HIPPA

Purpose
o Improve efficiency and effectiveness of health care
systems
o Standardize exchange of information
Privacy rule
o Federal standard for protected health info protection
o Preserve quality healthcare
o Assure security, privacy, and confidentiality
Covered entities
o Health care providers
o Health plans
Health insurance issuers
Medicare
Medicaid
o Health care clearing houses/data processing centers
Transaction standards
o Health care claims or equivalent
o Health care payment/remittance
o Coordination of benefits
o Health care claim status
o Enrollment/disenrollment in a health plan
o Verifying eligibility
o Referral certification/authorization
Privacy practices
o Privacy rule required activities
Notification
Implementation
Training
Privacy official
Security
o What is protected health information?
Test results, name, DOB, medical record,
address, etc
o Consent
Not required for exchange of PHI for treatment,
payment other healthcare operations
Privacy rule purpose
o Patient
o Est. boundaries
o Safeguards
o Penalties for violations
o Public disclosure

Patient protection
o Access to medical records
Have to get it in 30 days
o Notice of privacy practices
o Limits use of PHI (protected health info)
o Prohibition on marketing
o Confidential communication
Exceptions to the rule
o Allowed by law
o Public health authorities
o Health research
o Abuse/neglect reporting
o Law enforcement
Enforcement and violation
o US department of health and human services office
for civil rights (OCR)
o Investigations
o Filing complaints
o Civil and criminal penalties
HIPPA and research
o De-identify info
o PHI with authorization
o PHI without authorization under limited
circumstances
Patient privacy
o Make sure you have the right patient
o Discuss everything in an enclosed room
o Separate children from parents when asking
questions
o Use password for PACS
o Spread documents
o Do not leave x-rays up on screen
HITECH
o Health info technology for economic and clinical
health
o Part of the American recovery and reinvestment act
o February 17,2009 signed into law
o Controls privacy
o Cleared up gray-areas beyond health care providers
HITECH GOALS
o Nationwide electronic exchange of info
o Investing $20 billion to encourage electronic
exchange of info

o Improving quality of care, reduction of medical errors

and duplicative care
o Strengthening privacy laws and to protect PHI from
misuse
HITECH
o Create a national health info technology
infrastructure
o Creation of national standards for the sharing of info
between healthcare providers
o Provide funding to establish processes
o Medicare/Medicaid incentives
Reduced payments to those without electronic
records
o Goal by 2014 all paperless
HITECH
o Impact on healthcare
Increase rules for HIPPA
Prevent accidental disclosures, computer
theft, data network breaches
Varying deadlines for compliance to new rules
Effects on business associates
Breach of unsecured PHI
Accounting of all info disclosed
Electronic Health Record only