Beruflich Dokumente
Kultur Dokumente
Health Insurance
Portability and
Accountability Act
What is it?
&
How will it affect us?
Who Needs Training and Why
Employees who come in contact with Protected
Health Information are Federally required attend
training
Departments listed later
This presentation is designed to
Familiarize you with
HIPAA regulations
Examples
Medical charts
Problem logs
Photographs
Communications between professionals
Health insurance policy number
Individual Identifiers
Courtesy of www.hipaacow.com
1. Name 1. E-Mail Address
2. Geographic subdivisions smaller than a 2. Social Security numbers
State 3. Medical record numbers
- Street Address 4. Health plan beneficiary numbers
- City 5. Account numbers
- County 6. Certificate/license numbers
- Precinct 7. Vehicle identifiers and serial numbers,
- Zip Code & their equivalent including license plate numbers
geocodes, except for the initial 8. Device identifiers and serial numbers
three digits 9. Web universal resource locations
3. Dates, except year (URLs)
- Birth date 10. Internet Protocol (IP) address numbers
- Admission date 11. Biometric identifiers, including finger
- Discharge date and voice prints
- Date of death 12. Full face photographic images and any
4. Telephone numbers comparable data
5. Fax number 13. Any other unique identifying number,
characteristic, or code
What entities are covered?
Health Plans
Health Care
Clearinghouses
A health care provider who
transmits any health
information in electronic
form
CMU as a Covered “Hybrid” Entity
Hybrid Entity
A single legal entity that is a Covered Entity and whose
Covered Functions are not its primary functions.
CMU’s primary purpose is to educate
areas
CMU as a Covered “Hybrid” Entity
Departments Affected
HR Comp and Benefits: Self-funded Dental
and Prescription Plan
A covered entity because it is a health plan
University Health Services
A covered entity because it is a provider who bills
electronically for care and devices
Communication Disorders: Speech Pathology
and Audiology
A covered entity because it is a provider who bills
electronically for care and devices
HIPAA Inside the “Hybrid”
Internal support entities
General Counsel
Internal Audit
Accounts Receivable
Faculty Personnel
Human Resources- Employee Relations
These areas deal either with disciplinary
regulations, grievances, or healthcare related
transactions
It is not advantageous for these areas to receive
prior authorization before reviewing a file
HIPAA Inside the “Hybrid”
Possible future covered entities:
1. Physician Assistant Program
2. Psychology clinic
3. Physical Therapy Program
As of now they are not billing
electronically, therefore not covered
entities
HIPAA outside the “Hybrid”
Therefore not covered
Information Technology
Special Olympics
International Student Services
Office of International Education
Student Disability Services
Special Olympics
Where does the information come from and/or
go to?
If it is not received from or sent to a provider or
plan, then it is not considered PHI
HIPAA vs. FERPA
FERPA – The Family Educational Rights and Privacy
Act
Protects the rights of students records
Unique to universities
Especially relevant to CMU’s UHS and CDO