hipaa sept 2014

HIPAA

Initial & Annual Training

© North East Mobile Health Services 2014 © North East Mobile Health Services 2014

What is HIPAA?

HIPAA = Health Insurance Portability and Accountability Act

Developed by United States Department of Health and Human

Services (HHS)


A Common Set of Standards

To ensure health insurance portability To reduce health care fraud and abuse To guarantee the integrity and

confidentiality of health information (“Privacy Rule”)

To improve the operations of health care systems


We are most concerned with the “Privacy Rule”


The Privacy Rule

The intent of the Privacy Rule is to provide basic rights regarding the use of “Protected Health Information” (PHI).

It protects “individually identifiable health information” – whether electronic, on paper, or oral.

Applies to “covered entities”


Who is a Covered Entity?

Three Categories: Health plans Health care clearinghouses Health care providers who transmit any

health information electronically

North East Mobile Health Services falls under the Health Care Provider category


What’s Required?

The Privacy Rule requires Covered Entities to: Protect PHI Designate a Privacy Officer Look for “leaks” in the policy Conduct & document training for the

ENTIRE organization Develop an Authorization Form for release

of Protected Health Information


More Requirements

Develop a Notice of Privacy Practices When permitted, only disclose only the

minimum necessary PHI Update policies and procedures Identify business associates and

create contracts Develop & apply reasonable

administrative, technical, and physical safeguards


Privacy Officer

An individual within the organization that is responsible for developing and implementing policies and procedures required by HIPAA.

The Privacy Officer for North East Mobile Health Services is Robert Russell and can be reached at 207-510-0073


Protected Health Information

Any information created or received by a health care provider which relates to:Past, present, or future physical or mental conditionsProvision of health carePast, present, or future payment for care


Examples of PHI Name Address Date of Birth/Age Social Security Number Medical condition(s) Past medical history Full face photos


HIPAA should NEVER negatively impact the quality of patient care or impede the ability to

provide care!!

The appropriate communication of PHI with other health care providers directly involved in

providing patient care does not constitute a violation of HIPAA.


Safeguarding PHI

PCRs should be kept in a secure location

Keep all documentation provided by patient, medical providers, and any others secure throughout your shift, and give to receiving facility or place into the run sheet drop box at each base, at the earliest opportunity.


Safeguarding PHI

In our buildings, offices and crew areas, you don’t need to “hide” paperwork as you are working with it, but you DO need to secure/cover when not at your desk. In other words, do not leave info lying around!


Safeguarding PHI In vehicles, ensure any paperwork is not

readable from outside the vehicle.

© North East Mobile Health Services 2014 © North East Mobile Health Services 2014 NO ! YES !

Use Caution…

Beware of discussion of PHI, such as:

Talking about current or prior incident while re-stocking or cleaning ambulance or writing report where others may overhear

Discussing “interesting” calls, famous patients, or neighbors

Sharing about co-workers or fellow responders PHI

If you are not sure you can say it, DON’T


Unsure About Discussing an Incident??

Ask yourself… Would a Judge agree that the disclosure

benefited patient care AND was performed with the utmost discretion???

If you were the patient, would you want an “embarrassing” injury or illness to be discussed?


Notice of Privacy Practices(NPP)

Providers must make a Good Faith attempt to provide a NPP to each patient

They must also make an effort to get a signed “Acknowledgement of Receipt”


North East Mobile Health Services Notice of Privacy

Policy

The NPP is provided to EVERY patient by YOU!

We also send the notice when we need to request insurance information, including a signature form which acknowledges receipt and permission to bill insurance on the patient’s behalf.

You must review and be familiar with this material.

A copy can be viewed on the next two slides.


NPP in Emergency Settings

During the emergency treatment of a patient, the NPP must be given as soon as practical.

DO NOT DELAY emergency care to obtain a signature or give a NPP!


Permitted Disclosures

Disclosure of PHI is acceptable in

for

Treatment, Payment & Operations

Public Health Regulations

Victims of Abuse Judicial proceedings Law Enforcement Births and Deaths Research Protection of Public

Safety


Treatment, Payment, and Operations

Treatment – giving PHI to other providers involved in patient care, such as hospital staff

Payment – receiving PHI from other providers, as necessary for billing

Operations – audits, quality assurance assessments


Public Health Regulations

Information for the purpose of preventing or controlling disease, injury or disability

Reporting births and deaths The conduction of public health

investigations Notification of communicable diseases to

EMS providers involved in an exposure


Victims of Abuse, Neglect, and Domestic Violence

The law requires (and HIPAA allows): reporting an “endangered adult” believed to be

a victim of battery, neglect, or exploitation to Adult Protective Services or law enforcement

reporting an “endangered child” believed to be a victim of battery, neglect, or exploitation to Child Protective Services or law enforcement


Judicial Proceedings

Disclosure must only be made when a Judge or Grand Jury orders disclosure through a court

order, subpoena or other lawful request.

**A private attorney does not have the authority to order an EMS provider to discuss a case. If contacted by an attorney, always

contact a manager at North East Mobile Health Services for advice before

proceeding.**


Law Enforcement

Disclosure to comply with laws requiring the reporting of certain types of injuries

Pursuant to a court order, warrant, subpoena, grand jury subpoena or other lawful process

To assist law enforcement in identifying or locating a suspect, fugitive, material witness or missing person

About the victim of a crime


Other Allowable Disclosures To coroners, medical examiners and funeral

directors. To organ procurement organizations. For approved medical research projects. To avert a serious threat to health or safety. For military and veterans activities, national

security and other specialized government functions.

To comply with laws relating to workers’ compensation or similar programs.


The Media and You....

Disclosing health information to the media is not permitted - Management should be the

contact for the media.

Politely inform them “Please see a member of our management team”


Civil Penalties

The U.S. Dept of Health and Human Services may impose civil penalties

on a covered entity of $100 per failure to comply with a Privacy Rule

requirement.


Criminal Penalties

A person who knowingly obtains or discloses individually identifiable health information in violation of HIPAA faces a fine of $50,000 and up to one year imprisonment.

Criminal sanctions are enforced by the US Department of Justice.


“I want a copy”

If a patient, law enforcement officer, lawyer, or any other person needs a copy of the patient care report, they need to call North East Mobile Health Services at 207-510-0073 to obtain the form needed. They may also fax a request to 207-883-5566.


To quote the law firm of Page, Wolfberg, and White

What you see here,What you hear here,When you leave here,

Let it stay here.


Resources

www.hhs.gov/ocr/privacy/

www.hipaa.com/2009/09/hipaa-protected-health-information-what-does-phi-include/

www.privacyruleandresearch.nih.gov/pr_07.asp


hipaa sept 2014

Health & Medicine