SQL Database Design For Developers at php[tek] 2024
“Hipaa 2010”
1. HIPAA 2010 2/17/12 2:57 PM
Search Upload Go PRO Login or Signup
Email Favorite Download Embed Like Tweet 0 0 Share Related
HIPAA Basics
HIPAA Aware
ness Training
HIPAA Compl
iance
Nursing Stu
dents
October 2009
Hipaa
2010 interp
reter HIPAA
training
!
HIPAA and R
HIOs
HIPAA
http://www.slideshare.net/barbarabenson/hipaa-2010 Page 1 of 4
2. HIPAA 2010 2/17/12 2:57 PM
HIPAA 2010 382
by barbarabenson on Jun 14, 2010 views
+ Follow
More…
No comments yet Notes on Slide 1
Write a comment...
Post Comment Subscribe to comments
HIPAA 2010 — Presentation Transcript
1. HIPAA Health Insurance Portability and Accountability Act Barbara Benson, R.T.
2. History of Medical Ethics Hippocrates 460 BC Practice medicine for the benefit of patients Primum non
nocere First, do no harm Abstain from mischief and corruption Maintain doctor-patient confidentiality
3. History of Medical Ethics Thomas Percival 1803 Published the first code of medical ethics Later adopted
by the AMA in 1847 Moral authority and independence of physicians, responsibility to care for the sick, and
individual honor
4. Declaration of Geneva 1948 Meant to update the Hippocratic Oath Health and conscience Voluntary
consent Access without discrimination History of Medical Ethics
5. Commonalities Honesty Integrity Confidentiality
6. HIPAA -Kennedy-Kassenbaum Bill Health Information Portability and Accountability Act Protects the
privacy and security of patient information Sets limits on who can look at and receive health information Final
rule issued 8 -14 -02 requiring compliance by 8 -14 -03
7. HIPAA Enforcement Civil Penalties Up to $100 per violation per individual Criminal Penalties “ Egregious
violations”… the sale of information, gaining access under false pretenses, or releasing information with
harmful intent included Up to $250,000 fine and possible incarceration
8. What is Protected? Protected Health Information PHI Individually identifiable health information
Information that can be linked to a particular person originating from a health care service event A physical
or mental health condition at any time
9. HIPAA Identifiers Geographic subdivisions smaller than a State Dates (except year) directly related to
patient Telephone numbers, Fax numbers, E-mail addresses, SS numbers Medical record numbers , Health
plan beneficiary numbers Account numbers , Certificate/license numbers , Vehicle identifiers Device identifiers
and serial numbers, Web URLs , IP address numbers Biometric identifiers, including finger and voice prints
Full face photos Any other unique identifying number, characteristic, or code, except as permitted under
HIPAA to re-identify data
10. PHI Communication Methods HIPAA governs where and how PHI is communicated between all TPO’s
Electronic communication Written communication including the medical record Verbal communication
between healthcare workers or between healthcare workers and the patient
11. Privacy of Communication Access, Use or Disclosure of all Protected Health Information is based on : •
Need to Know and • Minimum Necessary
12. Who Must Protect it? Covered Entities • A Health Plan or a Healthcare Provider who transmits any health
http://www.slideshare.net/barbarabenson/hipaa-2010 Page 2 of 4
3. HIPAA 2010 2/17/12 2:57 PM
information in electronic form in connection with a transaction • Business Associates with whom they share
PHI
13. “ Need to Know” Individually identifiable information should be made available only to persons whose job
requires access to that information.
14. “ Minimum Necessary” • Only information that is the minimum necessary to get the job done no matter
how much access is provided or available • Having access to patient information does not give the right to
access or disclose regardless of intent
15. “ Minimum Necessary” Before looking at information, ask yourself “ Do I need to know this to do my
job? ” Before sharing information, ask yourself “ Do they need to know this information to do their job? ”
16. “ Minimum Necessary” Clinicians may look at and share with other clinicians the entire medical record of
patients they are treating
17. Patient Rights
18. Notice of Privacy Practices NPP Governs the uses of PHI as permissible by the patient within
Treatment, Payment and Healthcare Operations (TPO’s) Once the patient is given a NPP at the first treatment
encounter, PHI can be used for any TPO purpose NPP is a once in a lifetime requirement
19. NPP Requirements Post NPP prominently The patient signs a separate acknowledgement document that
contains the privacy officer contact information for that facility Copies of NPP and acknowledgement sheet to
patent
20. Patient Rights NPP Includes the patient's right to: Restrict Access Amend Accounting Alternative
Communication Methods Complain
21. Patient Rights Minors (under 18) have a right to confidential treatment with respect to the following
without a parents consent or notice: Abortion Birth control STD testing HIV/AIDS testing Mental health
counseling
22. Permitted by Law Outside of TPO or patient authorization, the only other permitted use of PHI are those
required by law: Investigations by HHS Reporting about victims of abuse, neglect or domestic violence
Adverse Event Reporting Reporting to Public Health Authorities
23. HIPAA Authorization Patient Authorization Elements The information Who may use or disclose the
information Who may receive the information Purpose of the use or disclosure Expiration date or event
Individual’s signature and date Right to revoke authorization Right to refuse to sign authorization
Redisclosure statement
24. Record Keeping Good record keeping is a must Authorizations for use of PHI should be kept for at least
six years Additionally, a record of what information was sent, and to whom.
25. Privacy Protection
26. Acceptable to use the patient’s full name on sign in sheets but not the reason for the visit Acceptable to
page a patient using their full name Ask companions to honor the patient’s privacy by waiting in another
room Privacy Protection
27. Privacy Protection Do not leave medical information on answering machines Do not leave the medical
record unattended Dispose of patient information properly
28. Computer Privacy Protection Use 7 character alpha numeric passwords Do not share passwords Secure
written passwords Log off Use screen savers Keep monitor facing away from onlookers Avoid sending the
patient information using e-mail
29. Practical Privacy Tips Be aware of your surroundings and who’s listening Close doors whenever possible
Speak as softly as possible Knock before entering Secure the privacy of all medical records before walking
away
30. HIPAA and Research An authorization must be signed by patients for all clinical research HIPAA
Disclosure Universe Authorization signed by patient for all clinical research Waiver Criteria applied before
records research Exceptions Documented De-identified Limited Dataset TPO Public Safety and other
exceptions
http://www.slideshare.net/barbarabenson/hipaa-2010 Page 3 of 4