Unformatted text preview: HIPAA HIPAA Title I Title II Protected Health Information Covered Entities Civil Penalties Exceptions HIPAA in Pharmacy Patients' Rights HIPAA HIPAA Heath Insurance Portability & Accountability Act, 1996 Law that protects and secures patients' personal health care information Simplify administrative aspects of the health care system Standardize electronic data transactions Protected individuals from discrimination by group health insurance Protected Health Information "Any information, whether oral or recorded in any form or medium that Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse and Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual." Examples of PHI Rx Hardcopies Faxes Emails Billing Records Patient Profiles Phone Calls Patient Counseling Conversations Covered Entities Includes health care plans Health care providers Health care clearinghouses Public health authorities Health care providers that transmit health information in an electronic manner by HIPAA standards Hospitals, Nursing Homes, Doctors, Nurses, Pharmacists, Lab Technicians Title I Prevents group health insurance from discriminating against patients based on Restricts private health insurance from denying coverage due to preexisting conditions Health status Medical History Disability Title II Privacy Rule The Transactions and Code Sets Rule The Security Rule The Unique Identifiers Rule (National Provider Identifier) The Enforcement Rule Privacy Rule April 14, 2003 Provides regulations for use of protected health information Covered entities are able to disclose information to Facilitate health care Receive payment If they have authorization from individual Privacy Rule Give patients rights to access medical records Restrict access of others to obtain private health information Ensure that all patients are made aware of their rights Established civil penalties for improper use of PHI The Transactions and Code Sets Rule October 16, 2003 Included key Electronic Data Information transactions that must comply with HIPAA Used to simplify manner in which all health care claims are processed Security Rule April 21, 2003 Ensures confidentiality, integrity and availability of electronic protected health information Complements Privacy Rule Protects Electronic Protected Health Information Compliance Safeguards Administrative Physical Technical The Unique Identifiers Rule (National Provider Identifier) May 23, 2006 Covered entities using electronic communications that must use a National Provider Identifier (NPI). The NPI is a number that does not have any additional meaning. The NPI does not replace a provider's DEA number, provider's state license number or tax identification number. It is unique, never reused, and a provider can have only one. Standard unique identifiers for health care providers and health plans. Improve the efficiency and effectiveness of the electronic transmission of health information. The Centers for Medicare & Medicaid Services (CMS) has developed the National Plan and Provider Enumeration System (NPPES) to assign these unique identifiers. Enforcement Rule February 16, 2006 Sets civil money penalties for violating HIPAA rules and establishes procedures for investigations and hearings for HIPAA violations. Calculate fines for healthcare providers that have violated any of the HIPAA rules followed by an investigation and administrative hearing. A HIPAA investigation can stem from a complaint made by a patient or other healthcare providers. About 19,000 HIPAA privacy compliance complaints had been filed as of March 31. The allegation most frequently raised is the wrongful use of an individual's health information. Healthcare providers can be liable for HIPAA violations from the actions of people working under their direction. Civil Penalties
Fines up to $25,000 for multiple counts of HIPAA misconduct in one year Fines up to $250,000 and/or up to 10 years imprisonment for knowingly misusing HIPAA information for personal gain Exceptions HIPAA assures equal privacy rights in all states, HIPAA laws override state laws Fines might be avoided in situations where Except in states where the law is more strict than HIPAA regulation Information disclosed is a byproduct of permitted disclosure Could not be reasonably prevented Limited in nature HIPAA in the Pharmacy Designated private consultation areas Proper disposal of medical records Prescription sign out log Provide Notice of Privacy Practices to all patients Excluding children under 18 years of age Patients must acknowledge receipt of notice Either by initialing logbook or signing the notice Administrative Requirements Employee training Designation of a privacy officer All employees working with PHI must be trained in HIPAA requirements Train employees Address patient concerns Institute safeguards on release of information Standard policies and procedures Patients' Rights Gives patients right to examine and obtain a copy of their medical records Allows patients to control the uses and disclosures of their PHI Allows patients to control the validity of PHI They can ask to change inaccurate information Conclusion Approved in Congress in 1996 HIPAA is intended to protect privacy and security of patients. All pharmacies must comply with HIPAA to transmit health care claims Patients have more control over private health information Civil and criminal penalties may result if HIPAA guidelines are not followed ...
View Full Document
- Fall '08
- health information