Health Insurance Portability & Accountability Act (HIPAA)
19,656 views
46 slides
Dec 09, 2019
Slide 1 of 46
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
About This Presentation
This presentation contains all the information about the HIPAA, the Privacy rule and its clinical significance. It also contains the information about the violation of the HIPAA policy.
Slide Content
Submitted to : Dr. D. Manjula Asst. Professor, Department of Pharmaceutics, COPS, DSU Banglore . Presented by: Arpitha . B . M M Pharm (I SEM), Department of Pharmaceutics, COPS, DSU Banglore . Health Insurance P ortability & A ccountability A ct (HIPPA)
C ontents Introduction Titles Clinical Significance Violation Reference 2 Department of Pharmaceutics COPS, DSU HIPAA
Introduction HIPAA Privacy Regulations establishes national standards for protecting the privacy of health information. They impose new restrictions on the use and disclosure of protected health information. They give patients greater access to and protection of their medical records and more control over how they are used. 3 Department of Pharmaceutics COPS, DSU HIPAA
HIPAA HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is a privacy rule provides Federal Privacy Protection for individually identifiable health information called Protected Health Information. The Privacy rule is located at 45 CFR Part 160 and Subparts A and E of Part 164. In Aug 14, 2002- modification to the HIPAA Privacy rule. 4 Department of Pharmaceutics COPS, DSU HIPAA
Reason for arrival In 2000 many patients were diagnosed with depression They all received free samples of an anti depressant medication After investigation the truth has been disclosed that the doctors shared patient information with the industries. Patients wonder why..? 5 Department of Pharmaceutics COPS, DSU HIPAA
6 Department of Pharmaceutics COPS, DSU HIPAA
Titles of HIPAA There are 5 HIPAA sections of the act, known as titles Title I: Focus on Health Care Access, Portability, and Renewability. Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform. Title III: Tax-related health provisions governing medical savings accounts Title IV : Application and enforcement of group health insurance requirements Title V: Revenue offset governing tax deductions for employers 7 Department of Pharmaceutics COPS, DSU HIPAA
8 Department of Pharmaceutics COPS, DSU HIPAA
TITLE 1: Focus on Health Care Access, Portability, and Renewability. Regulates the availability of group and individual health insurance policies: Title I modified the Employee Retirement Income Security Act along with the Public Health Service Act and the Internal Revenue Code. Requires the coverage of and limits the restrictions that a group health plan places on benefits for pre existing conditions. Group health coverage may only refuse benefits that relate to pre existing conditions for 12 months after enrollment or 18 months for late enrollment. 9 Department of Pharmaceutics COPS, DSU HIPAA
Covers "creditable coverage" which includes nearly all group and individual health plans, Medicare, and Medicaid. Explains a "significant break" as any 63-day period that an individual goes without creditable coverage. It allows premiums to be tied to avoiding tobacco use, or body mass index. Department of Pharmaceutics COPS, DSU HIPAA 10
Requires insurers to issue policies without exclusion to those leaving group health plans with creditable coverage exceeding 18 months. Renew individual policies for as long as they are offered or provide alternatives to discontinued plans for as long as the insurer stays in the market without exclusion regardless of health condition. Department of Pharmaceutics COPS, DSU HIPAA 11
TITLE 2: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform Establishes policies and procedures for maintaining privacy and security of individually identifiable health information, outlines offenses, and creates civil and criminal penalties for violations. Creates programs to control fraud and abuse and Administrative Simplification rules. Requires the Department of Health and Human Services (HHS) to increase the efficiency of the health care system by creating standards. 12 Department of Pharmaceutics COPS, DSU HIPAA
HHS initiated 5 rules to enforce Administrative Simplification: (1) Privacy Rule, (2) Transactions and Code Sets Rule, (3) Security Rule (4) Unique Identifiers Rule (5) Enforcement Rule. Department of Pharmaceutics COPS, DSU HIPAA 13
Privacy rule The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by "covered entities." Upon request, covered entities must disclose PHI to an individual within 30 days. Entities mentioned earlier must provide and disclose PHI as required by law enforcement for the investigation of suspected child abuse. Covered entities may disclose PHI to law enforcement if requested to do so by court orders, court-ordered warrants, subpoenas, and administrative requests. A covered entity may reveal PHI to facilitate treatment, payment, or health care operations without a patient's written authorization. Department of Pharmaceutics COPS, DSU HIPAA 14
