Health Insurance Portability and Accountability Act  - PowerPoint PPT Presentation

About This Presentation
Title:

Health Insurance Portability and Accountability Act 

Description:

HIPAA is the acronym of the Health Insurance Portability and Accountability Act of 1996. The main purpose of this federal statute was to help consumers maintain their insurance coverage, but it also includes a separate set of provisions called Administrative Simplification. – PowerPoint PPT presentation

Number of Views:36

less

Transcript and Presenter's Notes

Title: Health Insurance Portability and Accountability Act 


1
1
2
Need For HIPAA
  • In 2000, many patients who were newly diagnosed
    with depression received free samples of
    anti-depressant medications in their mail. This
    left patients wondering how the pharmaceutical
    companies were notified of their disease. After a
    long and thorough investigation, the Physician,
    the Pharmaceutical company and a well-known
    pharmacy chain were all indicted on breach of
    confidentiality charges.
  • This is one of the many reasons the Federal
    Government needed to step in and create
    guidelines to protect patient privacy.
  • HIPAA is Health Insurance Portability And
    Accountability Act

2
3
HIPAA
  • Establishes a Federal floor of safeguards to
    protect the confidentiality of medical
    information.
  • Allows patients to make informed choices when
    seeking care and reimbursement for care based on
    how personal health information may be used.
  • Purpose To protect Protected Health Information
    PHI
  • Effective from April 14, 2003.
  • It is the Standard for security of data systems.
  • It is privacy protection for individual health
    information.

3
4
What Is PHI?
  • The health information which identifies the
    individual
  • Includes information about past, present and
    future health, mental health of an individual
  • Stored, used or disclosed information by covered
    entities or business associates.
  • This includes electronic data, paper documents,
    oral or written conversations, films and
    microfiche.

4
5
Patient Identifier
  • Names
  • Address (street, city, county or zip code)
  • Telephone numbers
  • Fax numbers
  • Social Security numbers
  • All elements of dates (except for years)
  • E-mail address
  • Health plan beneficiary numbers
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Medical record numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers
  • Device identifiers and serial numbers
  • URLs
  • IP address numbers
  • Biometric Identifiers
  • Full face photographs
  • Any other unique identifying number or
    characteristic

5
6
6
7
Covered Entities
  • Defined in the HIPAA rules as (1) health plans
    (2) Health care clearinghouses and (3) Health
    care providers who electronically transmit any
    health information in connection with
    transactions for which HHS has adopted standards.
  • For example, hospitals, academic medical centers,
    physicians, and other health care providers who
    electronically transmit claims transaction
    information directly or through an intermediary
    to a health plan are covered entities.
  • Covered entities can be institutions,
    organizations, or persons

8
Entity And Compliance With HIPAA
  • Notify patients about their privacy rights and
    how their information can be used.
  • Adopt and implement privacy procedures.
  • Train employees so they understand the privacy
    procedures.
  • Designate a Privacy Officer.
  • Secure patient records containing Protected
    Health Information PHI.
  • Covered entity provide custom made health care
    notice for individuals privacy rights and
    disclosure of protected health information-Notice
    of Privacy Practice. It covers the patients
    rights, disclosure rules and regulations.

8
9
Business Associates
  • A person or entity that performs a function or
    activity on behalf of a Covered Entity CE that
    requires the creation, use or disclosure of
    Protected Health Information PHI but who is not
    considered part of the Covered Entities'
    workforce. They must have a written contract or
    agreement that assures they will appropriately
    safeguard Protected Health Information PHI they
    create or receive.

9
10
Business Associates
  • Examples of Business Associates
  • A third party administrator who assists a health
    plan with claims processing.
  • A CPA firm whose accounting services to a health
    care provider involve access to protected health
    information.
  • A health care clearinghouse that translates a
    claim from a non-standard format into a standard
    transaction on behalf of a health care provider
    and forwards the processed transaction to a
    payer.
  • An independent medical transcriptionist who
    provides transcription services to a physician.
  • A pharmacy benefits manager who manages a health
    plans pharmacist network

10
11
Administrative Safeguards
  1. Security Management Process Conduct risk
    analysis on periodic basis, making sure all the
    policies and procedures are followed, sanction
    policy is required, information system activity
    review is necessary for firewall and network and
    for technical infrastructure safeguarding
  2. Assigned security responsibilities Appoint
    HIPAA security officer.
  3. Workforce security Includes authorization and
    supervision, workforce clearance procedures
    only required access and termination procedures.
  4. Information access management by monitoring the
    logins and password management.

11
12
Administrative Safeguards
  1. Security awareness training both covered
    entities and business associates should train the
    work forces, security reminders to be sent out.
  2. Security Incidence procedures Have in place
    security incidence procedures.
  3. Contingency plan evaluation Need data backup,
    data recovery plan, this includes man, machine
    and technology. Also includes emergency mode
    operation plan for business continuity, disaster
    management, for this check for assets, facilities
    and data priority.
  4. Business associate contract It is a contract
    between covered entity and business associate
    based on 45CFR for use and disclosure rules of
    the protected health information.

12
13
Physical Safeguards
  1. Facility access controls Contingency plan,
    validation procedure, all the doors of the
    organization except the front door should be
    locked, front door should lead to reception area
    where every person is scanned.
  2. Workstation uses this safeguards requires
    policies and procedure to protect ePHI on
    workstation level ensuring that they are use
    appropriately.
  3. Workstation security Make sure the work station
    does not walk off, eg use of laptops
  4. Device and Media Control Any media storing PHI
    at the end of life should be disposed off
    properly using shredding machine, formatting, for
    reusable media- formatting, accountability of
    media and hardware.

13
14
Technical Safeguards
  1. Access and audit control user should have unique
    user ID, emergency access, automatic log off and
    password protected screensavers, need encryption
    and decryption, need to generate audit log,
    random audits a required for audit log.
  2. Transmission security It prevents users from
    accessing or changing PHI while in transit. Use
    encryption.
  3. Integrity Making sure that the data is correct
    and accurate.
  4. Person or entity authentication If 3rd party
    requires to access the systems for PHI, they
    should be authenticated first.

14
15
  • Thank You

Contact Us- ITCube BPO Solution, Email-
info_at_itcubebpo.com Phone- 1 (614)
434-2376 10999 Reed Hartman Highway, Suite 134,
Cincinnati, Ohio - 45242, USA
www.itcubebpo.com
15
Write a Comment
User Comments (0)
About PowerShow.com