Download Are you HIPPA Safe?

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

Hospital-acquired infection wikipedia , lookup

Transcript 
TRIAGE LOGIC 2013


The Health Insurance Portability and Accountability Act of
1996 was part of the Clinton healthcare reform agenda. Its
original intention was to provide for "portability" of
insurance for the insured. This means that those persons
with chronic conditions that changed employers would not
loose coverage. However, this bill grew as it moved through
Congress and contains five "Titles."
Title II is entitled, "Preventing Healthcare Fraud and Abuse."
Under Title II is subsection "F" which is entitled,
"Administrative Simplification." This subsection is what is
currently known as HIPAA. This law applies to all providers,
payers, and clearinghouses. These are considered "covered
entities."

The HIPAA Privacy Rule provides federal
protections for personal health information
held by covered entities and gives patients an
array of rights with respect to that
information. At the same time, the Privacy
Rule is balanced so that it permits the
disclosure of personal health information
needed for patient care and other important
purposes.

The Privacy Rule gives patients more control over
their Protected Health Information (PHI).
To standardize the electronic transaction
formats of the healthcare claim or encounter,
claim payment and remittance advice, health
plan enrollment and disenrollment, premium
payments, health plan eligibility, healthcare
claim status, referral certification and
authorization, healthcare claim attachment, and
first report of injury.
 To provide for privacy of patient information.
 To provide for security of electronic information.

 Information sent or stored in any form.
 Information that identifies the patient or can be
used to identify the patient.
 Information that is created or received by a
covered entity-that generally is about a
patient’s past, present and/or future treatment
and payment of services.

A patients email address is not HIPAA
protected information?
Names
 Address Including Zip Codes
 All Dates
 Telephone & Fax Numbers

E-mail Addresses
 Social Security Numbers

Medical Record Numbers

Health Plan Numbers

License Numbers
 Vehicle Identification Numbers
 Account Numbers

Biometric Identifiers

Full Face Photos
 Any Other Unique Identifying Number, Characteristic or
Code

 The Privacy Rule gives patients the right to:
 have their PHI protected.
 inspect and copy their records.
 request that PHI in their records be corrected or changed.
 ask for limits on how their PHI is used or shared.
 ask that they be contacted in a specific way, such as at
work and not at home.
 get a list of disclosures made of their PHI.
 Patients can decide (written permission is not
needed) if they want some or all of their PHI to be
used or shared, such as:
 for patient directories.
 to friends and family members involved in patient
care or payment.






As required by law, such as reporting abuse or
neglect.
For law enforcement.
For organ donation organizations.
To medical examiners and funeral directors.
To avoid threats to health and safety.
For certain research activities if the IRB has
granted a waiver.
A. Keeping your computer screen tilted away from
public areas
B. Locking up laptops and other portable devices
when not in use
C. Leaving a shared computer logged on, so your
coworker doesn’t have to log on all over again
D. Selecting secure passwords
E. Making sure doors and desks are locked as
appropriate





Turn your computer off when not working.
Minimize your screen when others walk into
view
Do not share your passwords with anyone in
your household
Do not allow others to utilize your work
computer
Work in a quiet environment with a door as to
block out “home noise”.

Incidental Disclosure: generally refers to a
sharing of PHI that occurs related to an
allowable disclosure of PHI.
An “incidental disclosure” is allowed if
steps are taken to limit them.
 For example, visitors may hear a patient’s name as
it’s called out in a waiting room or overhear a
clinical discussion as they are walking down a
hallway on the unit.

Take steps or reasonable safeguards to secure and
protect PHI.

For example:
 Speak in soft tones when discussing PHI;
 Do not discuss PHI in public hallways or in elevators;
 Use (but do not share) computer passwords; and
 Lock cabinets that store PHI.



You can talk with other providers or patients,
even if you may be overheard .
You can orally arrange services at nursing
stations.
You can discuss a patient’s condition with
the patient, other providers or family
members over the phone or in a patient’s
semi-private room.



You can talk about patient conditions in our
education programs.
Prescriptions can be discussed with the
patient by phone.
Messages can be left on answering machines
or with those who answer the phone, but the
message should be limited to minimum
necessary and sensitive information should
not be used.


You must try to honor patient requests about
how and where to reach them, such as at
work instead of at home.
Patients’ names can be called in waiting
rooms or over speakers.
A. a one-year prison sentence and a $50,000
fine
B. a 10-year prison sentence and $250,000 fine
C. a five-year prison sentence an $100,000 fine
D. a $100 fine
E. none of the above


HIPAA details civil and criminal penalties for
non-compliance. The civil monetary penalty is
$100 per violation with a maximum of $25,000
per violation of the same standard per year. The
criminal penalties include up to 10 years
imprisonment and fines up to $250,000.
CHKD policies include disciplinary action up to
and including discharge.