2013 Omnibus Rule Update The revised definition of "significant harm" to an individual in the analysis of a breach provides more investigation to cover entities with the intent of disclosing breaches that were previously not reported. Protection of PHI was changed from indefinite to 50 years after death. The HIPAA Privacy rule may be waived during a natural disaster. 15 Department of Pharmaceutics COPS, DSU HIPAA
Right to access The Privacy Rule requires medical providers to give individuals PHI access when an individual requests information in writing. A provider has 30 days to provide a copy of the information to the individual. An individual may request the information in electronic form or hard-copy. Individuals have the right to access all health-related information (except psychotherapy notes of a provider, and information gathered by a provider to defend against a lawsuit). Providers may charge a reasonable amount for copying costs. However, no charge is allowable when providing data electronically from a certified electronic health record (EHR) using the "view, download, and transfer." Department of Pharmaceutics COPS, DSU HIPAA 16
An individual may authorize delivery of information using either encrypted or un-encrypted email, media, direct messaging, or other methods. When using un-encrypted delivery, an individual must understand and accept the risks of data transfer. An individual may request in writing that their PHI be delivered to a third party. An individual may request in writing that their provider send PHI to a designated service used to collect or manage their records, such as a Personal Health Record application. Department of Pharmaceutics COPS, DSU HIPAA 17
Any other disclosures of PHI require the covered entity to obtain prior written authorization. When a covered entity discloses PHI, it must make a reasonable effort to share only the minimum necessary information. The Privacy Rule gives individuals the right to demand that a covered entity correct any inaccurate PHI and make reasonable steps to ensure the confidentiality of communications with individuals. The Privacy Rule requires covered entities to notify individuals of PHI use, keep track of disclosures, and document privacy policies and procedures. Department of Pharmaceutics COPS, DSU HIPAA 18
Relative disclosure Hospitals may not reveal information over the phone to relatives of admitted patients. This has impeded the location of missing persons, as seen after airline crashes, hospitals are reluctant to disclose the identities of passengers being treated, making it difficult for relatives to locate them. 19 Department of Pharmaceutics COPS, DSU HIPAA
Transactions and Code Sets Rule HIPAA was created to improve health care system efficiency by standardizing health care transactions. HIPAA added a new Part C titled "Administrative Simplification" that simplifies healthcare transactions by requiring health plans to standardize health care transactions. For example, medical providers who file for reimbursements electronically have to file their electronic claims using HIPAA standards to be paid. Department of Pharmaceutics COPS, DSU HIPAA 20
Security Rule The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information, the Security Rule is limited to Electronic Protected Health Information. It lays out 3 types of security safeguards: a. administrative, b. physical, and c. technical Department of Pharmaceutics COPS, DSU HIPAA 21
Administrative safeguards Covered entities must adopt a written set of privacy procedures and designate a privacy officer for developing and implementing required policies and procedures. Procedures must identify classes of employees who have access to electronic protected health information and restrict it to only those employees who need it to complete their job function. The procedures must address access authorization, establishment, modification, and termination. Department of Pharmaceutics COPS, DSU HIPAA 22
Entities must show appropriate ongoing training for handling PHI. Covered entities must back up their data and have disaster recovery procedures. Internal audits are required to review operations with the goal of identifying security violations. Procedures should document instructions for addressing and responding to security breaches Department of Pharmaceutics COPS, DSU HIPAA 23
Physical safeguards Control physical access to protected data. Control the introduction and removal of hardware and software from the network and make it limited to authorized individuals. Access to equipment containing health information must be controlled and monitored. Require proper workstation use, and keep monitor screens out of not direct public view. If the covered entities utilize contractors or agents, they too must be thoroughly trained on PHI. Department of Pharmaceutics COPS, DSU HIPAA 24
Technical Safeguards HIPAA covered entities such as providers completing electronic transactions, healthcare clearinghouses, and large health plans must use only the National Provider Identifier (NPI) to identify covered healthcare providers in standard transactions. The NPI replaces all other identifiers used by health plans, Medicare, Medicaid, and other government programs. The NPI does not replace a provider's DEA number, state license number, or tax identification number. Department of Pharmaceutics COPS, DSU HIPAA 25
