Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Transcription

1 Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1

2 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability Act (HIPAA) of The Standards for Privacy of Individually Identifiable Health Information, referred to as the Privacy Rule, were published in the Federal Register on December 28 th, The Privacy Rule was modified by Congress and changes were proposed and published in the Federal Register dated March 27 th, The Final privacy rule was published in the Federal Register on August 14 th,

3 What is the Purpose of the Privacy Rule The standard was developed by Congress to provide a means for protecting the privacy of individually identifiable health information. Privacy Rules become effective on April 14 th, Information contained in the health record prior to the effective date of these regulations are not covered by the privacy rule. Our facility must comply with the rule because we area provider of health care services and we transmit health information by electronic means relative to data transactions covered by this rule. 3

4 Is our facility A Health Care Provider Yes because we: Are a provider of medical or health services that bills and are paid for health care services and supplies in the normal course of business 4

5 What is Health Information The privacy rule defines health information as: Any Information, whether oral, written, or electronic, in any form or medium, that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearing house. And The information relates to the past, present or future physical or mental health or condition of any individual: the provision of health care to an individual: A or the past present or future payment for the provision of health care to an individual. 5

6 What Is Individually Identifiable Health Information The privacy rule defines individually identifiable health information as: Health Information that identifies the individual or which there is a reasonable basis to believe the information can be used to identify an individual. Some examples include the resident s: Name, Address and Telephone Numbers; Social Security Number; Medical Record Number; Full face photographs; and Account Numbers 6

7 PROVIDERS What are the four covered entity types affected by HIPAA: Health Plans Providers Clearinghouses Part D 7

8 HITECH ACT Health Information Technology for Economic and Clinical Health Act (HITECH)

9 Are There Penalties for Non- Compliance with these Rules YES Civil Monetary Penalties up to $100 per violation and up to $25,000 for repeated violations during any given calendar year can be imposed for not complying with the Privacy Rule. AND 9

10 Are There Penalties For Non Compliance With These Rules? Criminal Monetary and Imprisonment Penalties can be Imposed as follows: Up to $50K and/or up to 1 year prison term for knowingly obtaining and wrongfully disclosing protected health information. Up to $100K and/or up to 5 years prison term for knowingly obtaining health information under false pretenses with intent to use the information for a prohibited purpose. Up to $250K and/or up to 10 years prison term for offenses committed with the intent to sell, transfer, or use an individual s information for commercial advantage, personal gain, or malicious harm. 10

11 FOUR HIPAA RULES Transactions and Code Sets (TCS) Privacy Security National Provider Identifier (NPI) 11

12 How is Privacy Information Provided to Residents? Regulations require us to provide each resident with a copy of our Privacy Notice contains: Information that explains how, when, and why we may use or disclose a resident s protected health information: Information on how and to whom the resident may file a complaint or receive information relative to our privacy practices: 12

13 ACROMYMS TO REMEMBER Important Acronyms: ARRA American Recovery and Reinvestment Act EMR Electronic Medical Record FTC- Federal Trade Commission HI- Health Information HIPAA Health Insurance Portability and Accountability Act HHS Health and Human Services IT Information Technology Minimum Necessary PHI Protected Health Information Red Flag Rule 13

14 TRUST IS CRITICAL In an electronic environment marked by increased data capture and legitimate use of patient information, the potential risk of identity and medical theft is increased. Ensuring privacy, security, and confidentiality of personal health information has been a fundamental principle for the health care professional throughout history. This responsibility has become increasingly more challenging in the constantly changing environment. Now more than ever, trust is critical in healthcare, and a correlation exists between what a patient is willing to share and the effectiveness of healthcare delivery. 14

15 RISK FOR CONSUMER Over the last several decades, the evolution of technology has changed the practice of medicine and will continue to do so. With this technology advancement comes an increased risk to the consumer. Consumers must be made aware of the risks, the available protections and the proactive steps that can be taken against these risks. 15

16 BREACHES ARE HAZARDOUS Breaches of personally identifiable information have increased dramatically over the past few years, resulting in the loss of millions of records. Such breaches are hazardous to individuals. Individual harm includes but not limited to identity theft, embarrassment and blackmail. According to IdentityTheft.info, there were more than 14,900,000 identity theft victims in 2009 alone. Health and Human Services (HHS) reports that since the HIPAA privacy rule was implemented there have been more than 48,000 complaints filed. Consumers are aware and concerned about their privacy. 16

17 Covered Entities HHS lists the most common types of covered entities required to take corrective action to achieve voluntary compliance. They are in order of frequency: 1. Private practices 2. General hospitals 3. Outpatient facilities 4. Health plans (group health plans and health insurances) 5. Pharmacies 17

18 Summary Privacy and security are care critical success factors in the movement toward electronic health record (EHR) adoption. Further, protecting our residents information and implementing the regulatory changes as the industry continues to transform will help us grow in our role of not only health care providers but as health care consumers as well. Privacy and security is everyone s responsibility, and healthcare professionals are united in their mission to protect information. 18