Download - HIPAA COMPLIANCE
HIPAA COMPLIANCE
PRESENTOR:MARIA ROSARIO DIANA O. CAINGLET
I. INTRODUCTION HIPAA (Health Insurance Portability and
Accountability Act of 1996) Designed to protect the patient while
mandating the electronic documentation of all clinician-patient interactions.
This law is important to all healthcare workers because it further provides stipulations on privacy and security of patient health information.
HIPAA is act of 1996 but under the federal law effective on April 14, 2003.
II. HIPAA Requires all dictated clinician-patient interactions
to be transformed into an electronic format not merely paper-based documentation as previously done.
According to the designers of the HIPAA, the law will facilitate easier processing of health insurance claims which will save as estimated $9B annually.
While the industry serves as an economic harbor, HIPAA further provides privacy for patients over secure and manageable electronic systems by dissemination of awareness of the eventual cost savings as well as the penalties for noncompliance.
Although already required, many US physicians/clinicians are yet to comply with the law because of its initial capital expenses which can reach $20,000 for upgrading of technology, personal training and maintenance of HIPAA monitoring.
PENALTIES What are the consequences for breaking HIPAA. Hipaa violation can bring civil and criminal
penalties. Fines is $100 for each violation of the law per
person to a limit of $25,000 for each identical requirement.
Criminal Penalties can include not only large
fines, but also jail time. Selling patient’s information is more serious than accidental; this penalty can be high as $250,000 fine or a prison sentence of 10 years.
PENALTIES Others: Knowingly releasing patient information
is violation of HIPAA can result in one-year jail sentence and $50,000 fine.
Gaining access to health information under false pretenses can result in five-year jail sentence and $100,000 fine
Releasing patient information with harmful intent or selling the information can lead to a 10 year jail time and $250,000 fine.
PATIENT CONFIDENTIALITY
As a health worker, we should be aware of miscompliance, which usually involves the patient confidentiality.
As the law secures privacy of health documentation, we have become part of the medical team in the sense that health information is known:
> the names of the patient >the physician > the illness >the treatment > the prognosis
>location Dates (except for the year) phone and fax no. Email addresses SSN (social security numbers) Account numbers Professional license numbers License plate numbers Web URLs Internet protocols Description of photos
!!!! As a general rule, no known health information by virtue of the profession can be revealed to anyone other than the patient !!!!!
In so far as our concern, this means that PHI or patient health information or IIHI (individually identifiable health information ) should not be discussed with others in any way.
HENCE ONCE HEALTH INFORMATION IS KNOWN NOT ONLY MUST THE MANAGEMENT OF THE COMPANY PROVIDE TECHNOLOGY THAT ENSURES SECURITY OF INFORMATION (E.G USERNAMES AND PASSWORDS) BUT IT MUST ALSO ORIENT ITS EMPLOYEES ON THE PRIVACY COMPONENT OF HIPAA TO AVOID FUTURE PROBLEMS AND ISSUES THAT MAY INCLUDE LEGAL SUITS.
Only doctors, nurses, therapist, social worker, and other clinicians can use this information to determine how to treat patients.
Billing use confidential information
to bill patients, insurance companies: Medicare, Medicaid and other private insurance.
Staff performing quality assurance
for the improvement activities can review this information to make sure patients receive good care.
Generally uses beyond those listed above are not allowed.
However, HIPAA requires health
care workers to use or share only “minimum information” only to do their jobs effectively.
WAYS TO SUPPORT PATIENT CONFIDENTIALITY UNDER HIPAA, RETENTION OF RECORDS
FOR SOFT COPIES SHOULD BE RETAINED AT LEAST 6 YEARS.
SINCE WORK IS DONE THROUGH THE USE OF TECHNOLOGY, A FORM OF SECURITY (e.g. FIREWALLS, SPYWARES) MUST ALWAYS BE UTILIZED SINCE ANY TRANSACTION DONE THROUGH THE WIRES CAN BE EASILY TAMPERED OR HACKED. ALL HOMEBASED EMPLOYEE MUST HAVE THIS SPECIALIZED SOFTWARE TO PROTECT MEDICAL REPORTS.
USE OF PASSWORDS HELPS A LOT ESPECIALLY WHEN WORKING IN A COMPANY. ONLY ONE PERSON CAN GAIN ACCESS TO ONE SET OF COMPUTER FILES.
NEVER LEAVE YOUR SCREEN WHERE ANYBODY CAN READ FROM IT. TURNING OFF THE MONITOR CAN PREVENT THIS CIRCUMSTANCE OR THE SCREENSAVER CAN BE LOCKED.
MAKE A LIST OF ALL THE PERSONNEL INVOLVED IN PROCESSING MEDICAL RECORDS
FOR SECURITY PURPOSES, CONFIDENTIAL COMMUNICATION SHOULD NOT BE INCLUDED WHEN USING EMAILS OR ANY ONLINE FEATURE OF THE COMPUTER.
Sample of statement of confidentiality
I, _________, as a health staff working on behalf of ___________, located on ________agree not to disclose any information pertaining to _______, accounts (and/or patients of the practices or accounts). I shall not copy any customer files, software files, manuals, references, materials, or documents or any sort of _______ for the direct benefit of _________. I shall not disclose any such lists or information to person who are not employee of ________. I agree to comply in all respects with all applicable legislator both federal and state, regarding privacy and confidentiality with respect to customer documents, including but not limited to HIPAA regulations as now in effect or as may be promulgated in the future. In the event of breach of contract, then I will abide by the disciplinary actions or sanction of ___________.
EXERCISES: 1. WHAT DOES HIPAA MEANS:
A. HEALTH INSURANCE FOR PATIENTS AND ACCOUNTANTS
B. HANDY INSURANCE FOR PATIENTS AND ACCOUNTANTS.
C. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT.
D. HEALTH INSURANCE PORTABILITY AND ACCESSIBILITY ACT.
EXERCISES 2. THE FOLLOWING PRINCIPLE WITH
REGARD TO HEALTH INFORMATION MUST BE IMBIBED BY THE HEALTHCARE MEMBER.
A. ACCOUNTABILITYB. PORTABILITYC. SECURITYD. CONFIDENTIALITY
EXERCISES 3. THE FOLLOWING ARE EXAMPLES OF
IIHI, EXCEPT:
A. JOHANNA DR. KILMER LAS VEGAS 2011
EXERCISES 4. WHAT IS THE INITIAL CAPITAL
EXPENSE FOR HIPAA COMPLIANCE?
A. $200,000 B. $2,000 C. $20,005 D. $20,000
EXERCISES5. Give at least 3 ways to support patient
confidentiality.
1. 2. 3.
References: (HCPRO training booklet for health care workers, pub 03/2003); MTCA Module 15, pub 2006
*** thank you *****