2. âHealth Insurance Portability and
Accountability Actâ
⢠Passed in 1996
⢠Resulted in the âPrivacy Ruleâ
⢠Outlines specific requirements for
protecting and safeguarding personally
identifiable information
3. Covered Entities
⢠Health Care Providers
⢠Health Plans
⢠Health Care Clearing Houses
⢠Business Associates
4. Protected Health Information
⢠AKA âPHIâ
⢠Reasonably used to identify
⢠Oral, electronic, written
⢠Relates to past, present or future medical
or mental health treatment or payment
6. Permitted Disclosures
⢠Treatment
â Providers involved in patient care
â Who has a âright to knowâ?
â Who does NOT have a âright to knowâ?
7. ⢠Payment
â Disclosures may be made to agency billing
departments, insurers, Medicare/Medicaid, and
financially responsible individuals for billing
and payment purposes
⢠Operations
â QA/QI
â Materials used for training should have PHI
removed
â Internal investigations
8. Incidental Disclosures
⢠Results from an otherwise permitted disclosure
⢠Restrict disclosures to âminimum amount
necessaryâ
⢠Use most secure medium
⢠Do not leave PCR unattended in the open
â Locked cabinet, locked station
â Includes notes (and your glove), dispatch information,
etc.
⢠Password protect workstations, networks
9. Other Permitted Disclosures
⢠Required by law ⢠Decedents
⢠Public health activities ⢠Cadaveric Organ, Eye, or
⢠Victims of abuse, neglect, Tissue Donation
or family violence ⢠Research
⢠Health oversight activities ⢠Serious threat to health or
⢠Judicial and safety
administrative ⢠Essential government
proceedings functions
⢠Law enforcement ⢠Workersâ Compensation
purposes
10. A note on the âminimumââŚ
⢠âminimum necessaryâ does not apply
â Disclosure is related to treatment
â Full disclosure has been authorized by the
individual
â Investigation of Privacy Rule Complaint
11. Notice of Privacy Practices
⢠AKA âNPPâ
How are you affected?
- Should be posted in a prominent place
- Obligated to furnish a copy to patient
- Patient must sign acknowledgment (non-
emergency)
- Includes refusals, also
12. Privacy Officer
⢠Every agency must appoint a Privacy
Officer
⢠PO handles all requests for information
containing PHI and ensures compliance
When in doubt, refer the requestor to the
Privacy Officer
13. In Texas
⢠Texas Health and Safety Code, Chapter
181: Medical Records Privacy
⢠Investigated by Attorney General
⢠Fines up to $250,000
⢠Possible revocation of provider licesnse
14. Federal
⢠HHS civil fine
â $100 per violation up to $25,000/year
⢠Department of Justice
â Up to $250,000 and ten years federal prison
â Investigated by the FBI