Frequently Asked Questions About the Privacy Rule Under HIPAA



Similar documents
Connecticut Carpenters Health Fund Privacy Notice

SDC-League Health Fund

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

Schindler Elevator Corporation

USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS [45 CFR ]

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

CBIA Service Corporation Privacy and Security Notice

NOTICE OF PRIVACY PRACTICES. for Sony Pictures Entertainment Inc.

9129 Monroe Rd. Suite 100, Charlotte, NC 28270

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA NOTICE OF PRIVACY PRACTICES

Northern Illinois Health Insurance Program HIPAA NOTICE OF PRIVACY PRACTICES PLEASE READ CAREFULLY

ELECTRONIC HEALTH RECORDS

The HIPAA Privacy Rule: Overview and Impact

BUSINESS ASSOCIATE AGREEMENT. Recitals

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

American Guild of Musical Artists ( AGMA ) Health Fund Privacy Notice. Plan A and Plan B

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account

INSTRUCTION SHEET REGARDING NOTICE OF PRIVACY PRACTICES

An Employer s Introduction to HIPAA Prepared by Ballard, Rosenberg Golper & Savitt, LLP

NOTICE OF PRIVACY POLICY. Effective:, 2013

HIPAA Privacy Overview

PLLC NOTICE OF PRIVACY PRACTICES

HIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

Notice of Privacy Practices

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

BUSINESS ASSOCIATE AGREEMENT

Privacy Notice. The Plan s duties with respect to health information about you

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC.

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT FOR HIPAA PRIVACY/SECURITY RULES

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

Connecticut Pipe Trades Health Fund Privacy Notice Restatement

Clinic 1407 South 4 th St 1850 Gateway Dr Suite A DeKalb, IL Sycamore, IL 60178

Effective April 14, 2003

NOTICE OF PRIVACY PRACTICES

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL

HIPAA PRIVACY AND EDI RULES

-1- PERSONNEL CERTIFIED / NON-CERTIFIED /

TJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT

HIPAA. HIPAA and Group Health Plans

HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA-P01 Uses and Disclosures of Protected Health Information Policy

Plan Sponsor Guide HIPAA Privacy Rule

HIPAA PRIVACY AND SECURITY AWARENESS

NOTICE OF PRIVACY PRACTICES for the HARVARD UNIVERSITY MEDICAL, DENTAL, VISION AND MEDICAL REIMBURSEMENT PLANS

Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

MILWAUKEE ROOFERS HEALTH FUND

Notice of Privacy Practices

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

HIPAA Employee Training Guide. Revision Date: April 11, 2015

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

State of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits

HIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015

HIPAA Privacy Rule Primer for the College or University Administrator

HIPAA Privacy FAQ s. 3. Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do?

State of Florida Employees' Group Health Insurance Privacy Notice

Use or Disclosure of PHI

Dr. Adam Apfelblat 5140 Highland Road Waterford Phone: (248) Fax: (248)

HIPAA Privacy Notice

The California State University

Purposes for Which the Plan May Use or Disclose PHI Without Your Authorization

NOTICE OF PRIVACY PRACTICES

JANUARY 2015 NOTICE OF PRIVACY PRACTICES

HIPAA Privacy Summary for Fully-insured Employer Groups

HIPAA Privacy Policies & Procedures

Patti Levin, LICSW, Psy.D. Clinical Psychologist

BUSINESS ASSOCIATE AGREEMENT

HIPAA Compliance for Employers. What is HIPAA? Common HIPAA Misperception. The Penalties. Chapter I HIPAA Overview. The Privacy Regulations Why?

