patient confidentiality & hipaa · hipaa-patient confidentiality & the healthcare worker we...
Post on 16-Oct-2020
5 Views
Preview:
TRANSCRIPT
PATIENT CONFIDENTIALITY & HIPAA
Training Objectives Understand the purpose of HIPAA and the Privacy Rule Understand what we must do to comply Understand the term “Protected Health Information” Understand the rules for use and disclosure of protected health information Understand the Notice of Privacy Practices and patient’s rights Understand the patient’s rights with respect to the patient’s medical record Understand that the Hospital may share protected health information under
some circumstances while still complying with HIPAA
What is HIPAA? Health Insurance Portability and Accountability Act • HIPAA was enacted to improve the efficiency and effectiveness of the health care
system
• HIPAA establishes standards for electronically transmitted health information
• HIPAA establishes standards to protect the privacy of medical records and other protected health information
• HIPAA insures the security of health care information
• HIPAA gives patients greater access to their medical records and greater control over how the records are used
• Covered entities under HIPAA include Health Care providers, Health Insurance plans and health care clearing houses
Protected Health Information (PHI)
Individually identifiable health information Relates to the individual’s past, present or future physical or mental
health condition; to the provision of health care to the individual; or to the past, present or future payment for the provision of health care to the individual
Transmitted or maintained in any electronic, written or spoken format
For example, e-mail, fax, on-line databases, voice mail, video/audio recordings or conversations
HIPAA calls protected health information “PHI”
Protected Health Information (PHI) Use and Disclosure
The Privacy Rule prohibits use or disclosure of protected health information unless: It is used to provide treatment, payment or health care operations; or
Its use is authorized by the client; or
Not sharing the information would present a risk to public health or safety (i.e.
disease reporting as required by statute, bioterrorism activities); or
As required by law
Common PHI Identifiers Names
Addresses
Dates directly related to an
individual such as birth date,
admission date, discharge date
and date of death
Telephone numbers
Fax numbers
Electronic mail addresses
Social Security numbers
Medical record numbers
Health plan beneficiary
numbers
Account numbers
Certificate/license numbers
Vehicle identifiers and serial numbers, including license plate numbers
Device identifiers and serial numbers
Biometric identifiers, including fingerprints and voice prints
Full face photographic images
Web URL (Universal Resource Locators & IP (Internet Protocol) Addresses
Any other unique identifying number, characteristic or code
HIPAA-Patient Confidentiality & the Healthcare Worker
We must:
Keep patient information confidential
Share information on a “need to know” basis with others involved in the patients care
Generally this is the patient, the patient’s physicians, the primary caregivers, the patient’s insurance plan representatives
Unnecessary disclosure may cause embarrassment or humiliation, for the patient, as well as violate the law
Discussions about patient information should be held in a private setting
Examples of Good Practice
Speak quietly when discussing a patient’s condition with family members or others
Avoid using patient names in elevators and hallways
Secure documents in locked offices and cabinets
Use passwords and other security measures on computers
Minimum Necessary Standard
Minimum necessary means that the Hospital will limit the sharing of protected health information to the minimum necessary to do the job
Limit who has access to protected health information
Specify the conditions under which this information can be accessed
Employee Access to Health Information
The following employees generally access patient records: Direct Caregivers
Physicians
Hospital Educators
Medical records employees
Infection Control staff
Dietitians
Case Managers/Discharge planners
Risk Manager
PI/QA staff
Social Services
Pictures, Tape Recordings, Videotapes & News Media
Pictures, tape recordings or videotapes of patients cannot be taken without expressed written permission from the patient, guardian, or health care proxy
Consent is not needed when material will be used for the patients own use
Only specific hospital personnel can release patient information to the news media or press concerning a patient’s presence in the hospital and general condition, but only with the patients permission
No statement may be made if a patient was sexually assaulted
No statement may be made regarding patient intoxication or drug use
Patient Confidentiality Rights under HIPAA
The right to have PHI kept confidential
The right to receive Notice of Privacy Practices from the Hospital
The right to request restrictions on certain use and disclosure of PHI
The right to access, inspect and copy health information
The right to amend or correct PHI
The right to receive an accounting of disclosures of PHI
The right to be notified following a breach of unsecured PHI
Notice of Privacy Practices (NPP)
An individual receiving services from the Hospital is entitled to adequate notice of the uses and disclosures of PHI that may be made by the Hospital, the individual’s rights and the Hospital’s legal obligations
The NPP must contain specific language and descriptions of allowable uses and disclosures regarding an individual’s medical information and how they may access their information
The patient may request restriction on certain use of his/her health care information
The patient my request an accounting of disclosures of his/her PHI including the date of disclosure, the recipient, what was disclosed and the reason for disclosure
Quiz
Click the Quiz button to edit this quiz
top related