results home with her

Civil- Done w/o intent to gain, but deliberate: $ 100.00 per violation up to $25,000.00 per year for each violation-

Example: Practice signing in with "Reason for Visit" column

Deliberate, for gain, causes harm- $250,000.00 in fines and up to 10 years jail time

Example: Publishing- or allowing the publishing of health status or care detail of a patient

•Policy updates every 2 years •Password changes •Implementing and maintaining valid training programs •Implementing disciplinary measures when policies are violated •Maintain method to identify and report fraud practices or confidentiality violations

•If visitors ask about a patient, direct them to the information desk, the compliance officer or medical records department

1. Any personally identifiable information is now confidential 2. Patients are allowed access to copies of their MR 3. HCP must now provide a written statement to the pt that states how personal information may be used (pt rights of confidentiality) 4. The use of personal medical information is now limited 5. Discussion of Healthcare options and tx options 6. Pt may now request confidential communication be done in a way they prefer

Protected Health Information