HIPAA.pdfHIPAA2.pdfWhat do we know from public opinion surveys and focus groups? FearOverall six out of ten Americans say they would favor the creation of a secure online “personal health record” service for their own use.Statement% Yes Check for mistakes in your medical record. Check and fill prescriptions. Get results over the Internet. Conduct secure and private email communication with your doctor or doctors. Now let's imagine that a new secure online service was made available to you allowing you to locate your medical records and view them through your own secure online "personal health record" account. Now I am going to read you some things this secure online "personal health record" service would allow you to do after I read each item, please tell me, yes or no, whether or not you would use this secure online "personal health record" service for each activity. There is also a strong interest among consumers in using health information technology to more fully participate in their own health care.But… California Health Care Foundation (2005)• 67% of Americans are concerned about the privacy of their personal medical records--recent privacy breaches have raised their level of concern• 1 in 8 Americans have put their health at riskby engaging in privacy-protective behavior: - Avoiding their regular doctor - Asking a doctor to alter a diagnosis - Paying privately for a test - Avoiding tests altogetherHarris/Westin poll on EHRs and Privacy (2006) • 42% of Americans feel that “privacy risks outweigh expected benefits” from health IT.Statement% Absolute Top PriorityThe identity of anyone using the system would be carefully confirmed to prevent any unauthorized access or any cases of mistaken identity.An individual would be able to review who has had access to their personal health information. Only with an individual’s permission could their medical information be shared through this network. Employers would NOT have access to the secure health information exchange networks.I am going to read you different attributes that could be part of this exchange or network and I would like you to rate the importance of each. As you respond, please keep in mind that not every attribute can be a top priority. Keeping electronic medical information private and secure remains chief among consumer concerns.Americans recognize the “upside”… and the “downside”… • Fear of misuses –52% believe employer uses medical info to affect personnel or insurance benefits (CHCF Survey 2005) –85% believe if genetic test results known to insurers, would refuse policies or charge more (Genetics and Public Policy Center Survey 2007) • Three-quarters of Americans are willing to share their personal information to help public officials look for disease outbreaks and research ways to improve the quality of health care if they have safeguards to protect their identity (Markle Survey 2006).Markle Survey November 2006 • 3/4 want the government to set rules to protect the privacy and confidentiality of electronic health information • 2/3 want the government to set rulescontrolling the secondary uses of information What is HIPAA?Health Insurance Portability and Accountability ActPrivacyLegislation (Finalized Dec 2000-CompliancePrivacy Legislation (Finalized Dec 2000 Compliance 4/14/03)Security StandardsElectronic Data Interchange (EDI) Transaction and Code Sets (Finalized 8/17/00 - Compliance 10/16/02)The potential penalties for non-compliance apply to individualsand institutionindividualsand institutionz Civil and criminal penaltiesFines up to $250 000zFines up to $250,000z Imprisonment up to 10 yearsWHAT IS HIPAA IN WHAT IS HIPAA IN PRINCIPLE?The concept of HIPAA’s Privacy and Security Regulations is simple:yg pKEEP INDIVIDUALS’ HEALTHKEEP INDIVIDUALS’ HEALTH INFORMATION SECURELY CONFIDENTIALHIPAA is a major cultural HIPAA is a major cultural change away from the notion of a healthcare provider’s “ownership” of provider’s “ownership” of an individual’s medical record.HIPAA t th HIPAA represents the consumer-based concept of an individual’s ownership of her/his personal health pinformation, which may be given in which may be given in custody to a health care provider for defined limited provider for defined, limited specific purposes.What does HIPAA mean What does HIPAA mean operationally?It’s all about Protected Health Information (PHI).HIPAA requiresproced ralprocedural, physical and electronic safeguardselectronic safeguardsto protect the privacy and confidentiality of PHI Often it is not just about IT !jBackup SlidesWhat is “Protected Health Information”?Health Information”?PHI means any information, whether oral or recorded in any form or medium that:recorded, in any form or medium, that:a) Is created or received by a healthcare provider, health plan, public health authority, employer, the p,p y, py,insurer, school or university or health clearinghouse; andb)Relates to past present or future physical orb)Relates to past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the ttft tfthiipast, present, or future payment for the provision of health care to an individual; andc)Permits identification of the individual or couldc)Permits identification of the individual or could reasonably be used to identify the individual.What are some examples of HIPAA Privacy Operational Requirements Privacy Operational Requirements for Health Care Providers?Post “Notice of Information Practices” and provide a copy to each patientObtain written consent from each patient for treatment, ppayment, and healthcare operationsRestrict access to PHI by in-house personnel to a “need to know” basisMaintain a record of all disclosures of the PHIMaintain a record of all disclosures of the PHIProvide for individual patient access to copies of his/her PHI, and creating a process for requesting amendment of the PHI record and reviewing the record of disclosures.Use PHI only for treatment (including payment and healthcare operations) unless otherwise authorized.Comply with HIPAA regulations for disclosure of PHI for purposes other than the consented healthcare.purposes other than the consented healthcare.Establish Business Associate agreementsWhat are some examples of HIPAA Privacy Operational HIPAA Privacy Operational Requirements for
View Full Document
Unlocking...