The document discusses the Health Insurance Portability and Accountability Act (HIPAA) and how it relates to protecting patient privacy and confidentiality. HIPAA aims to assure health insurance portability, reduce fraud, and guarantee confidentiality of health information. It requires covered entities like hospitals and healthcare providers to implement privacy protections for protected health information. HIPAA affects how patient information can be shared, used, and accessed according to regulations regarding consent, authorization, and permitted disclosures for treatment, payment, and operations. Staff must be trained on HIPAA policies and compliance is mandatory to avoid penalties for violations.
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Â
HIPAA
1. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
HIPAA
JCAHO Mandatory
Annual Competency
Chesapeake Medical Staffing
2. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
HIPAA Initiative
Health care has always tried to maintain
confidentiality, but efforts have not always
been successful. Public trust in health care has
eroded and the health care industry needs to
work hard to regain that trust. Health care
institutions and providers have worked to
make sharing of medical information easier to
help facilitate care and payment.
3. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
HIPAA
The Health Insurance Portability and Accountability Act
(HIPAA) was enacted in 1996 to cover three specific
areas:
1. Insurance portability or the ability to move to
another employer and be certain that
your insurance will not be denied
2. Fraud enforcement and accountability
3. Administrative simplification
The first two areas have been active since 1996, but it
took until April of 2003 to enact administrative
simplification.
4. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Administrative
Simplification
Administrative simplification refers to the
guidelines that impact healthcare providers in
the communications with other providers,
families, friends, and the media. It includes
written, verbal, phone, fax, and email
communications.
5. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Impact on the Caregiver
The essential parts of the administrative simplification
section of the law have to do with:
⢠consents
⢠authorization
⢠patient privacy
⢠confidentiality
⢠security of patient
The law directs all health care providers and facilities to
have standards in place to protect patient information
and to educate staff on their responsibilities in this
important area.
6. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
HIPPA is designed to:
ďŹ Assure health insurance portability
ďŹ Reduce health care fraud and abuse
ďŹ Guarantee integrity and confidentiality of
health information
ďŹ Improve the operations of health care
systems and reduce administrative costs
7. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Privacy vs. Confidentiality
Privacy is the individualâs right to decide who,
when, and how any information about him or
herself is disclosed.
Confidentiality is the obligation of another to
maintain the personâs privacy.
8. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Consents and
Authorizations
Upon entering the healthcare facility, the patient is
given
information about how the organization will protect the
privacy of the patient and what types of information will
be shared and under what circumstances (generally
related to the current care of the patient).
This is called the Notice of Privacy Practices and is
required by HIPAA to be given to all patients.
9. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
HIPAA Privacy LAW
ďŹHIPAA is Federal Law and compliance is
mandatory.
ďŹPatient information must be protected
through conscious effort at all times no
matter where you are!
ďŹThe ONLY exception is when information is
shared in order to provide care, treatment
and payment for services.
10. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Consequences of NOT Protecting
Patient Confidentiality
There are both civil and criminal penalties
associated with NOT following the HIPAA
guidelines about releasing patient information.
The penalties vary based on if the information
was inadvertently or deliberately released, as
well as the type of information released.
Penalties and fines may be up to $250,000 and
ten years imprisonment.
11. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Shared Information
Under HIPAA, a facility may share or disclose patient
information for the following purposes:
⢠Treatment of the patient (e.g. consulting with other
healthcare providers on diagnosis and treatment)
⢠Obtaining payment from the patientâs health plan
⢠Operational requirements (e.g. quality improvement
activities or peer review)
⢠Complying with legally mandated reporting or disclosure
The patient must provide consent or further authorize
any other release of information for any other purpose.
The facility must also make a good faith effort to obtain
a written acknowledgement that the patient received the
Privacy Notice.
12. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Defining HIPAA Terms:
⢠What is Portability?
Portability ensures that as people move from
one health plan to another they will have
continuity of coverage and will not be denied
coverage under pre-existing clauses.
⢠What is Accountability?
In accordance with HIPAA, accountability
means an increase in the governmentâs fraud
enforcement authority.
13. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Covered Entities
Covered entities includes hospitals, health care
providers, third party payers, such as
insurance companies, and anyone who
processes health information. Therefore, the
term âcovered entitiesâ includes everyone that
uses, accesses or interacts with patients in any
way. These interactions may be formal or
informal, from those of direct care givers to
those that enter a patient room simply to clean
or deliver items.
14. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Protected Health
Information (PHI)
Protected Health Information (PHI) is a new term that
will be used with increasing frequency in facilities where
you work. PHI refers to personal patient information that
can be used to identify the patient, sometimes even
inadvertently. The patient now has the right to direct
when, why, and to whom PHI may be released. For
instance, in the past, aggregated patient information
may have been collected for research, quality
improvement, or other purposes. Even though the
patientâs name would be omitted, the patient may still
be identifiable through specific data including date of
procedure, type of procedure, gender, or any number of
other details. The new bill allows patients much more
control over PHI.
15. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Protecting PHI
⢠Information that relates to a patientâs health
cannot be used unless authorized by either
the patient or someone acting on the
patientâs behalf, or unless permitted by
regulation.
⢠Access to information is limited to only those
individuals who need the information for a
legitimate purpose.
⢠HIPAA ensures that an individualâs health
information may only be used for health
purposes.
16. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
What Kind of Information
is Protected?
Patient information that is protected includes, but is not
limited to:
⢠the patientâs name, address & telephone number
⢠age, diagnosis, surgery, date of procedure, and
medications
Beyond this, additional information that is protected
includes any medical history information, results of
physical examinations, laboratory and other diagnostic
results, billing records and claim forms. Any information
that could be used to identify the patient is protected
under HIPAA. It is important to know that this
information is protected in any form, be it written,
electronic, or verbal.
17. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
How Does This Law Affect Our
Discussion of Patient Issues?
Although there are persons with whom you need to
communicate about a specific patient, be certain to
consider the following:
⢠Does the person you are communicating with âneed
to knowâ the information about the patient? In other
words, is there a medical necessity to discuss the
patient?
⢠Are you discussing the patient out of the hearing of
others?
⢠Without using a patient name, are you still discussing
the patient in a way that others could discern who
you are speaking about? For example, perhaps there
is only one male on your unit, so if you use the word
âhe,â others will know who you are discussing.
18. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Discussing Patient Information with
Family and Personal Representatives
A personal representative is defined as any person who
is legally authorized to act on behalf of the patient. This
can be someone with a legal document, such as a
general power of attorney or a more limited medical
power of attorney, or simply someone who has the
authority to act on behalf of the patient. PHI can be
shared with a personal representative.
19. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Allowed Disclosure
HIPAA allows disclosure of PHI to spouses, parents, legal
guardians, and others involved in a patientâs care
without obtaining the patientâs formal, written
permission. If you are in a patient room and need to
discuss their care or treatment when others are present,
simply ask the patient if there is any objection.
20. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Using and Sharing
Information
Most likely, all the personal information that you use
and
share in your daily duties is covered under HIPAA for
âtreatmentâ purposes. These include:
⢠Discussing diagnosis and treatment with other
nurses and physicians.
⢠Performing diagnostic tests and providing this
information to other providers.
⢠Providing laboratory samples or imaging tests to
those who perform diagnostics on them.
⢠Referring a patient to another provider or facility,
and discussing the treatment and/or diagnosis.
⢠Telephone prescription information to a pharmacy.
21. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Requests for Access to
Records
Each facility will determine the specific policies but the
following will be routine:
⢠Clear identification that the person requesting the
medical record is either the patient or has the correct
authorization to view the record.
⢠Only the parts of the record included in the
authorization can be viewed.
⢠The patient may request changes to the record and
the facility and parties involved must respond to the
request within a preset time frame. Note that this
does not imply that the record must be changed, only
that the patientâs request has a response.
⢠Clear guidelines exist as to which staff members may
have access to records and for what reasons.
22. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Faxes
HIPAA also covers fax communications with specific
patient information. Although each facility will have
different specific policies, general guidelines will most
likely include the following:
⢠Locating fax machines in private and secure areas,
away from patients and the public.
⢠Fax cover sheets will include disclaimer to indicate
what to do if sent inadvertently to the wrong
number.
⢠Whether faxes can or cannot be sent during âoff
hoursâ when the receiving fax papers will not be
picked up immediately.
⢠Protection of âsentâ faxes left unattended on the
fax machine.
23. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Computers
Computers are now commonplace in hospital units and
include a vast amount of patient information that must
be secured. Be vigilant about your computer use,
following these guidelines:
⢠Computers should be set up so that the screens
are not easily visible to the patient or visitors.
