hipaa for the physician office
Post on 01-Jan-2016
Embed Size (px)
DESCRIPTIONHIPAA for the Physician Office. Maintaining Patient Privacy and Confidentiality. Introduction. HIPAA Understanding what it means to your practice What does it mean to the office manager and staff of the physician office?. Overview. NPP. HPI. BA. Code Sets. Covered entities. TPO. - PowerPoint PPT Presentation
Maintaining Patient Privacy and Confidentiality*
HIPAAUnderstanding what it means to your practiceWhat does it mean to the office manager and staff of the physician office?
HIPAA-Administration SimplificationElectronic Data and the Privacy ComponentCovered entitiesPOHotlinesCode SetsTPOCMSBANPPHPI
Covered Entities Business AssociatesPHI: Protected Health InformationTPO: Treatment, Payment, OperationsMinimal Necessary DataAmendmentsNotice of Privacy Practices
Hospitals and Physicians as providers of HealthcareHealth plans: BCBS, Tufts, US Family etcClearinghouses: The businesses that process billing information for the hospitals and submit it to the health plans
Businesses that work with your practice but dont provide health careThe Business has employees that may have access to PHIIn general, we must have contracts with each BA and the BA agrees to follow our privacy policiesAction must be taken if the BA misuses PHI
Confidential information about our patients that we can not release.Patients may request their PHIYou may charge a reasonable fee for providing records and a physician summary of the information. 60 Days to comply.No automatic access to:
Psychotherapy notesInfo on a criminal, civil or administrative action or proceedingPHI that is subject to or exempted from CLIA (HIV data)Health information that a qualified provider has determined would endanger the life of the individual if he had access to it. Requires special authorization specifically identifying this information, the dates and to whom it will be released.
TreatmentPaymentOperationsCovered entities may use PHI for the purposes of TPO without obtaining an individuals authorization.
Only the information that is needed should be released.To carry out the intended purpose. Exceptions:When PHI is disclosed for treatment purposesDisclosed to the individual to which the PHI pertainsWhen PHI is disclosed to DHHS
Patients may request that amendments be added to the patient medical recordRequest can be required to be in writingRequest could be denied, but..The request and the reason for the denial will need to be kept in the patients medical record60 days to comply with the request
The six components of the NoticeInformation regarding uses and disclosures of PHIClarification of individual rightsCovered entities responsibilities (CPN)How to file complaintsContact information for more informationEffective date of the noticeAcknowledgement of receipt by the patient
To request an accounting of health information disclosuresTo request an amendment to their health informationInspect and copy their health informationTo receive confidential communications about their health informationTo request restrictions on uses or disclosuresTo complain to the covered entity and to the secretary of the Department of Health and Human Services
Accessing Employee Medical RecordsTraining the front desk: NPPTraining Medical Record StaffProcessing releases of informationSecurity BasicsNot leaving Computers unattendedSharing passwordsThe foot prints of the computer*Blah Blah Blah
http://www.hhs.gov/ocr/hipaa/HIPAA: The questions you didnt know to ask ISBN: 0-13-114426-X