your hipaa rules ben burton, jd, mba, rhia, chp, chc notice of privacy practices
Post on 17-Dec-2015
219 Views
Preview:
TRANSCRIPT
ObjectivesWho needs Notice of Privacy Practices
(NPP)How to create your NPPBe able to use it
InternallyExternally
Compliments your existing compliance program
Tools
Who needs a NPP§164.500 Applicability.
Covered entitiesClearinghouses?
When there is PHI some one needs a NPP
45 CFR §164.520
§164.520 Notice of privacy practices for protected health information.Patient’s rightCE’s duty
Exceptions (not covered here) Group health plansInmates
45 CFR §164.520 (b)Written in “plain language”
Think about your patientsFirst visit or soon afterRequired elements
Header - “THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.”
Required by law to provide noticeWill notify of substantive changes – changes apply to
all PHIWho they can contact regarding complaintsContact informationEffective date
Uses and disclosures without a written authorizationTreatment, Payment, and Operations (TPO)
exceptionsMaine – except in an emergency mental
health notes disclosed outside “the office, practice or organizational affiliate” require patient authorization – not required to be in the NPPExceptions (HIE, treatment, and payment)
Uses and disclosures without a written authorization (cont.)Other permissible uses without consent
(cont.) Law
Public health and welfare (protection and reporting) – examples: victims of crime, FDA, communicable diseases, etc.
Crime (limited)Court order or subpoena
Other Care relatedTreatment optionsBenefits Non- CE involved in care (with certain restrictions)
Uses and disclosures without a written authorization (cont.)
Other Research Healthcare oversight (e.g. Joint Commission) To organizations attorney (to defend) Immunizations (specific organizations, federal law requires consent) General information (directory under HIPAA) HIE (other information sharing) Decease patient (medical examiner or corner) Organ and tissue donation Threats to health or safety Work Comp. Correctional institutions Required by military (legally allowed) National security (protect the President)
If engaged in the following Fundraising (need to know about opt. out) Health Plan only
Use of PHI for underwriting Exclude GINA for underwriting purposes
Patient RightsList the rights and how to exercise the rightRights
Request restrictions (Must agree in limited circumstances)
Receive confidential communications must comply with reasonable requests
Copies and inspect designated record setAccounting of disclosures (non routine
disclosures)Paper copy of the noticeTo complainTo complete an authorizationNotification of a Breach
Recommendations Lead with what the patient wants to hear
This is to protect your privacyAllows us to provide the best care
Include contact information multiple placesWant patients to call you with questionsMake sure you are available to answer
questions promptly
Used across departmentsNPP should be used with compliance
programs, etc.Reference NPP
One NPPDon’t duplication forms or P&Ps
Toolshttp://www.ecfr.gov/cgi-bin/text-idx?
SID=2fd6a3d8787d454df3fdabfb170bde47&node=se45.1.164_1520&rgn=div8 (45 CFR § 164.520)
http://www.mainelegislature.org/legis/statutes/22/title22sec1711-C.html (22 MRSA § 1711-C)
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/notice.html (hhs.gov notice of privacy practices)
http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html (FAQs)
top related