we made it to Friday! HIPAA Review????

Fri, 28 Aug 2015 19:48:36 GMT

ok, HIPAA is the one that is with us at all times and we never forget.

Some small facts about it----which U.S. Department implemented the Privacy Rule?

answer: HHS or the Department of Health and Human Services

Who enforces the Privacy Rule

Office of Civil Rights (OCR) from wthin the HHS

Everyone remembers what PHI Stands for?

Protected Health Information

Who is subject to the Privacy Rule?

All covered "entities" which includes all providers of service who furnishes, bills or is paid for healthcare.

Fri, 28 Aug 2015 20:41:09 GMT

Review what encompasses PHI---which is basically anything which could specifically identify an individual receiving any type of care.

One of the major requirements for a covered entity is to develop and implement privacy policies, most commonly known in our offices as the HIPAA Manual.

These policies should include:

The name of the designated Privacy Official.
Who to contact with issues or complaints
Training and management
Sanctions imposed for violations

these are just a few. The complete Privacy, Security and Breach Notification Audit Program can be found at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html

some things to think about for HIPAA--are the following violations?

Employee sends physician's schedule to him via their personal cell phone which is password protected.

Nurse at hospital sends photo of patient's post-operative wound to physician from their cell phone at the surgeon's request.

Patients in waiting room can hear telephone conversation in the reception area.

Patient in exam room can hear physician talking to his assistant regarding another patient in hallway of office

Faxing patient records to another physicians office.

Messaging within your EHR regarding specific patients.

Sending information via email to another physicians office.

Leaving laptop with access to PHI in examination room

Texting from personal cell phones to physician regarding specific patients.

Fri, 28 Aug 2015 20:50:38 GMT

If we didn't have enough rules--the following "simplication statute and rules" offer some more

HIPAA Administrative Simplification Statute and Rules
To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.
HHS published a final Privacy Rule in December 2000, which was later modified in August 2002. This Rule set national standards for the protection of individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans).
HHS published a final Security Rule in February 2003. This Rule sets national standards for protecting the confidentiality, integrity, and availability of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans).
OCR administers and enforces the Privacy Rule and the Security Rule.
Other HIPAA Administrative Simplification Rules are administered and enforced by the Centers for Medicare & Medicaid Services, and include:
 Transactions and Code Sets Standards
 Employer Identifier Standard
 National Provider Identifier Standard
The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.
All of the HIPAA Administrative Simplification Rules are located at 45 CFR Parts 160, 162, and 164.

The website for the Department of Human Services actually does offer tools for dealing the multitude of HIPAA requirements so you may want to spend a little time taking a look.