Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Transcript of HIPAA:
HIPAA: What is it?
HIPAA: Health Insurance Portability and Accountability Act
2 Main Parts: Title I & II
Title I - individuals and covered dependents are able to receive health insurance benefits when hired by an employer
3 Main provisions
Portability provisions, tax provisions, administrative simplification
Title II - individual's health information is protected by standardizing healthcare related electronic transactions and systems
PHI may be disclosed without written pt. authorization for the purposes of treatment, payment and other health care operations
"Minimum necessary and need to know"
HIPAA and Health Information Technology
HIPAA's Impact on PT and APTA
1996: HIPAA enacted to make health care delivery more efficient and increase number of Americans with insurance coverage
2000-2002: Final version of HIPAA Privacy rule proposed and enacted
Outlines specific regulations related to PHI sharing
Required Compliance by 2003/2004
2005: HIPAA Security rule became effective
outlines specific physical, administrative and technical safeguards for ePHI
2009: HITECH and ARRA
promotes adoption of electronic health records
Requires PHI breach notification
2013: HIPAA Omnibus Rule
HIPAA Safeguards and The HIPAA Omnibus Rule
HIPAA requires authentication and encryption for email communication
Currently: money incentives for EHR implementation
After 2015 - penalties (1% cut for Medicare MDs)
Title II creates national standards for electronic documentation (simplification and security)
ARRA - established security breach protocols
HHS - guidelines for PHI protection
Address (including zip codes)
Dates (birth, admission, discharge, death)
Social security numbers
Medical record numbers
Health plan beneficiary numbers
Vehicle identifiers and serial numbers (including license plate)
Device identifiers and serial numbers
Web Universal Resource Locators (URLs)
Internet Protocol (IP) addresses
Biometric identifiers, including finger and voice prints
Full face photographic images and any comparable images; and
Any other unique identifying number, characteristic, or code.
What is personal health information?
The information you need to know to safely and effectively do your job
Policies related to:
How to accomplish minimum necessary
Who has access to PHI
Situation in which information could be heard by another party
Anytime a patient anticipates sharing of PHI
Violations occurring in -
Disclosure of condition
Disclosure of PMH, PHI
Minimum Necessary Information
Any acquisition or disclosure violating HIPAA privacy regulations
unknown violation - 100-50,000
reasonable cause - 1,000 - 50,000
willful neglect (<30 days) - 10,000 - 50,000
willful neglect (>30 days) - minimum 50,000
Proactive in assisting with HIPAA compliance
Seminars, training modules and news updates
EHR, HIT and other compliance tools and resources for clinicians and business owners
General HIPAA Safeguards
Protections to ensure confidentiality of PHI
Policies and procedures
Chief Security Officer
Passwords, IDs for HPI access
Removal of HPI before device disposal
2013 HIPAA Omnibus Rule
4 Final Rules
1. Modifications mandated by HITECH
Businesses are directly liable for PHI security
prohibits sale of PHI for marketing/fund raising without authorization
Expands individuals rights to receive ePHI
Increased enforcement of non-compliance due to willful neglect
Child proof of immunization to schools
2. Civil money penalty
Increased and tiered penalty structure for violations
3. Breach notification and unsecured PHI
More objective standard of "harm" threshold
4. Genetic Information Nondiscrimination Act
Genetic information is protected under HIPAA
Review: What is HIPAA and how does it apply to us as a future physical therapists?
Murray T, Calhoun M, Philipsen N. Privacy, Confidentiality, HIPAA, and HITECH: Implications for the Health Care Practitioner.
The Journal for Nurse Practitioners. October 2, 2011; 7(9):747-752. Accessed October 29, 2014.
Wang T, Pizziferri L, Volk L, Mikels D, Grant K, Wald J, Bates D, MD. Implementing Patient Access to Electronic Health Records Under HIPAA: Lessons Learned. Perspectives in Health Management. 2004; 1 (11): 1-8.
New HIPAA Regulations for 2013. PT Compliance Group. http://www.ptcompliancegroup.com/blog/new-hipaa-regulations-for-2013. Published 2013. Accessed October 30, 2014.
HIPAA. APTA. http://www.apta.org/HIPAA/. Last updated October 29, 2014. Accessed October 30, 2014.
HIPAA-tising Your Practice. PhysicalTherapy.com. http://www.physicaltherapy.com/articles/hipaa-tising-your-practice-2274. Published April 9, 2014. Accessed October 30, 2014.
Nass S, Levit L, Goston L. Beyond the HIPAA Privacy Rule. Washington (DC): National Academics Press; 2009.
Dacey B, Bholat A. Health Information Technology. Health Information Technology. 2012; 39(4): 633-642.
Health Information Privacy. US Department of Health and Human Services. http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html. Published 2009. Accessed October 30, 2014.
Guidance. University of Chicago. http://hipaa.bsd.uchicago.edu/background.html. Published October 23, 2006. Last updated 2010. Accessed October 30, 2014.
Federal Register. US Department of Health and Human Services. http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf. Published January 25, 2013. Accessed October 30, 2014.
Please pause the Prezi and press play on the video below
By Jessica Chattin, Ariel Hovland, Marissa Santos and Lauren Hopkins