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

HIPAA, Licensed Health Care Providers and The Ohio State Dental Board (Board)

HIPAA Privacy For our Group Customers and Business Partners

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

University of California Policy

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

Department of Health and Human Services Policy ADMN 004, Attachment A

SUMMARY OF THE HIPAA PRIVACY RULE

Notice of Privacy Practices

NLRG HIPAA PRIVACY SHORTCUT ROUTE: AN EMPLOYER GUIDE PARTNERING WITH YOU ON TRENDS AND BEST PRACTICES TO SUPPORT YOUR HUMAN RESOURCES INITIATIVES

HIPAA Enforcement Training for State Attorneys General

KESWICK MULTI-CARE CENTER, INC. NOTICE OF PRIVACY PRACTICES

Health Insurance Portability and Accountability Act (HIPAA)

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

Agent Instruction Sheet for PriorityHRA Plan Document

Effective Date: March 23, 2016

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

Introduction to HIPAA Privacy

NOTICE OF PRIVACY PRACTICES effective April 14, 2003

BUSINESS ASSOCIATE AGREEMENT

ATLANTIS CHIROPRACTIC, INC.

Member s Name First M.I. Last Dependent s Name (if enrolling in Medicare) First M.I. Last

HIPAA Privacy Regulations: Frequently Asked Questions

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL

Transcription:

Q-1: What is HIPAA? Frequently Asked Questions About the Privacy Rule Under HIPAA A: HIPAA is the Health Insurance Portability and Accountability Act (passed by Congress in 1996). The Privacy Rule was issued by the U. S. Department of Health and Human Services. The Privacy Rule (45CFR Part 160 and Subparts A and E of 164) of HIPAA provides the first comprehensive Federal protection for the privacy of health information. Q-2: What does the HIPAA Privacy Rule do? A: The HIPAA Privacy rule creates national standards to protect individuals medical records and other protected health information. It gives individuals more control over their health information; it sets boundaries on use and disclosure of health records; and it establishes safeguards that covered entities must set up to protect information. Q-3: What is protected health information? A: Protected Health Information (PHI) is individually identifiable health information that is created or received by a provider, a health plan or insurer, a data clearinghouse, a health authority, employer, school or university. PHI can be maintained or transmitted in any form or medium. It relates to the past, present or future: condition of physical or mental health, health care provided; or payment for health care provided. PHI does not include summary health information or information that has been de-identified according to the standards for de-identification provided for in the HIPAA Privacy Rule. Q-4: What is a privacy notice and who is responsible for sending privacy notices? A: The Health Plan must provide you with this notice of its legal duties and privacy practices with respect to that Protected Health Information. The notice should describe: How the covered entity may use and disclose protected health information about an individual. The individual s rights with respect to the information, including a statement that the covered entity is required by law to maintain privacy of protected health information. Whom individuals can contact for further information about the covered entity s privacy policy. When the notice is effective

Pace University is responsible for providing privacy notices to all participants currently enrolled on or after April 14, 2003, in the Pace University Healthcare programs and Healthcare Flexible Spending Account. Participants enrolled in a medical HMO or Delta Dental will receive a privacy notice directly from the carrier. Q-5: What plans or programs at the University are not covered under HIPAA? A: The following plans or programs are not covered under HIPAA: Short term disability benefits Long term disability benefits Worker s Compensation Life Insurance Claims under the Dependent Care FSA that may arise because the spouse/domestic partner or child is ill or because the employee s spouse/domestic partner is physically or mentally unable to assist in caring for a dependent child or other family dependent. Requests for reasonable accommodations under the ADA Requests for family medical leave Any first aid or emergency services in cases of serious illness or injury occurring on Pace University s premises that are provided to employees while awaiting arrival of an ambulance or emergency medical assistance. Requests for certification of coverage of the employee or dependent Other lawful employment-related purposes (e.g., physical or mental inability to work on company premises, drug testing). Q-6: What can Pace University do now with PHI and how will that change after April 14, 2003? Any protected health information received by the Pace University Benefits Office or a member of Human Resources is, and shall continue to be, handled in a confidential manner. Additional measures are being taken to better secure such information. Although employees will not notice many of the new measures, one of them may require health plan members to sign an authorization allowing the University Benefits Office to assist in resolving health care or FSA claim issues on the member s behalf. Q-7 : When can PHI be used and disclosed without authorization? A: Protected Health Information (that is individually identifiable information held by the health plan) may be used or disclosed without authorization or consent only for the purposes of treatment, payment, healthcare operations or pursuant to requirements of law. Only the minimum necessary amount of PHI is permitted without written authorization from the plan participant or that person s authorized Personal Representative.