On February 14, 2011, HHS entered into a Resolution
Agreement with The General Hospital Corporation and
Massachusetts General Physicians Organization, Inc., (Mass
General) to settle potential violations of the HIPAA Privacy
and Security Rules. In the agreement, Mass General agrees
to pay $1,000,000 and enter into a Corrective Action Plan
(CAP) to implement policies and procedures to safeguard the
privacy of its patients.

The incident giving rise to the agreement involved the loss of
protected health information (PHI) of 192 patients of Mass
General’s Infectious Disease Associates outpatient practice,
including patients with HIV/AIDS. The Office for Civil Rights
(OCR) opened its investigation of Mass General after a
complaint was filed by a patient whose PHI was lost on
March 9, 2009. OCR’s investigation indicated that Mass
General failed to implement reasonable, appropriate
safeguards to protect the privacy of PHI when removed from
Mass General’s premises and impermissibly disclosed PHI
potentially violating provisions of the HIPAA Privacy Rule.
http://www.hhs.gov/news/press/2011pres/02/20110224b.htm
l

The HHS Office for Civil Rights (OCR) has issued a Notice of
Final Determination finding that a covered entity, Cignet
Health of Prince George’s County, MD (Cignet), violated the
Privacy Rule of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA). HHS has imposed a civil
money penalty (CMP) of $4.3 million for the violations,
representing the first CMP issued by the Department for
violations of the HIPAA Privacy Rule. The CMP is based on
the violation categories and increased penalty amounts
authorized by Section 13410(d) of the Health Information
Technology for Economic and Clinical Health (HITECH) Act.

In a Notice of Proposed Determination issued Oct. 20, 2010,
OCR found that Cignet violated 41 patients’ rights by
denying them access to their medical records when
requested between September 2008 and October 2009.
These patients individually filed complaints with OCR,
initiating investigations of each complaint. The HIPAA
Privacy Rule requires that a covered entity provide a patient
with a copy of their medical records within 30 (and no later
than 60) days of the patient’s request. The civil money
penalty (CMP) for these violations is $1.3 million.

OCR also found that Cignet failed to
cooperate with OCR’s investigations on a
continuing daily basis from March 17, 2009, to
April 7, 2010, and that the failure to
cooperate was due to Cignet’s willful neglect
to comply with the Privacy Rule. Covered
entities are required under law to cooperate
with the Department’s investigations. The
CMP for these violations is $3 million.

Rite Aid Corporation and its 40 affiliated
entities have agreed to pay $1 million to
settle potential violations of the Health
Insurance Portability and Accountability Act
of 1996 (HIPAA) Privacy Rule, the U.S.
Department of Health and Human Services
(HHS) announced today. In a coordinated
action, Rite Aid also signed a consent order
with the Federal Trade Commission (FTC) to
settle potential violations of the FTC Act.

OCR, which enforces the HIPAA Privacy and Security Rules,
opened its investigation of Rite Aid after television media
videotaped incidents in which pharmacies were shown to
have disposed of prescriptions and labeled pill bottles
containing individuals’ identifiable information in industrial
trash containers that were accessible to the public. These
incidents were reported as occurring in a variety of cities
across the United States. Rite Aid pharmacy stores in several
of the cities were highlighted in media reports.

All healthcare workers are legally and
ethically responsible and accountable for
maintaining the privacy and confidentiality
of protected health information (PHI).
Related documents
answer key
answer key
Slide 1
Slide 1
hippa - Lowell Chiropractic and Health
hippa - Lowell Chiropractic and Health
HIPAA
HIPAA
Patient and Privacy Form 2014
Patient and Privacy Form 2014
DOC - Rhoads Orthodontic Specialist
DOC - Rhoads Orthodontic Specialist
columbiadoctors.org How else can we use or share your
columbiadoctors.org How else can we use or share your
Alyeska Physical Therapy Wasilla, Alaska providing quality physical
Alyeska Physical Therapy Wasilla, Alaska providing quality physical
Alyeska Physical Therapy Wasilla, Alaska providing quality physical
Alyeska Physical Therapy Wasilla, Alaska providing quality physical
JFC`s notes for lecture 20
JFC`s notes for lecture 20
Potential Sanctions for Privacy and Security
Potential Sanctions for Privacy and Security
HIPAA Privacy - LSU Health New Orleans
HIPAA Privacy - LSU Health New Orleans
PIH Health Hospital
PIH Health Hospital
Group Health Plan Compliance with HIPAA and ERISA
Group Health Plan Compliance with HIPAA and ERISA