HIPAA's not HIPPA . . . it's HIPAA.

HIPAA stands for: Health Insurance Portability and Accountability Act of 1996

Who does HIPAA affect?

HIPAA is a regulation that affects the entire health care system from clients to employers, health plans, physician offices, hospitals, optometric offices, dental offices, billing companies, healthcare clearing houses and other entities providing healthcare treatment.

This not only includes clinical clients but research subjects and health information in student records, etc.

What is the scope of HIPAA?

HIPAA affects the privacy and security of protected health information.

Why do you need to know about HIPAA?

HIPAA is federal law. It requires all health personnel to be educated about HIPAA policies and procedures. It includes anyone who does or might have access to any client information. ALL Senior Home Support and Home Health Support staff must complete the training annually.

--------------------------------------------------------------------------------

What will be covered in this module?

Information about HIPAA and how it influences policy, procedures, and your job duties in regards to client health information security.

The Privacy Rule

The privacy rule became effective April 14, 2003, and is intended to protect or safeguard the privacy of protected health information. Protected health information is information that relates to the past, present, or future physical or mental health or condition of an individual, the provision of healthcare to an individual --OR-- the past, present, or future payment for the provision of health care to an individual.

--------------------------------------------------------------------------------

A closer look at the privacy rule

Confidentiality of health information

Senior Home Support and Home Health Support believes that all clients and employees have the right to have their medical, financial, personal information, records, data, etc. protected from unauthorized viewing, discussion, or disclosure. In order to safeguard this right, employees may only look at, use, discuss, or disclose company, client, or employee information for reasons which are necessary to the performance of their assigned duties.

A breach of client or employee confidentiality--whether intentional or unintentional--may result in the immediate termination of employment.

Do's and Don'ts

• Protected health information can be shared with other outside providers and members of their staff on a "need-to-know" basis.

• Verbal communication of confidential information is never to be discussed in open, public areas.

• Disclose information only with the authorization of the adult client or legal guardian.

• Protected health information should only be given out via the telephone in limited circumstances. Verification of the requestor and the necessity for that person to have the information must be obtained.

• Leaving a message confirming scheduled appointments if client can be done as long as there is no specific information regarding the nature of the appointment.

Challenging individuals

Each employee is responsible for challenging an individual who accesses areas that contain protected health information. Employees should question and verify the need of that individual accessing the area.

Ways to maintain confidentiality

• Discuss client information privately--never in elevators, lobbies, or corridors.

• Charts, forms, and information containing client information should be face down and if in a mailbox or wall box should face the wall or door.

• Do not leave client records or information where unauthorized individuals can read them.

• Dispose of unnecessary client information in proper receptacles for shredding--not ordinary trash.

Accessing protected health information

Direct access to client medical records for routine business functions shall not be permitted except to Senior Home Support and Home Health Support employees who:

• Have a "need to know" to perform their job duties

• Have been instructed on policies of confidentiality including penalties arising from violation

How can you protect yourself?

Limit the amount of client information you access to the minimum necessary to do your job. Take special care to respect the privacy of co-workers and colleagues who are clients. Do NOT discuss the health care services of your co-workers with anyone who is not directly involved in their care. Do not ask co-workers why they are clients or reasons for accessing health services.

--------------------------------------------------------------------------------

Client Rights in regards to HIPAA

Notice of privacy practices

• Right to receive a "Notice of Privacy Practices"

• Right to authorize any use or disclosure of protected health information

• Right to restrict use or disclosure of protected health information

• Right to an accounting disclosure of protected health information

• Right to inspect, copy, and request amendments to protected health information

HIPAA requires us to inform all clients of our Notice of Privacy Practices. Each client must receive a copy --the first time they are visited. This will be placed in the chart. Clients may request another copy of the Notice of Privacy Practices at any time.

There is a formal process for clients to:

• Request copies of their medical record

• Obtain a list of who has accessed their information

• Make amendments to their medical records

• Complain to the Privacy Officer of Senior Home Support or Home Health support about our privacy practices

Who has access to information

Clients have the right to access and obtain a copy of their medical or billing information.

We must act upon a request within 30 days (60 days if information is off-site). As always has been the case in maintaining good client relations, we expect to act on such requests as soon as possible.

Valid authorization for release of information must be in writing and contain the following items:

• name and address of the client

• name of the person or facility requesting the release of the client's record

• name of the person or provider to whom the client's health record is to be released

• purpose of the release

• specific and meaningful description of the information to be released from the health record

• signature of the client or the signature of the client's legal representative

• date on which the consent was signed

• statement of the individual's right to revoke the authorization

• date, event, or condition on which the consent will expire if not previously revoked

Authorization is NOT required for the following:

For payment reasons:

• To the client's health insurance in pursuit of payment

• To Billing/Auditing personnel with a need to know For treatment reasons:

• Emergency release via telephone for client care

• Release to health care providers who are involved in the treatment of the client and have a demonstrated need

• Facilitate conversation for clients with limited English proficiency

For operational reasons:

• Research/audits by governmental agencies

• Peer review/QA review

• Accreditation Council on Optometric Education (ACOE) accreditation visits

• Risk Management

Authorization IS required to release information to the following:

• The client

• The family of a client (husband, wife, daughter, son, etc.)

• Attorneys not directly employed by Indiana University (requests for records after accidents, etc.)

• Insurance companies

• Life insurance

• Employers/employment agencies

• Armed forces

• Health care facilities--if not a direct client transfer or the listed referring physician

• Social agencies

• Disability determination

• Workers' compensation

Accounting of disclosures - Individuals have the right to request an "accounting of disclosures."

The request must be made in writing.

The following disclosures of health information do not require tracking:

• Disclosures for treatment, payment and healthcare operations

• Disclosures made to the individual or authorized by the individual

• Disclosures made to persons involved in the individual's care

• Disclosures for national security or intelligence purposes

• Disclosures to correctional institutions or law enforcement

• Disclosures made prior to the date of compliance of the privacy standard

Complaints - Clients have always had the right to complain to Senior Home Support and Home Health Support or any of our state, federal, or accrediting bodies. Under HIPAA, we have to tell clients that they can complain to us or the Department of Health and human Services Office of Civil Rights.

Dr. Norm Peterson and Dr. Ann Crabb are designated HIPAA compliance officers for Senior Home Support and Home Health Support to which a client can call for information or file a complaint. This information is on the notice of privacy practice statement that each client receives.

The following requirements must be met in order to file a complaint:

• A complaint must be filed in writing.

• The person must name the facility where the violation occurred and describe what happened.

• The complaint must be filed within 180 days of occurrence.

You have reached the end of the HIPAA training manual.

Please complete the test sheet and return it to your supervisor.

--------------------------------------------------------------------------------

HIPAA electronic information resources

http://aspe.hhs.gov/admnsimp/Index.htm

http://www.ahima.org/

http://www.aha.org/hipaa/

http://www.hcfa.gov/medicaid/hipaa/

http://www.aamc.org/members/gir/gasp/Bottom of Form