Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

HIPAA:

No description
by

Jessica Chattin

on 4 November 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of HIPAA:

HIPAA

HIPAA: What is it?
HIPAA: Health Insurance Portability and Accountability Act

2 Main Parts: Title I & II
Title I - individuals and covered dependents are able to receive health insurance benefits when hired by an employer
3 Main provisions
Portability provisions, tax provisions, administrative simplification
Title II - individual's health information is protected by standardizing healthcare related electronic transactions and systems
PHI may be disclosed without written pt. authorization for the purposes of treatment, payment and other health care operations
"Minimum necessary and need to know"
Patient rights
HIPAA and Health Information Technology
HIPAA's Impact on PT and APTA
History
1996: HIPAA enacted to make health care delivery more efficient and increase number of Americans with insurance coverage
2000-2002: Final version of HIPAA Privacy rule proposed and enacted
Outlines specific regulations related to PHI sharing
Required Compliance by 2003/2004
2005: HIPAA Security rule became effective
outlines specific physical, administrative and technical safeguards for ePHI
2009: HITECH and ARRA
promotes adoption of electronic health records
Requires PHI breach notification
2013: HIPAA Omnibus Rule

HIPAA Safeguards and The HIPAA Omnibus Rule
Summary/Conclusion
References
Email
:
HIPAA requires authentication and encryption for email communication
"Key" sets
ID access
Electronic Documentation:
Currently: money incentives for EHR implementation
After 2015 - penalties (1% cut for Medicare MDs)
Electronic safety
Title II creates national standards for electronic documentation (simplification and security)
ARRA - established security breach protocols
HHS - guidelines for PHI protection
The Basics
Names
Address (including zip codes)
Dates (birth, admission, discharge, death)
Telephone numbers
Fax numbers
E-mail addresses
Social security numbers
Medical record numbers
Health plan beneficiary numbers
Account numbers
Certificate/License numbers

Vehicle identifiers and serial numbers (including license plate)
Device identifiers and serial numbers
Web Universal Resource Locators (URLs)
Internet Protocol (IP) addresses
Biometric identifiers, including finger and voice prints
Full face photographic images and any comparable images; and
Any other unique identifying number, characteristic, or code.
What is personal health information?
Minimum necessary
The information you need to know to safely and effectively do your job
Policies related to:
How to accomplish minimum necessary
Who has access to PHI
Incidental Disclosures
Situation in which information could be heard by another party
Anytime a patient anticipates sharing of PHI
Violations occurring in -
Reception Area:
Disclosure of condition
Payment information
Gym Area:
Disclosure of PMH, PHI
Minimum Necessary Information

Incidental Disclosures

Breach/Violation

Breach
Any acquisition or disclosure violating HIPAA privacy regulations
Fines
unknown violation - 100-50,000
reasonable cause - 1,000 - 50,000
willful neglect (<30 days) - 10,000 - 50,000
willful neglect (>30 days) - minimum 50,000
Staff Education
APTA Action
Proactive in assisting with HIPAA compliance
Seminars, training modules and news updates
EHR, HIT and other compliance tools and resources for clinicians and business owners
General HIPAA Safeguards
Protections to ensure confidentiality of PHI
Administrative
Policies and procedures
Chief Security Officer
Workforce training
Reporting incidents
Technical
Passwords, IDs for HPI access
Encryption
Automatic log-off
Physical
Screen shields
Removal of HPI before device disposal
HPI storage
2013 HIPAA Omnibus Rule
4 Final Rules
1. Modifications mandated by HITECH
Businesses are directly liable for PHI security
prohibits sale of PHI for marketing/fund raising without authorization
Expands individuals rights to receive ePHI
Increased enforcement of non-compliance due to willful neglect
Child proof of immunization to schools
2. Civil money penalty
Increased and tiered penalty structure for violations
3. Breach notification and unsecured PHI
More objective standard of "harm" threshold
4. Genetic Information Nondiscrimination Act
Genetic information is protected under HIPAA
Review: What is HIPAA and how does it apply to us as a future physical therapists?
Murray T, Calhoun M, Philipsen N. Privacy, Confidentiality, HIPAA, and HITECH: Implications for the Health Care Practitioner.
The Journal for Nurse Practitioners. October 2, 2011; 7(9):747-752. Accessed October 29, 2014.

Wang T, Pizziferri L, Volk L, Mikels D, Grant K, Wald J, Bates D, MD. Implementing Patient Access to Electronic Health Records Under HIPAA: Lessons Learned. Perspectives in Health Management. 2004; 1 (11): 1-8.

New HIPAA Regulations for 2013. PT Compliance Group. http://www.ptcompliancegroup.com/blog/new-hipaa-regulations-for-2013. Published 2013. Accessed October 30, 2014.

HIPAA. APTA. http://www.apta.org/HIPAA/. Last updated October 29, 2014. Accessed October 30, 2014.

HIPAA-tising Your Practice. PhysicalTherapy.com. http://www.physicaltherapy.com/articles/hipaa-tising-your-practice-2274. Published April 9, 2014. Accessed October 30, 2014.

Nass S, Levit L, Goston L. Beyond the HIPAA Privacy Rule. Washington (DC): National Academics Press; 2009.
Dacey B, Bholat A. Health Information Technology. Health Information Technology. 2012; 39(4): 633-642.

Health Information Privacy. US Department of Health and Human Services. http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html. Published 2009. Accessed October 30, 2014.
Guidance. University of Chicago. http://hipaa.bsd.uchicago.edu/background.html. Published October 23, 2006. Last updated 2010. Accessed October 30, 2014.

Federal Register. US Department of Health and Human Services. http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf. Published January 25, 2013. Accessed October 30, 2014.


Please pause the Prezi and press play on the video below
By Jessica Chattin, Ariel Hovland, Marissa Santos and Lauren Hopkins
Full transcript