The NPI is 10 digits (may be alphanumeric), with the last digit a checksum. The NPI cannot contain any embedded intelligence; the NPI is a number that does not itself have any additional meaning. NPI is unique and national, never re-used, and except for institutions, a provider usually can have only one. An institution may obtain multiple NPIs for different "sub-parts" such as a free-standing surgery or wound care center. 26 Department of Pharmaceutics COPS, DSU HIPAA
Unique Identifiers Rule (National Provider Identifier, NPI) HIPAA covered entities such as providers completing electronic transactions, healthcare clearinghouses, and large health plans must use only the National Provider Identifier (NPI) to identify covered healthcare providers in standard transactions. The NPI replaces all other identifiers used by health plans, Medicare, Medicaid, and other government programs. The NPI does not replace a provider's DEA number, state license number, or tax identification number. 27 Department of Pharmaceutics COPS, DSU HIPAA
Enforcement Rule The Enforcement Rule sets civil financial money penalties for violating HIPAA rules. It establishes procedures for investigations and hearings for HIPAA violations. The US Dept. of Health and Human Resources has investigated over 20,000 cases resolved by requiring changes in privacy practice or by corrective action. If noncompliance is determined, entities must apply corrective measures. Complaints have been investigated against pharmacy chains, major health care centers, insurance groups, hospital chains, and small providers. Department of Pharmaceutics COPS, DSU HIPAA 28
According to the HHS, the following issues have been reported according to frequency: Misuse and disclosures of PHI No protection in place for health information Patient unable to access their health information Using or disclosing more than the minimum necessary protected health information No safeguards of electronic protected health information The most common entities required to take corrective action according to HHS are listed below by frequency: Private Practices Hospitals Outpatient Facilities Group insurance plans Pharmacies 29 Department of Pharmaceutics COPS, DSU HIPAA
Title III : Tax-related health provisions governing medical savings accounts Standardizes the amount that may be saved per person in a pre-tax medical savings account. Makes medical savings accounts available to employees covered under an employer-sponsored high deductible plan for a small employer and self-employed individuals 30 Department of Pharmaceutics COPS, DSU HIPAA
Title IV: Application and enforcement of group health insurance requirements Title IV specifies conditions for group health plans regarding coverage of persons with pre-existing conditions and modifies continuation of coverage requirements. It clarifies continuation coverage requirements and includes COBRA clarification. 31 Department of Pharmaceutics COPS, DSU HIPAA
Title V : Revenue offset governing tax deductions for employers Provisions for company-owned life insurance for employers providing company-owned life insurance premiums, prohibiting the tax-deduction of interest on life insurance loans, company endowments, or contracts related to the company. Repeals the financial institution rule to interest allocation rules. 32 Department of Pharmaceutics COPS, DSU HIPAA
Amends provisions of law relating to people who give up United States citizenship or permanent residence, expanding the expatriation tax to be assessed against those deemed to be giving up their US status for tax reasons Makes ex-citizens' names part of the public record through the creation of the Quarterly Publication of Individuals Who Have Chosen to Expatriate. Department of Pharmaceutics COPS, DSU HIPAA 33
Clinical Significance of HIPAA HIPAA Privacy and Security Rules have substantially changed the way medical institutions and health providers function. The complex legalities and severe civil and financial penalties, as well as the increase in paperwork and implementation costs, have substantially impacted health care. All health professional must be trained in HIPAA and have an understanding of the potential pitfalls and acts that can lead to a violation. 34 Department of Pharmaceutics COPS, DSU HIPAA
Clinical Care Effects HIPAA, combined with stiff penalties for violation, may result in medical centers and practices withholding life-saving information from those who may have a right to it and need it at a crucial moment. Through the HIPAA Privacy Rule, the US Government Accountability Office found that health care providers were "uncertain about their legal privacy responsibilities and often responded with an overly guarded approach to disclosing information. Ultimately, the solution is the education of all healthcare professionals and their support staff so that they have a full appreciation of when protected health information can be legally released. Department of Pharmaceutics COPS, DSU HIPAA 35
Education and Training Effects Education and training of healthcare providers and students are needed to implement HIPAA Privacy and Security Acts. Effective training and education must describe the regulatory background and purpose of HIPAA and provide a review of the principles and key provisions of the Privacy Rule Department of Pharmaceutics COPS, DSU HIPAA 36
