privacy
freedom from unauthorized intrusion
privacy laws are based on
amendments to the U.S Constitution
First Amendment
Freedom of Speech
Third Amendment
No soldier shall in time of peace be quartered in a private citizens home without permission
-The U.S. Supreme Court has never had to decide a Third Amendment case.
Fourth Amendment
-Unreasonable search and seizure prohibited (must have a warrant)
-Patients records are private
Fifth Amendment
-can not be forced to testify against yourself
-Miranda warning
Ninth Amendment
-Constitutional rights shall not be used to deny other rights retained by the people
-not specified but implied the right to health care and housing
Fourteenth Amendment
equal protection under the law
-no discrimination
Basis for privacy laws
1. information collected should be limited to what is necessary to carry out the functions of the business or government agency collecting the information
2. access to personal information should be limited to those employees who must use the information
True or False HIPAA of 1996 was the first FEDERAL legislation to deal thoroughly and explicitly with the privacy of medical records
true
ARRA
The American Recovery and Reinvestment Act 2009
ARRA Changes to HIPAA
-Changes to privacy and security regulations
-Changes in enforcement
-Changes that address health information held by covered entities or business associates not expressly covered by HIPAA
-Changes relevant to HIPAA administration and studies, reports, an
Health Insurance Portability and Accountability Act (HIPAA)
- A federal law passed in 1996 to protect privacy and other health care rights for patients
-help workers keep continuous health insurance coverage for themselves and their dependents when they change jobs
-protect confidential medical information from un
covered entities
healthcare providers and clearing houses that transmit HIPAA transactions electronically, and must comply with HIPAA standards and rules
Covered transactions
electronic exchanges of information between two covered entity business partners using HIPAA mandated transaction standards
designated record set
records maintained by or for a HIPAA-covered entity including
-medical records
-billing records
-any record used by a covered entity to make decisions about an individual
protected health information (PHI)
information that contains one or more patient identifiers
-PHI must be protected whether written spoken or electronically transmitted
Notice of privacy practices (NPP)
a written document detailing a health care providers privacy practices
-health care providers must provide patients with a written notice of providers privacy policies
-patient is asked to sign and acknowledge the form
de-identify
to remove from healthcare transactions all information that identifies patients
Examples of covered entities
-hospitals
-nursing homes
-laboratories
-health plans ect...
-if a health care practice exchanges even one of the standard transactions via electronic means with any payer the practice is a covered entity.
examples of covered transactions
-a physician submitting an electronic claim to a health plan
-physician sending a referral or authorization electronically to another physician lab or
-hospital
-any healthcare provider that employs another entity such as a clearing house or billing agenc
state preemption
if a states privacy laws are stricter than HIPAA and/or guarantee more patients rights the state law takes precedence
standard
a general requirement under HIPAA
rule
a document that includes the HIPAA standards or requirements
transaction
transaction of information between two parties for financial or administrative activities
code set
under HIPAA terms that provide for uniformity and simplification of health care billing and record keeping
-any set of codes used to encode data
Treatment Payment and Healthcare Operations (TPO)
allows providers to provide treatment, disclose PHI for payment, and conduct the necessary within and among other covered entities
under TPO treatment means
that a health care provider can provide care
under TPO payment means
a provider can disclose PHI to obtain reimbursement for healthcare
under TPO health care operations refers to
activities and transactions in and among its entities , including conducting quality assessments, reviewing the competence or qualifications of health care practitioners, and managing the business
Business associates of covered entities must have
contracts or agreements guaranteeing that PHI will be safeguarded
Are business associates covered entities
no
Business associates include
accountants, legal consultants, transcription services and other like services provided to covered entities
Business associates must protect
PHI
HIPAA standards
standard 1 : transactions and code sets
standard 2 : privacy rule
standard 3 : security rule
standard 4 : national identifier standards