⢠The computer user should âlog offâ when finished
with the computer, so the screen is not left âonâ
and âvisibleâ to others.
⢠Each computer user should have their own
password so that each person using the computer
and the screens they go to can be identified.
⢠Do not share your password with others.
24. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Confidentiality
The mandates of HIPAA require each of us to:
⢠maintain confidentiality of computer access
codes
⢠position computer screens away from public
access or view
⢠log off computers when you have finished.
25. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Audit of Computer Access
⢠Audits may be conducted on a regular basis
to identify inappropriate access to medical
record information.
⢠Audits may be conducted on all records for
patients who are hospital employees,
medical staff, admitted under an alias or
recognized as high profile.
⢠Random samples of records may be audited
on a regular basis.
⢠This procedure is outlined in hospital policy
and is overseen by the Privacy Officer.
26. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Information Released to
Family/Friends and/or the Press
If the patient elects to be listed in a facility patient
directory, the information in the directory may be
released to family, friends, or the press. Other
information must come from the patient or another
clearly identified person based on the specific situation
and the facility policy.
27. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
When NO Information is
Released
In general, any patient receiving care for substance
abuse, psychiatric disorder, HIV, pregnancy, sexual
abuse, or rape is treated with an even greater level of
confidentiality. Confirmation of the patientâs treatment is
generally prohibited. This means that if a call is received
asking about a particular patient, no comment should be
made as to whether the patient is even seeking
treatment or being treated. Check with the facilityâs
HIPAA policy for exact terminology. Additionally, a
patient may request to NOT be in the patient directory
and the same standard would be in place. This is a
critical feature and each facility will have very specific
standards for you to follow (http://www.hipaa.org, 2003).
28. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Who Must Comply with
HIPAA?
HIPAAâs privacy and security provisions apply to all
members of the workforce of a health care facility. This
means all employees, such as nurses and physicians,
and administrative, clerical, food service, or
environmental services staff, as well as volunteers or
any others under the facilityâs direct supervision, must
adhere to HIPAA policies.
29. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Unauthorized Disclosures
Ensuring the security of patient information relies on
your diligence. Unauthorized disclosures of protected
information can occur if:
⢠You fail to ensure information you are sending is
going to someone who is authorized to receive
that information
⢠You neglect to review a patientâs record to find
restriction on the use of their information
⢠You hear discussions occurring in non-secure
locations that disclose patient information
If you are aware of an incident that may have resulted
in an unauthorized disclosure, you should report it
immediately. A facility may have a method to report
unauthorized disclosures in a confidential manner.
30. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Incidental Exposure
Incidental exposure can happen even when
everything possible has been done to avoid it.
ďŹIt is a disclosure that cannot be reasonably
prevented, is limited in nature, and occurs as
a by-product of otherwise permitted use or
disclosure.
ďŹAn example of incidental exposure: a patient
walking down the hall accidentally hears part
of a conversation that takes place while a
therapist speaks to a physician.
31. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Patient Rights
Patients have rights protected under HIPAA
legislation which include the:
⢠right of access to copies of their medical
record
⢠right to request the âAmendment of the
Medical Recordâ
⢠right to request restriction of uses and
disclosures
⢠right to request confidential communication
32. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Required Reporting
If you suspect there has been an actual or
attempted privacy breach to any form or
protected information, whether electronic,
paper or recorded, you are required to report it
to the Privacy Officer for the involved facility.
33. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Policy Review
It is recommended all CMS Associates review
the following policies at the facilities you
frequently work:
ďŹconfidentiality
ďŹdisclosure
ďŹprivacy
ďŹpatient rights
ďŹchart audits
ďŹpatientâs access to their PHI
34. This material is the private property of Chesapeake Medical
Staffing.
Any duplication or use by anyone other than an employee of
Conclusion
As of 2003, HIPAA is a mandated law. All health care
facilities and providers are obligated to comply. All CMS
associates need to be knowledgeable of the contents
and ramifications of this law. Although you may see
variations in policies from facility to facility, you will
recognize that the overall intent is to improve the
protection of patient confidentiality in a healthcare
environment that includes a great deal of technological
advances. Please call the office to speak with the CMS
compliance officer if you have any additional questions.
Every hospital has a privacy officer dedicated to
maintaining compliance of HIPAA.