Embed Size (px)
Citation preview
Confidentiality and HIPAA
Learning Objectives
Articulate the basic rules governing privacy of medical information and records.
Identify the client’s rights under HIPAA.
Demonstrate the ability to respond appropriately when faced with situations involving confidentiality.
The importance of confidentiality
Find a partner. Discuss your experiences with confidentiality.
The Health Insurance Portability and Accountability Act - HIPAA
This act is about privacy regulations – it requires that providers protect the privacy and security of their consumers health information in new ways.
Allows consumers additional rights to access, amend and protect their own health care information.
What is Protected Health Information?
PHI is information that contains identifiers.
PHI replaces the phrase “confidential medical information”
What are basic identifiers that we use?
Protected Health Information
PHI includes the following: Treatment PlansMedical Records Incident ReportsOutcomes DatabasesData Collection SheetsTreatment Team Meeting Notes
Protected Health Information
PHI also includes:Treatment informationHealth information (physical or mental)Payment information It includes past, present or future info It includes information that is verbal,
electronic or on paper
Informing Clients
A Privacy Notice is given to each client upon entry into mental health services
Each person must sign that he/she has received this Privacy Notice
Authorization of Disclosure
Releasing of PHI requires authorization from the consumer, except under very specific circumstances.
The request must state the type and amount of information the consumer is willing to disclose.
HIPAA authorization forms must be signed and updated annually.
Basic guidelines
Be conscientious about “need to know” in all situations
Outside the team, disclosure should be guided by Authorization Staying within the parameters of the specific
information required During emergencies, the safety and health of the
consumer permits disclosure of necessary PHI Let’s look at some examples:
Permitted Disclosures
To the consumer, subject to certain restrictions.
For treatment, payment or healthcare operations (I.e., Quality, Risk Management) within the agency.
Child abuse, elder abuse, Tarasoff warnings Secret Service To Guardians of adults To parents/family member of minors
Permitted Disclosures, cont.
With a valid authorization: for any reason to a third partyTo family members or other persons
involved with the individual’s care.
Disclosures Usually Permitted
To Public Health Authorities – reports of death or disease
In response to a court order or as permitted by law with regard to litigation
To avert a serious threat to health or safety to the individual or others.
Substance Abuse Records
Substance abuse records are highly protected – the client must make a specific authorization to disclose this information
There are three exceptions to the rule requiring client authorization of substance abuse records Child Abuse Reporting Crime committed at/or threatened at the treatment
facility Medical emergency
Confidentiality and Teams
HIPAA, California law and W&I Code permit sharing of healthcare and mental health information, without authorization, for treatment purposes.
If a new team is developing, including non-medical partners such as probation officers, law enforcement, teachers or social workers, it is easiest to get an authorization signed at the outset.
Sharing substance abuse information
HOWEVER, authorization is required when sharing substance abuse treatment program information with providers who are “outside of the program.”
The Designated Record Set
All of the client’s information is contained in the Designated Record Set DRS replaces the term “medical record”
A DRS is a group or records maintained by a provider or for a provider that is the medical and billing records; case or medical management records; or information used in whole or in part to make healthcare decisions about the individual.
The DRS
The information within the DRS is what the HIPAA regulations protect.
Consumers have specific rights under HIPAA with regard to their DRS.
Consumer Rights Under HIPAA
Right to access DRSRight to amend DRSRight to restrict sharing of PHIRight to accounting of uses and
disclosures of PHIRight to file complaints concerning a
providers Privacy Practices
Accountability Under HIPAA
Civil penalties$100/violation up to $25,000 per calendar
year (Office of Civil Rights)
Accountability Under HIPAA
Criminal penalties (enforced by the Dept. of Justice) Up to $50,000 and 1 year of imprisonment for
knowingly obtaining and disclosing PHI Up to $100,000 and 5 years imprisonment if
committed under false pretenses. Up to $250,000 and 10 years imprisonment if
committed with intent to sell, transfer, or use for commercial advantage, personal gain or malicious harm.
Accountability Under HIPAA
The provider can be sued by consumers for improper disclosures of PHI
Disciplinary actions against employees for failure to follow policies and procedures regarding consumer privacy.
Protecting the Security of PHI
Each healthcare site must have appropriate administrative, technical and physical safeguards to protect the privacy of protected health information.
Protecting the Security of PHI
Agencies must put into place reasonable safeguards to prevent intentional or unintentional use or disclosure.
Exercise
Identifying Breaches of Confidentiality
The Bottom Line
Think confidentiality and privacy.Share only what you need to share.Always have an authorization before
sharing someone’s confidential information.
Exercise
Confidentiality Situations
