hipaa privacy – overview --allied health students-- jill raines university privacy official...
TRANSCRIPT
![Page 1: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/1.jpg)
HIPAA PRIVACY – OVERVIEW--Allied Health Students--
Jill RainesUniversity Privacy OfficialUniversity of Oklahoma
Copyright 2014 – May not be redistributed, reproduced, or used for any purpose without prior written permission of the Office of Legal Counsel
![Page 2: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/2.jpg)
What is HIPAA?
Health Insurance Portability and Accountability Act
Federal law covering privacy and security of certain health information and imposing electronic transaction standards
We’re covering the Privacy Rule in HIPAA
Effective Date: April 14, 2003
![Page 3: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/3.jpg)
HIPAA’s Purpose
Provides comprehensive protection for the privacy of health information and gives patients certain rights regarding that information.
Protection includes regulations governing the management, use, and disclosure of Protected Health Information (PHI).
![Page 4: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/4.jpg)
Protected Health Informationor PHI
Individually identifiable health information created or received by a covered entity
Related to past, present, or future physical or mental health or condition (or the payment for it)
Maintained or transmitted electronically or otherwise
Written or spoken
![Page 5: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/5.jpg)
WHAT MAKES INDIVIDUAL HEALTH INFORMATION IDENTIFIABLE?
(HIPAA DESIGNATED PHI IDENTIFIERS) Name
Address
Dates (except year)
Telephone number
Fax number
Email, URL, IP addresses
Biometrics (finger, voice)
Unique identifying number/code/characteristic
*Reasonable Basis” catch-all
Social Security Number
Account and license numbers
Medical record number
Health plan/insurance number
Device numbers
Vehicle numbers
Identifying photos
![Page 6: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/6.jpg)
Types of Uses and Disclosures of PHI
Disclosures required by law
Disclosures permitted by law
Disclosures pursuant to an Authorization
![Page 7: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/7.jpg)
A covered entity is permitted to use or disclose PHI for treatment, payment, and health care operations (“TPO”)
A covered entity is permitted to make certain other disclosures without authorization as specifically set out in the Privacy Rule.
Examples:
--- Public health and safety
--- Medical examiners
--- Military
Permitted Disclosures
![Page 8: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/8.jpg)
Treatment
Provision, coordination, management of care
Related Services
- referrals
- consultations
![Page 9: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/9.jpg)
Covered Entities are Required to Disclose
PHI in These Circumstances:To an individual (or legal representative) who asks to inspect and copy his/her own PHITo DHHS, CMS, or a state attorney general for investigation or determination of compliance, with the Privacy Rule
In response to a subpoena, court order, law, or similar
![Page 10: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/10.jpg)
Releases via Authorization
Authorization is required for use and disclosure of PHI that is not otherwise allowed by HIPAA. An Authorization must specify a number of detailed elements, including what may be released and to whom
Governed by HIPAA and state law 63 OS 1-502.2
![Page 11: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/11.jpg)
All uses and disclosure of PHI – unless you have an Authorization – are subject to the Minimum Necessary Standard
Definition – the least amount of information necessary to accomplish the purpose
Minimum Necessary Standard
![Page 12: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/12.jpg)
Security Breach
If PHI is disclosed- for purposes other than TPO- without patient authorization- outside of legal exceptions
then HIPAA has been breached
Federal law requires reporting of all unsecured breaches
![Page 13: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/13.jpg)
As of 9/23/13, the patient has the right to receive PHI via email, even if unencrypted
Covered Entity is required to notify patient in writing of risk prior to using email for PHI
Each Covered Entity must implement procedures for emailing PHI
- how to confirm email address
- where to store the email
Emailing PHI??
![Page 14: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/14.jpg)
Does HIPAA Apply to Social Media?
Before you post:– Is the post required by law?– Is the post for TPO?– Do you have patient Authorization?
If no, have you removed ALL identifiers?
![Page 15: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/15.jpg)
Medical Schools surveyed report 60 % have had HIPAA incidents involving
Social Media sites 13% rose to the level of a HIPAA breach
SURVEY SAYS
![Page 16: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/16.jpg)
Social Media Breaches
RN fired after FB post
-post up less than 30 minutes
Emergency worker sanctioned after web post
-no name, no face, no right
![Page 17: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/17.jpg)
Hospital Facebook post leads to ID theftPosted in Oct 21, 2013By Erin McCann, Associate Director
An Arizona hospital is facing scrutiny after one of its employees posted a workplace photo on Facebook, inadvertently including the protected health information and Social Security number of a patient.
The University of Arizona Medical Center South – Campus confirmed that an emergency room employee posted a photo of her workstation back in June, which include a shot of a computer screen containing the patient’s information, according to a report from Green Valley News. Four month later in October, the patient notified law enforcement that she was the victim of identity theft, as someone had attempted to use her information to qualify for food stamps.
Although the photo was removed from Facebook reportedly 30 minutes after it was posted, the patient expressed concern that the employee and their friends are still in possession of the photo. “I want everybody to know about this,” the patient said to GVN. “I don’t want anyone else to go through this kind of hell.”
Healthcare IT News
![Page 18: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/18.jpg)
Monetary PenaltiesViolation Categories and Penalty Amounts
Category(HITECH § 1176(a) (1))
Each Violation All such violations(identical violation/year)
(A) Did not know $100 - $50,000 $1.5 million
(B) Reasonable cause $1000 - $50,000 $1.5 million
(C)(i) Willful neglect(corrected)
$10,000 - $50,000 $1.5 million
(C)(ii) Willful neglect $50,000+ $1.5 million (not corrected)
*Violations occurring on or after 2-18-09
![Page 19: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/19.jpg)
California Medical Center Pays $95,000 for Violating
one Patient’s Medical Privacy Rights
• Responding to newspaper story
• Most information already public
![Page 20: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/20.jpg)
Criminal Penalties
• Fines may be imposed against the Covered Entity and individual employees
• Individual employees may be imprisoned for up to 10 years
![Page 21: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/21.jpg)
Go Directly to Jail
MD sentenced to prison for HIPAA violation
![Page 22: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/22.jpg)
Ensure you are trained in HIPAA
Know who your area’s HIPAA contact person is and stay in touch
Be familiar with OU’s and your facility’s HIPAA policies and forms
Ask for help with HIPAA when you need it-- Privacy Official (405) 271 – 2033
-- Office of Compliance (405) 271 - 2511
YOUR OBLIGATIONS
![Page 23: HIPAA PRIVACY – OVERVIEW --Allied Health Students-- Jill Raines University Privacy Official University of Oklahoma Copyright 2014 – May not be redistributed,](https://reader030.vdocuments.mx/reader030/viewer/2022032605/56649e755503460f94b7597e/html5/thumbnails/23.jpg)
QUESTIONS??