PD205-Protected Health Information (PHI) Overview

Views:
 
Category: Education
     
 

Presentation Description

In service on PHI in the medical office

Comments

Presentation Transcript

PD205-Protected Health Information (PHI) Overview :

PD205-Protected Health Information (PHI) Overview West Valley Educational Group, LLC

COURSE DESCRIPTION :

COURSE DESCRIPTION This in-service explains the uses and disclosures of identifiable health information that are allowed or permitted by the HIPAA Privacy Regulations as it applies to the medical office. Prerequisite: None

What is HIPAA? :

What is HIPAA? Health Insurance Portability and Accountability Act of 1996 or HIPAA is a law designed to protect private health information, uncover fraud and abuse and create standards for transmitting electronic health information. HIPAA also ensures coverage for people when they either lose or switch jobs.

Privacy Rule :

Privacy Rule Under the Privacy Rule, medical offices must safeguard patient records, appoint a privacy officer, train employees on privacy practices and notify patients of their rights. Lastly, the Healthcare providers must have procedures in place as it relates to safeguarding and managing how patient health information will be used.

What is PHI?:

What is PHI? Under the Privacy Rule medical providers must protect all patient information or PHI ( Protected Health Information ) which could identify them. Examples are: name address social security and account numbers photographs and images dates of birth and telephone numbers

What is PHI?:

What is PHI? PHI or PROTECTED HEALTH INFORMATION is defined as individually identifiable health information that is transmitted or maintained by electronic media such as over the internet or transmitted or maintained in any other form or medium.

HIPAA and PHI:

HIPAA and PHI HIPAA applies to all covered entities such as health plans, clearinghouses and healthcare providers. Providers who do not submit electronic claims are not considered a covered entity. A covered entity may release PHI to a family member, relative and friend or other individual on behalf of a patient; only if that person is involved in his/her care.

Business Associates:

Business Associates Certain businesses are affected by HIPAA compliance rules. These Business “Associates” are categorized as billing services, transcription services, accounting and law firms who act on behalf of the medical provider. If a billing or transcription service provides these services for your medical office, you must have a signed Business Associate Agreement.

Minimum Necessary Standard :

Minimum Necessary Standard In the day to day operations of the medical practice, the covered entity must limit the amount of information disclosed. Only the necessary or minimum amount of information necessary should be used to carry out a function. For example, front office staff should not have access to patient’s financial records such as credit card numbers. This information is not needed to carry out his/her front office duties.

Authorization:

Authorization is not needed to disclose PHI for the purpose of submitting claims for reimbursement. But permission is needed for other reasons.

Covered Entity:

Covered Entity The covered entity must verify the identity of the person prior to releasing PHI and must have the patient’s permission:

A dependent child’s information can be released to a parent. :

A dependent child’s information can be released to a parent. PHI may not be released to a parent in situations such as: The patient is an emancipated minor The minor patient is married The treatment relates to the minor’s pregnancy/child Treatment is for an STD, alcohol, drug abuse or mental illness

There are a number of exceptions to the usual rules for release of PHI: :

There are a number of exceptions to the usual rules for release of PHI: Court orders -court subpoena Worker’s compensation cases-may be released to employers Statutory reports -communicable disease Research -clinical research, but patient names may not be identified Correctional institutions -patient who are in custody of correctional institutions and/or law enforcement personnel

Patients have a right to: :

Patients have a right to: Access, copy and inspect their PHI Request amendments to their health information Obtain accounting of most disclosures of their health information Receive communications in a closed envelope Complain about alleged violation of the regulations and the provider’s own information policies Request restrictions on used or disclosures of their PHI

  :

How to Keep your Office in Compliance

How to Keep your Office in Compliance:

How to Keep your Office in Compliance A sign-in sheet will allow patients who come into your office to learn the identity of patients who came to your office earlier. This is acceptable, just so the sign-in sheet does not contain confidential patient information, such as the reason for the visit . 1. Do not use a patient sign-in sheet that includes confidential patient information

How to Keep your Office in Compliance:

How to Keep your Office in Compliance Printed schedules for the day are sometimes posted where it may be seen by a patient - either in an examination room or hallway. 2. Do not locate patient schedules in any place that may be seen by patients or other non-staff individuals.

How to Keep your Office in Compliance:

How to Keep your Office in Compliance If patients and others are sitting in the waiting room, they may hear confidential information. This could represent an unauthorized disclosure of patient information. 3. Conduct confidential conversations in an area that cannot be overheard by other patients or non-staff individuals.

How to Keep your Office in Compliance:

How to Keep your Office in Compliance Make sure that only appropriate information is transferred and that it goes to the proper individuals~ 4. Have formal documented procedures to ensure patient confidentiality when transferring paper files, orders, images and specimens to other offices .

How to Keep your Office in Compliance:

How to Keep your Office in Compliance All healthcare personnel should sign a confidentiality statement; In addition, patients must sign a consent form allowing you to release their confidential information for billing and other purposes. Usually it is found at the bottom of your registration form. Be sure the form is updated to comply with HIPAA privacy rules. 5. Have confidentiality statements in place and make patients aware of confidentiality policies

How to Keep your Office in Compliance:

How to Keep your Office in Compliance All office personnel must receive training about your privacy and security policies and records must be kept regarding the training. The policies must detail what information each staff member has access to. 6. Have formal privacy and security policies for all office personnel, provide training for all office staff and document the training of each individual.

How to Keep your Office in Compliance:

How to Keep your Office in Compliance All faxes and e-mail messages need to state the confidential nature of the contents and include instructions in case the fax or e-mail is misdirected. 7 . Have confidentiality statements on all faxes and e-mail sent by the office staff .

References :

References Medical Privacy (2012) N ational Standards to Protect the Privacy of Personal Health Information Office for Civil Rights retrieved from http://www.hhs.gov/ocr/hipaa American Bar Association (2009) Basic Introduction to the HIPAA Regulations Chicago, IL: American Bar Association

End of Presentation:

End of Presentation Please complete the short quiz You will be able to print your certification of completion upon passing with at least 80% .

authorStream Live Help