Riley Davis

1
Health Insurance Portability and Accountability
Act
HIPAA

• Riley Davis

2
Brief History

• delivered in Congress in 1996
• designed to protect health insurance coverage for
  workers and their families while between jobs
•  establishes standards for electronic health care
  transactions
• addresses the issues of privacy and security
• in 1996 consisted of just Title I and II

3
Title I Health Care Access, Portability, and
Renewability

• limits restrictions a group health plan can place
  on benefits for preexisting conditions
• regulates coverage and availability to groups and
  individuals
• eradicates hidden exclusion periods

4
Title IIPreventing Health Care Fraud and Abuse
Administrative Simplification Medical Liability
Reform

• defines health care related offenses
• outlines consequences
• civil and criminal penalties
• creates several programs to control fraud and
  abuse
• demands the HHS create rules/regulations
• use and advertising/sharing of PHI (Protected
  Health Info.)
• 5 Rules

5
PHI

• Any information held about health status,
  provision of healthcare, payment of healthcare,
  that can be linked to any individual
• Any part of medical record or payment history

6
Privacy Rule

• Creates regulations for use/disclosure of PHI
• Holders must disclose PHI within 30 days upon
  request by individual
• Keep track of disclosures and document privacy
  policy and procedures

7
Transactions and Code Sets Rule

• Regulates how medical providers submit health
  care claims
• Covers claiming injury and pharmaceuticals, as
  well as advice, enrollment and maintenance,
  eligibility/benefits, hoe claims are handled, and
  how/when notifications are sent out

8
Security Rule

• Deals specifically with Electronic Protected
  Health Information (ePHI)
• Organized into 3 safeguards
• Identifies security standards
• Separates required and addressable standards
• All required must be adopted

9
Three Safeguards

• Administrative Safeguard
• Policies and procedures designed to lay out how
  holders will comply with act
• Physical Safeguard
• Controlling physical access to ePHI
• Technical Safeguard
• Control access to computer systems
• Safeguard standards against hacks/interception of
  ePHI

10
NPI

• National Provider Identifier
• 10 digits (may be alphanumeric)
• Doesnt mean anything other than an identity
• Unique, never re-used
• Holder can only have one

11
Unique Identifiers Rule

• All PHI holders using electronic communication
  must use a single NPI
• NPI replaces all other identifiers

12
Enforcement Rule

• Defines civil penalties for violating HIPAA
• Establishes procedures for investigations and
  hearings

13
Effects Research

• Large decrease in patient follow up
• Harder to recruit patients for studies
• Information Consent Forms are required to go into
  copious amounts of detail on privacy

14
Effects Engineering

• Changes how devices collect/store/share info
• For every old/new device BMEs must consider
• Type of ePHI
• How has access
• Who really needs access
• Connections to other devices
• Types of security
• Physical
• Technical
• Types of equipment effected
• ventilators, ECGs, MRI, CT Scanners, ultra
  sound, monitoring systems, etc.

15
Citations

• Armstrong D, Kline-Rogers E, Jani S, Goldman E,
  Fang J, Mukherjee D, Nallamothu B, Eagle K
  (2005). "Potential impact of the HIPAA privacy
  rule on data collection in a registry of patients
  with acute coronary syndrome". Arch Intern
  Med 165 (10) 11259. doi10.1001/archinte.165.10.
  1125. PMID 15911725.
• Francis, T. (2006). Spread of records stirs fears
  of privacy erosion. The Wall Street Journal
• Grimes, S. (2001). When hipaa finally comes, will
  clinical engineering be ready?. The National
  Center for Biotechnology Information, Retrieved
  from http//www.ncbi.nlm.nih.gov/pubmed/11383309Ti
  tle II
• Grimes, S. (2003). The future of clinical
  engineering the challenge of change. Manuscript
  submitted for publication, University of Rhode
  Island, Kingston, Rhode Island. Retrieved from
  http//ieeexplore.ieee.org/stamp/stamp.jsp?tparn
  umber1195702tag1
• HSS.gov. (n.d.). U.s. department of health
  human services. Retrieved from http//www.hhs.gov/
  ocr/privacy/index.html
• Tribble, D. (2001). The health insurance
  portability and accountability act security and
  privacy requirements. American Journal of
  Health-System Pharmacy, 58(9), Retrieved from
  http//www.ajhp.org/cgi/content/abstract/58/9/763

16
Questions?