Research Effects HIPAA restrictions on research have affected the ability to perform chart-based retrospective research. This has made it challenging to evaluate patients prospectively for follow-up. HIPAA Privacy rules have resulted in as much as a 95% drop in follow-up surveys completed by patients being followed long-term. Recruitment of patients for cancer studies has led to more than 70% decrease in patient accrual and a tripling of time spent recruiting patients and mean recruitment costs. 37 Department of Pharmaceutics COPS, DSU HIPAA
Significant legal language required for research studies is now extensive due to the need to protect participant's health information. While such information is important, a lengthy legalistic section may make these complex documents less user-friendly for those who are asked to read and sign them. Many researchers believe that the HIPAA privacy laws have a negative impact on the cost and quality of medical research Department of Pharmaceutics COPS, DSU HIPAA 38
Costs The costs of developing and revamping systems and practices and an increase in paperwork and staff education time have impacted the finances of medical centers and practices at a time when insurance companies and Medicare reimbursements have decreased. Ultimately, the cost of violating the statutes is so substantial, that scarce resources must be devoted to making sure an institution is compliant, and its employees understand the statutory rules. Department of Pharmaceutics COPS, DSU HIPAA 39
Funding organization Department of Pharmaceutics COPS, DSU HIPAA 40 Agency of Health care Research and Quality. Centre for Disease control and Prevention. Centre for Medi care and Medic aid Services
Violations of HIPAA Civil For an individual who unknowingly violates HIPAA: $100 fine per violation with annual maximum of $25,000 for those who repeats violation. There is also $50,000 per violation, and an annual maximum of $1.5 million. For a violation that is due to reasonable cause and not due to willful neglect: There is $1000 charge per violation, an annual maximum of $100,000 for those who repeatedly violates. 41 Department of Pharmaceutics COPS, DSU HIPAA
There is also $50,000 penalty per violation and an annual maximum of $1.5 million. For HIPAA violation due to willful neglect, with violation corrected within the required time period. There is $10,000 penalty per violation, an annual maximum of $250,000 for repeat violations. There is $50,000 penalty per violation with an annual maximum of $1.5 million. For HIPAA violation due to willful neglect and not corrected. There is a penalty of $50,000 per violation, an annual maximum of $1,000,000, $50,000 per violation, and an annual maximum of $1.5 million. Department of Pharmaceutics COPS, DSU HIPAA 42
Criminal For entities that are covered and specified individuals who obtain or disclose individually identifiable health information willfully and knowingly: The penalty is up to $50,000 and imprisonment up to 1 year. For offenses committed under false pretenses, the penalty is up to $100,000 with imprisonment up to 5 years. For offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm, the penalty is up to $250,000 with imprisonment up to 10 years. 43 Department of Pharmaceutics COPS, DSU HIPAA
The US Department of Health and Human Services Office for Civil Rights has received over 100,000 complaints of H IPAA violations, many resulting in civil and criminal prosecution. Examples of HIPAA violations and breaches include: Hospital staff disclosed HIV testing concerning a patient in the waiting room, staff were required to take regular HIPAA trainings, and computer monitors were repositioned. Office manager accidentally faxed confidential medical records to an employer rather than a urologists office, resulting in a stern warning letter and a mandate for regular HIPAA training for all employees. Surgeon fired after illegally accessing personal records of celebrities, fined $2000 and 4 months in jail. Department of Pharmaceutics COPS, DSU HIPAA 44
Reference https://www.ncbi.nlm.nih.gov/books/NBK500019/ Tariq RA, Hackert PB. StatPearls [Internet]. StatPearls Publishing; Treasure Island (FL): Jun 18, 2019. Patient Confidentiality. [ PubMed ] https://www.hipaajournal.com/what-is-considered-protected-health-information-under-hipaa/ 45 Department of Pharmaceutics COPS, DSU HIPAA
46 Department of Pharmaceutics COPS, DSU HIPAA
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 19,656
- Slides 46
- Favorites 21
- Age 2205 days
Related Slideshows
36
Clinical approach Dyspnoea A simple and practical approach.pptx
ShajahanPS
39 views
238
Cancer Awareness therapy for public by Dr Kanhu Charan Patro
kanhucpatro
38 views
41
Prof Satyadas Memorial oration Kozhikode.pptx
ShajahanPS
34 views
26
Viral Conjunctivitis and it;s managment.pptx
ZaidAzhar
46 views
30
Essential Thrombocythemia 15 Years of Experience at the Hematology Department, Algies, Algeria.pdf
sbelakehal
41 views
10
Hypertension sign symptoms cmdt style with regime
androiddabest
42 views