hipaa sept 2014
DESCRIPTION
Annual HIPAA for NEMHS employeesTRANSCRIPT
HIPAA
Initial & Annual Training
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
What is HIPAA?
HIPAA = Health Insurance Portability and Accountability Act
Developed by United States Department of Health and Human
Services (HHS)
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
A Common Set of Standards
To ensure health insurance portability To reduce health care fraud and abuse To guarantee the integrity and
confidentiality of health information (“Privacy Rule”)
To improve the operations of health care systems
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
We are most concerned with the “Privacy Rule”
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
The Privacy Rule
The intent of the Privacy Rule is to provide basic rights regarding the use of “Protected Health Information” (PHI).
It protects “individually identifiable health information” – whether electronic, on paper, or oral.
Applies to “covered entities”
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Who is a Covered Entity?
Three Categories: Health plans Health care clearinghouses Health care providers who transmit any
health information electronically
North East Mobile Health Services falls under the Health Care Provider category
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
What’s Required?
The Privacy Rule requires Covered Entities to: Protect PHI Designate a Privacy Officer Look for “leaks” in the policy Conduct & document training for the
ENTIRE organization Develop an Authorization Form for release
of Protected Health Information
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
More Requirements
Develop a Notice of Privacy Practices When permitted, only disclose only the
minimum necessary PHI Update policies and procedures Identify business associates and
create contracts Develop & apply reasonable
administrative, technical, and physical safeguards
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Privacy Officer
An individual within the organization that is responsible for developing and implementing policies and procedures required by HIPAA.
The Privacy Officer for North East Mobile Health Services is Robert Russell and can be reached at 207-510-0073
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Protected Health Information
Any information created or received by a health care provider which relates to:Past, present, or future physical or mental conditionsProvision of health carePast, present, or future payment for care
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Examples of PHI Name Address Date of Birth/Age Social Security Number Medical condition(s) Past medical history Full face photos
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
HIPAA should NEVER negatively impact the quality of patient care or impede the ability to
provide care!!
The appropriate communication of PHI with other health care providers directly involved in
providing patient care does not constitute a violation of HIPAA.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Safeguarding PHI
PCRs should be kept in a secure location
Keep all documentation provided by patient, medical providers, and any others secure throughout your shift, and give to receiving facility or place into the run sheet drop box at each base, at the earliest opportunity.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Safeguarding PHI
In our buildings, offices and crew areas, you don’t need to “hide” paperwork as you are working with it, but you DO need to secure/cover when not at your desk. In other words, do not leave info lying around!
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Safeguarding PHI In vehicles, ensure any paperwork is not
readable from outside the vehicle.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014 NO ! YES !
Use Caution…
Beware of discussion of PHI, such as:
Talking about current or prior incident while re-stocking or cleaning ambulance or writing report where others may overhear
Discussing “interesting” calls, famous patients, or neighbors
Sharing about co-workers or fellow responders PHI
If you are not sure you can say it, DON’T
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Unsure About Discussing an Incident??
Ask yourself… Would a Judge agree that the disclosure
benefited patient care AND was performed with the utmost discretion???
If you were the patient, would you want an “embarrassing” injury or illness to be discussed?
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Notice of Privacy Practices(NPP)
Providers must make a Good Faith attempt to provide a NPP to each patient
They must also make an effort to get a signed “Acknowledgement of Receipt”
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
North East Mobile Health Services Notice of Privacy
Policy
The NPP is provided to EVERY patient by YOU!
We also send the notice when we need to request insurance information, including a signature form which acknowledges receipt and permission to bill insurance on the patient’s behalf.
You must review and be familiar with this material.
A copy can be viewed on the next two slides.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
© North East Mobile © North East Mobile Health Services 2014 Health Services 2014
© North East Mobile © North East Mobile Health Services 2014 Health Services 2014
NPP in Emergency Settings
During the emergency treatment of a patient, the NPP must be given as soon as practical.
DO NOT DELAY emergency care to obtain a signature or give a NPP!
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Permitted Disclosures
Disclosure of PHI is acceptable in
for
Treatment, Payment & Operations
Public Health Regulations
Victims of Abuse Judicial proceedings Law Enforcement Births and Deaths Research Protection of Public
Safety
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Treatment, Payment, and Operations
Treatment – giving PHI to other providers involved in patient care, such as hospital staff
Payment – receiving PHI from other providers, as necessary for billing
Operations – audits, quality assurance assessments
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Public Health Regulations
Information for the purpose of preventing or controlling disease, injury or disability
Reporting births and deaths The conduction of public health
investigations Notification of communicable diseases to
EMS providers involved in an exposure
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Victims of Abuse, Neglect, and Domestic Violence
The law requires (and HIPAA allows): reporting an “endangered adult” believed to be
a victim of battery, neglect, or exploitation to Adult Protective Services or law enforcement
reporting an “endangered child” believed to be a victim of battery, neglect, or exploitation to Child Protective Services or law enforcement
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Judicial Proceedings
Disclosure must only be made when a Judge or Grand Jury orders disclosure through a court
order, subpoena or other lawful request.
**A private attorney does not have the authority to order an EMS provider to discuss a case. If contacted by an attorney, always
contact a manager at North East Mobile Health Services for advice before
proceeding.**
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Law Enforcement
Disclosure to comply with laws requiring the reporting of certain types of injuries
Pursuant to a court order, warrant, subpoena, grand jury subpoena or other lawful process
To assist law enforcement in identifying or locating a suspect, fugitive, material witness or missing person
About the victim of a crime
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Other Allowable Disclosures To coroners, medical examiners and funeral
directors. To organ procurement organizations. For approved medical research projects. To avert a serious threat to health or safety. For military and veterans activities, national
security and other specialized government functions.
To comply with laws relating to workers’ compensation or similar programs.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
The Media and You....
Disclosing health information to the media is not permitted - Management should be the
contact for the media.
Politely inform them “Please see a member of our management team”
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Civil Penalties
The U.S. Dept of Health and Human Services may impose civil penalties
on a covered entity of $100 per failure to comply with a Privacy Rule
requirement.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Criminal Penalties
A person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA faces a fine of $50,000 and up to one year imprisonment.
Criminal sanctions are enforced by the US Department of Justice.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
“I want a copy”
If a patient, law enforcement officer, lawyer, or any other person needs a copy of the patient care report, they need to call North East Mobile Health Services at 207-510-0073 to obtain the form needed. They may also fax a request to 207-883-5566.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
To quote the law firm of Page, Wolfberg, and White
What you see here,What you hear here,When you leave here,
Let it stay here.
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014
Resources
www.hhs.gov/ocr/privacy/
www.hipaa.com/2009/09/hipaa-protected-health-information-what-does-phi-include/
www.privacyruleandresearch.nih.gov/pr_07.asp
© North East Mobile Health Services 2014 © North East Mobile Health Services 2014