Scribd
Upload
79 views

Confidentiality and Hipaa

This document provides an overview of HIPAA privacy policies and procedures. It defines key terms like PHI and explains what information is protected under HIPAA. Employees are instructed on obtaining proper authorization before disclosing PHI and only accessing the minimum necessary information to perform their jobs. Violations of HIPAA could result in fines or legal penalties, and employees are protected from retaliation for reporting suspected privacy breaches. The objectives are to educate staff on HIPAA compliance.

Uploaded by

arif_aminin
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
79 views

Confidentiality and Hipaa

This document provides an overview of HIPAA privacy policies and procedures. It defines key terms like PHI and explains what information is protected under HIPAA. Employees are instructed on obtaining proper authorization before disclosing PHI and only accessing the minimum necessary information to perform their jobs. Violations of HIPAA could result in fines or legal penalties, and employees are protected from retaliation for reporting suspected privacy breaches. The objectives are to educate staff on HIPAA compliance.

Uploaded by

arif_aminin
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 21

Louisiana Department of Health and Hospitals

Basic HIPAA Privacy Training: Policies and Procedures

01/09/2009

1
OBJECTIVES

 At the end of this session, the participants will be


able to:
 Define and explain the HIPAA
 Identify which information is governed by the HIPAA rule
 Define Protected Health Information (PHI)
 Explain verification requirements
 Explain rules governing obtaining permission to disclose
PHI
 Discuss the employee’s role if they are aware of a HIPAA
violation

2
What Is HIPAA?

 HIPAA (pronounced hippa) is a federal law.

 It’s a set of rules and regulations that affect the


health care industry.

 They focus on the privacy and security of health


care information.

 Health care providers must comply, as HIPAA


covers:
 Health Plans
 Health Care Providers
3
What Does The Privacy Rule Say?

 Sets rules for how private information can be used.


 Keeps clients/participants more informed.
 Limits access by others.
 Requires client/participant permission.
 Allows access by clients/participants.
 Requires that rules be followed.
 Increases safeguards.
 Enforces penalties.

4
Individually Identifiable Health Information

 Information about health care or payment for health care,


such as:
 Why a person is visiting the clinic or center;
 The type of treatment a person is receiving; or
 The fact that a person is receiving Medicaid.

 That:
 Identifies the person; or
 Could possibly identify the person.

 Examples of of such information include a


client/participant’s name, address, social security
number, medical record number, or photograph.
5
Protected Health Information (PHI)

 PHI is all individually identifiable health


information in any form:
 Paper
 Verbal
 Electronic

 Exceptions:
 Employment records (including employees’ medical
information).
 Certain education records.
6
PHI

 Protected Health Information can be stored in/on:

Computers File Cabinets Desks/Offices

Disks/CDs Palm Pilots

7
Minimum Necessary Requirements

 You are only allowed access to the minimum amount of


PHI necessary for you to perform your job duties.

 You must only disclose the minimum amount of PHI


necessary to satisfy a request.
 You must only request the minimum amount of PHI you
need at the time.

8
Minimum Necessary – Not Applicable

 The minimum necessary rule does not apply to:

 Disclosures to, or requests by, a health care provider for


treatment;

 Uses or disclosures made to the client/participant;

 Uses or disclosures that the client authorized;

 Disclosure made to the Secretary of HHS; and

 Disclosures required by law.

9
Verification Requirements

 Prior to disclosing PHI, you must:

 Verify the identity of the person requesting PHI and the authority
of that person to have access to PHI; and

 When required, get some kind of proof from the person making
the request.

10
Permission To Use or Disclose PHI?

 Client/participant authorization is not needed


before you disclose his or her PHI for treatment,
payment, and/or health care operations (TPO) .

 For Abuse Reports and Investigations.

 Generally, however, you do need specific, written


authorization from the client/participant before you
can use or disclose his or her PHI for other
reasons (unless specifically permitted by the
Privacy Rule).

11
TPO

 Treatment

 Payment

 Health Care Operations (Examples):


 Quality Assessment and Improvement;
 Medical Review and Auditing;
 Planning and Budget

12
THINGS TO THINK ABOUT

 Situations that often lead to violations of


confidentiality
 Discussing work with family and friends
 Informal discussions with colleagues
 Hallway, elevator, lunch break, grocery store

 Social gathering
 Office parties, etc

 Incoming phone calls


 Attentive repairman

13
Administrative Requirements

 Failure to comply with HIPAA is a violation of


federal law.
 You could even be fined and jailed if you break
the law.

14
If You See A Problem…

 If you see or hear about someone who is in violation


of HIPAA requirements and procedures, you should
tell your supervisor.

 All reports should be investigated.


15
Prohibition on Retaliatory Acts

 An employer is bound by law to protect a


workforce member from harassment or retaliatory
actions if he or she reports a suspected privacy
violation.

16
Crime Victims

 You are allowed to disclose PHI to law enforcement


without the client/participant’s authorization when:
 The PHI disclosed is about the person suspected of a
criminal act; and

 The PHI disclosed is limited to information relevant to


identifying the suspect and the nature of any injury.

17
Remember…

 If you are unsure about how to proceed


in a certain situation involving PHI, ask
your supervisor.

18
Remember…

 Do not discuss any PHI you see or hear while


performing your job with anyone unless necessary!

19
Remember…

 There are significant penalties for misuse of PHI.

20
THE END

21

You might also like