Hippa PPT - YAYA Medical Training Institute

advertisement
What Nurses Assistants Need to
Know about HIPAA
YAYA Medical Training Institute
Health Insurance Portability and
Accountability Act (HIPAA)
• In mid 1990s Congress passed the Health
Insurance Portability and Accountability Act
(HIPAA) of 1996. As a step toward portability,
HIPAA called for rules that would:
• Provide administrative simplification, basically by
standardizing the interchange of medical data
• Protect patient confidentiality
• Protect the security of patient data
The law also provided for significant fines for violating
standards (for wrongful disclosure of medical data)
Purpose of Module : HIPAA
• The purpose of this module is to provide the
Nurse Assistants with an understanding of
what they need to know about HIPAA
regulations and how they affect the day-today decisions concerning patient care
Objectives of Module
• After reviewing this module, you should be
able to :
• Describe the intent of the HIPAA regulation
• Describe how HIPAA affects confidentiality
• Describe how HIPAA affects information
transfer
Introduction
• Computers are being
used more commonly
in healthcare, and
proved tremendous
benefit
• However, there has
also been a growing
fear that this
increasing use of
computers for storing
– Speed up procedures
and
transmitting
– Ease of communication
patient information
– Access to patient data
may undermine patient
– Access to lab findings
confidentiality
HIPAA
• HIPAA addresses these problems along three
major avenues:
• Administrative simplification
• Patient Confidentiality
• Data Security
Administrative Simplification
• This will involve the personnel in information
systems, medical records and administration.
• However, nurse assistants may be required to use
new data gathering tools, new forms or programs
due to the HIPAA process
• A move to standardize the coding of electronic
transfer of data to insurance agencies and other
payers will be implemented with the HIPAA
Confidentiality
• This section will affect nursing greatly
– “General rule is that patient authorization is
required for any use or disclosure of protected
information that is not directly related to
treatment, payment or health operations”
This is to prevent unauthorized disclosures to
anyone outside the agency or within the agency
Confidentiality in Special Settings
• Home Health – Must not
forget that the nurse
assistant is not a friend of
the patient, but is a
caregiver even though the
setting is more relaxed. Be
careful NOT to reveal
confidential information to
neighbors, family or
friends
• Long Term Care – In
long term care
residents have gotten
to know one another,
there may be questions
about another resident.
AVOID discussing a
resident’s condition
with another resident.
Confidentiality in Special Settings
Psychiatric /Chemical
Dependency Units –
The law requires much more
stringent protection of
privacy in these settings.
It is a violation of federal
law to reveal or even
confirm the identity of a
patient in any psychiatric
setting or chemical rehab.
• Other special
Circumstances
– HIV
– Pregnancy
– Sexual Abuse
– Rape
These patients are may be at
risk for breach of
confidentiality. Normally
parents of minors are
automatically given
information regarding their
child’s condition, but law
varies from State to State.
Know your state’s law.
Reporting Laws and Confidentiality
• There are some exceptions
to a caregiver’s obligation
to keep information
confidential
– Threats
Patients in psychiatric setting
sometimes make threats to
harm others. DO NOT try
to decide if a threat is
serious. REPORT any
threats to your supervisor
immediately.
– Suspected Abuse
When you encounter any
patient who appears to have
been physically abused, you
have a duty to report your
suspicions. Report any
suspected abuse to the nurse
or call the domestic abuse
hotline.
Other exceptions to confidentiality
Criminal
Wounds
Gunshots
Poisonings
Communicable
Diseases and
Emergency
Circumstances
Deaths of an
Uncertain
Nature
Report to your
supervisor and
follow
agency/state
guidelines
How does this affect you?
• If you receive a fax, it must be placed in a secured
area, face down
• DO NOT XEROX portions of the patient’s
chart, MAR, Lab/diagnostic findings
• DO NOT DOWNLOAD patient information
from the computer
• DO NOT TAKE any patient information home
Who Must Comply?
• HIPAA law defines those who must comply as: All persons involved
with access to patient information and medical records. (This includes
Nurse Assistants and Home Health Aides)
• Protected health information includes, but is NOT limited to:
• Social Security Number
• Name
• Address and phone number/ Fax number
• Date of birth
• Diagnosis
• Email address
• Medical record number
• Any account numbers or patient information identifying the
patient
Data Security
• The third major portion of HIPAA is
directly related to confidentiality. This is
the maintaining the security of patient data,
particularly when it is transmitted outside
the institution.
• Each agency will have a policy and
procedure for the handling of transmission,
security of computer systems and codes
Penalty
• Under HIPAA, civil and even
criminal penalties can be
imposed on organizations and
individuals for wrongful
disclosure or other forms of
noncompliance. Wrongful
disclosure is defined as either
knowingly or unknowingly
sharing or disclosing
information without
patient/resident permission.
• A facility that does not follow
these rules may:
– Be responsible for civil
penalties and fines that can
quickly add up to thousands
of dollars.
– Be accused of criminal
violations that can result in
even higher fines and
incarceration
– Be excluded from
participation in the Medicare
Reimbursement Program
Penalties portion of HIPAA
• Civil money penalties are $100.00 per violation,
up to $25,000 per year for each requirement or
prohibition violated
• Criminal penalties are up to $50,000 and one
year in prison for certain offenses.
– Up to $100,000 fines and up to 5 years in prison if the offenses are
committed under false pretenses
– Up to $250,00 in fines and up to 10 years in prison if the
information obtain is found to be used for commercial advantage,
personal gain or malicious harm
Conclusion
• According to HIPAA
legislation, when
information must be
communicated, you must
make sure it is for
treatment or billing or
other uses within the law
and within the
policies/procedures of
your facility
So before you answer the
phone when someone asks
you if a certain celebrity is
a patient in your
hospital…think again!
You will be violating HIPPA
if you do not have the
patient’s permission to
share that information.
References
•
•
•
•
•
•
•
•
•
Cichon, T. (2002) Can you pass the HHN’s HIPAA Quiz? Home Health
Nurse. 20(6), 400 – 401.
How HIPAA will change your practice.(2002) Nursing. 32(9), 54-57.
Maio, J. (2003) HIPAA and the Special status of psychotherapy notes.
Lippincott’s Case Management. 8(1), 24-29
The New HIPAA Law on Privacy and Confidentiality. (2002) Nursing
Administration Quarterly. 26(4). 40-54.
Oram, M. (2003) CEU: HIPAA Regulations Update Course # 106
What you need to know about HIPAA. CEU Course: RN.com
Wilber, K. (2003) HIPAA Security Requirements: Prepare to Comply.
Healthcare. www.medscape.com/view article/448840
Williams, T. (2002) HIPAA… one size does not necessary fit all. Home
Healthcare Nurse. 20(4). 221-224
Ziel, S. (2002) Legal checkpoints: Get on board with HIPAA privacy
regulations. Nursing Management. 23(10), 28-29
Download