Q-8: Can you provide examples of treatment, payment and healthcare operations? Treatment generally means the provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party, consultation between health care providers regarding a patient, or the referral of a patient from one health care provider to another. Payment encompasses the various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits under the plan, and to obtain or provide reimbursement for the provisions of health care. Examples of common payment activities include, but are not limited to: Determining eligibility or coverage under a plan and adjudicating claims; Billing and collection activities; Reviewing health care services for medical necessity, coverage, justification of charges, and the like; Utilization review activities. Health care operations are certain administrative, financial, legal and quality improvement activities that are necessary to run its business and to support the core functions of treatment and payment. Common activities include, but are not limited to: Underwriting and other activities related to the creation, renewal or replacement of a contract of health insurance or health benefits and securing or placing a contract for reinsurance of risk relating to health care claims; Conducting or arranging for medical review, legal and auditing services, including fraud and abuse detection and compliance programs; Business planning and development, such as conducting cost-management and planning analyses related to managing and operating the entity; and Business management and general administrative activities Q-9 Can the health plan use or disclose PHI for reasons other than treatment, payment or healthcare operations? A: No, not unless the use and disclosure is made in connection with a HIPAA Authorization or is required or permitted by the HIPAA Privacy Rule. Q-10: How are group health plans expected to determine what is the minimum necessary information that can be used, disclosed or requested for a particular purpose? A: The HIPAA Privacy Rule requires a health plan to make reasonable efforts to limit use, disclosure of, and requests for protected health information to the minimum necessary to accomplish the intended purpose. The minimum necessary standard requires health plans to evaluate their practices and enhance protections as needed to limit unnecessary or inappropriate access to protected health

information. It is intended to reflect and be consistent with, not override, professional judgment and standards. Q-11 Can my spouse/domestic partner be my personal representative? A: Yes, the employee and dependent spouse/domestic partner will be treated as each other s authorized personal representative unless and until a statement to the contrary is filed with the health plan. Q-12 Can a parent be a personal representative for dependent children? A: Parents can be personal representatives for dependent children under the age of 18. Parents are not authorized personal representatives of emancipated children (18 and over) except when the plan administrator or its delegates determines that the child is unable to make his or her own decisions, and unless and until a statement to contrary is filed with the health plan. Q-13: Must the HIPAA Privacy Rule s minimum necessary standard be applied to uses or disclosures that are authorized by an individual? A: No. Uses and disclosures that are authorized by the individual are exempt from the minimum necessary requirements. Q-14 Who do I complain to about violations to my Right to Privacy Protection? A: If you believe that your privacy rights have been violated, you may complain, in writing to the Director of University Benefits, Pace University, 235 Elm Road, Dow Hall, Room 102A, Briarcliff Manor, NY 10510. Complaints may also be made in writing to the Secretary of the US Department of Health and Human Services, Hubert Humphrey Building, 200 Independence Avenue SW, Washington DC 20201, within 180 days after you know or should have known about the act or omission that is the subject of your complaint. Neither the Health Plans nor the Employer will retaliate against you if you file any such complaint. Q-15 Are there penalties for not complying? A: Section 1176 provides that HHS will impose on any person who violates a provision of the Privacy Rule a penalty of up to $100 for each violation. This is capped at $25,000 per year, per violation of an identical requirement or prohibition. In addition, if a person obtains or releases protected health information under false pretenses, the penalty increases to a fine up to $100,000 and imprisonment of not more than five years. In addition, any Pace University employee authorized to handle PHI who intentionally or unintentionally violates any of the applicable policies or any procedures may be subject to disciplinary procedures up to and including termination. Q-16 Where can I receive more information about my rights under HIPAA?

A: You can contact any of the following for more information about your rights under HIPAA: University Benefits Office at (914) 923-2828 Human Resources web page, www.pace.edu/human-resources U.S. Department of Health and Human Services at www.hhs.gov

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information