hipaa for the physician office
DESCRIPTION
HIPAA for the Physician Office. Maintaining Patient Privacy and Confidentiality. Introduction. HIPAA Understanding what it means to your practice What does it mean to the office manager and staff of the physician office?. Overview. NPP. HPI. BA. Code Sets. Covered entities. TPO. - PowerPoint PPT PresentationTRANSCRIPT
Maintaining Patient Privacy and Confidentiality
1
HIPAA Understanding what it means to your
practice What does it mean to the office manager
and staff of the physician office?
HIPAA-Administration Simplification Electronic Data and the Privacy Component
Covered entities
POHotlines
Code SetsTPO
CMS
BANPPHPI
Covered Entities Business Associates PHI: Protected Health Information TPO: Treatment, Payment, Operations Minimal Necessary Data Amendments Notice of Privacy Practices
Hospitals and Physicians as providers of Healthcare
Health plans: BCBS, Tufts, US Family etc
Clearinghouses: The businesses that process billing information for the hospitals and submit it to the health plans
Businesses that work with your practice but don’t provide health care
The Business has employees that may have access to PHI
In general, we must have contracts with each BA and the BA agrees to follow our privacy policies
Action must be taken if the BA misuses PHI
Confidential information about our patients that we can not release.
Patient’s may request their PHI You may charge a reasonable fee for
providing records and a physician summary of the information.
60 Days to comply. No automatic access to:
Psychotherapy notes Info on a criminal, civil or administrative
action or proceeding PHI that is subject to or exempted from
CLIA (HIV data) Health information that a qualified
provider has determined would endanger the life of the individual if he had access to it.
Requires special authorization specifically identifying this information, the dates and to whom it will be released.
Treatment Payment Operations Covered entities may use PHI for the
purposes of TPO without obtaining an individual’s authorization.
Only the information that is needed should be released.
To carry out the intended purpose. Exceptions:
◦ When PHI is disclosed for treatment purposes◦ Disclosed to the individual to which the PHI
pertains◦ When PHI is disclosed to DHHS
Patient’s may request that amendments be added to the patient medical record
Request can be required to be in writing Request could be denied, but…..
◦ The request and the reason for the denial will need to be kept in the patient’s medical record
60 days to comply with the request
The six components of the Notice◦ Information regarding uses and disclosures of
PHI◦ Clarification of individual rights◦ Covered entities responsibilities (CPN)◦ How to file complaints◦ Contact information for more information◦ Effective date of the notice
Acknowledgement of receipt by the patient
•To request an accounting of health
information disclosures
•To request an amendment to their health
information
•Inspect and copy their health information
•To receive confidential communications
about their health information
•To request restrictions on uses or disclosures
•To complain to the covered entity and to
the secretary of the Department of Health
and Human Services
Accessing Employee Medical Records Training the front desk: NPP Training Medical Record Staff
◦ Processing releases of information Security Basics
◦ Not leaving Computers unattended◦ Sharing passwords◦ The foot prints of the computer
14
Blah Blah Blah
http://www.hhs.gov/ocr/hipaa/ HIPAA: The questions you
didn’t know to ask ISBN: 0-13-114426-X