Call Girls Service Bommasandra - Call 7001305949 Rs-3500 with A/C Room Cash o...
Health Insurance and Portability and Accountability Act
1. Health Insurance Portability
and Accountability Act
Saran Kumar Das
M.Pharm 1st year
Department of Pharmaceutics
Al-Ameen College of Pharmacy
1
2. Topics to be covered…
What is HIPAA ?
The Goal of HIPAA
What Does HIPAA consist of ?
Why HIPAA comes in picture ?
About HIPAA
Who must comply ?
HIPAA Overview
Your responsibilities
HIPAA patient Rights
Important HIPAA terminology
How do I protect my patient privacy ?
Compliance
Summery
Important Questions 2
3. What is HIPAA ?
Health
Insurance
Portability and
Accountability
Act
3
4. The Goal of HIPAA
The primary goal of HIPAA is :-
i. to make law easier for people to keep health insurance
ii. Protect the confidentiality and security of health care
information.
iii. Help healthcare industry to control Administrative cost.
4
5. What Does HIPAA consist of ?
1. Standardized Electronic Data Interchange transactions
and codes for all covered entities.
2. Standards for security of data systems.
3. Privacy protections for individual health information.
4. Standard national identifiers for health care.
5
6. Why HIPAA comes in picture ?
In 2000, many patients that were newly diagnosed with
depression received free samples of anti-depressant
medications in their mail.
This left patients wondering how the pharmaceutical
companies were notified of their disease.
After a long and thorough investigation, the Physician,
the Pharmaceutical company and a well-known pharmacy
chain were all indicated on breach of confidentiality
charges.
This is one of the many reasons the Federal Government
needed to step in and create guidelines to protect patient
privacy.
6
7. About HIPAA
HIPAA is divided into two different sections. Those are :-
Portability
Administrative simplification
Portability :-
This sections allows individuals to carry their health
insurance from one job to another, so that they do not have
a lapse in coverage.
It also restrict health plans requiring pre-existing condition
of an individuals who switch from one health plan to
another.
7
8. Administrative Simplification
This section is the establishment of a set of standard for
receiving , transmitting and maintaining the healthcare
information.
Ensuring the privacy and security of individuals
identifiable information.
8
9. Administrative Requirement
Every agency must:
Appoint a Privacy Officer.
Develop policies and procedures that guide HIPAA implementation,
evaluation and revision. These should include actions taken for people
who do not follow the directives.
Provide education on HIPAA and organizational policies and
procedures.
Develop a process for handling privacy related complaints.
Ensure no retaliation occurs against someone who reports potential
violations in good faith.
Take appropriate action to minimize any harm that may result from
breach of privacy.
Ensure processes are in place to demonstrate compliance with
documentation and record keeping.
9
10. Who Must Comply?
The individuals responsible for implementing HIPAA rules
and regulations. Some examples are:
Health Plans
Health Care Clearing houses
Health Care Providers who conduct certain financial and
administrative transactions electronically.
10
11. HIPAA Overview
The Privacy Rule governs who has access to protected health
information (PHI).
The Security Rule specifies a series of administrative, technical and
physical security procedures to assure the confidentiality, integrity
and availability of ePHI.
The American Recovery and Reinvestment Act (ARRA) goal is to
establish secure electronic health records for all Americans by 2014.
The Health Information Technology for Economic and Clinical
Health Act (HITECH)
ARRA/HITECH brings changes to the HIPAA regulations in 3
categories:
• Breach notification
• Business Associate responsibilities
• Penalties
11
12. HITECH and ARRA Rules
HITECH is designed to encourage health care providers to
adopt health information technology in a standardized
manner and to protect private health information.
ARRA is the direct result of modifications in the HIPAA
Privacy, Security and Enforcement Rules and strengthens
health information privacy and security protections. ARRA
specifically addresses:
Breaches
Electronic Health Records(EHR)
Personal Health Records (PHR)
12
13. The Privacy Rule
The Privacy Rule is designed to protect individuals’ health
information (PHI) and allows individuals to:
1. get a copy of their medical records
2. ask for changes to their medical records
3. find out and limit how their PHI may be used
4. know who has received their PHI
5. have communications sent to an alternate location or by an
alternate means
6. file complaints and participate in investigations13
14. Guidelines For Using & Disclosing PHI
You may disclose information, without a member’s
authorization, to the appropriate authorities:
if required by law, court order, etc.
to public health officials, FDA, etc.
for abuse or domestic violence
to help law enforcement officials
to notify of suspicious death
to provide information for workers’ compensation
to assist government actions
to help in disaster relief efforts
to avert a serious threat to health or safety
for health oversight activities
14
15. YOUR RESPONSIBILITIES
You are required to:
disclose PHI – limit the information you share with a
person to what he or she needs to know (“minimum
necessary” guidelines)
use PHI according to HIPAA approved guidelines for
access, accounting, amendment, and restriction of PHI .
only access the PHI necessary to complete your job duties
maintain confidentiality & security of member information
at all times 15
16. HIPAA Patient Rights
HIPAA guarantees several rights to patients:
1. Right to privacy
2. Right to confidential use of their health information for their
treatment, billing process, and other health care operations
(such as quality improvement)
3. Right to access and amend their health information upon request
4. Right to provide specific authorization for use of their health
information other than for treatment, billing and other health care
operations. 16
17. 5. Right to have their name withheld from our patient
directories
6. Right to request that individuals are not told of their
presence in our facilities
17
18. Important HIPAA Terminology
Protected Health Information [PHI]
Covered Entities [CE]
Treatment, Payment and Health Care
Operations [TPO]
Notice of Privacy Practice [NPP]
18
19. What must a covered entity do to be
in compliance with HIPAA?
Notify patients about their privacy rights and how their
information can be used.
Adopt and implement privacy procedures.
Train employees so they understand the privacy
procedures.
Designate a Privacy Officer.
Secure patient records containing Protected Health
Information [PHI]. 19
20. How do I protect my patient’s privacy?
Don’t: Do:
Tell anyone what you overhear
about a patient.
Close doors in patient’s rooms
when discussing treatments.
Discuss a patient in public areas,
such as elevators, hallways or
cafeterias
Log off the computer when you are
finished.
Look at information about a patient
unless you need it to do your job.
Dispose of patient information by
shredding or storing it in a locked
container for destruction.
Clear patient information off of
your desk when your leave your
desk. 20
21. Cont…
Safe computer and fax use
Safeguards
1. Physical Safeguard
2. Technical Safeguard
3. Administrative Safeguard
21
22. Compliance
1. If you feel there has been a privacy violation, inform
your instructor who will immediately assist you in
contacting the Privacy Officer.
2. Refer patients who have a privacy concern or
complaint to the nurse in charge of the unit.
22
23. Summery
All health information that specifically identifies an individual
is considered confidential.
Protecting the privacy of patient information is everyone’s
responsibility.
Even though you are a student nurse, you are an active part of
this program. Use patient information only to perform your
responsibilities as assigned.
Be aware! Don’t intentionally or unintentionally disclose
patient information. Help others to do the same.
If you suspect any privacy violations or concerns, notify your
instructor who will immediately assist you in contacting the
Privacy Office.
23