Course Developed by The University of Illinois at Chicago College of Medicine Department of Medical Education and Healthcare Online Training, LLC

 

COURSE OUTLINE

Introduction

• Purpose of training
• Ensure patient privacy
• Become acquainted with key elements of privacy

Two major guidelines

• Use good common sense in dealing with privacy
• If in doubt, contact the Privacy Officer

What is HIPAA all about?

• Congress passed act in 1996
• Portability of health insurance
• Administrative simplification
  • Electronic transactions
  • Privacy

Electronic transactions

• Universal claim form
• Single set of billing codes
• Most claims to be filed electronically

Security of computerized healthcare information

• Major emphasis on erecting electronic "firewalls"
• Similar to effort put forth in meeting Y2K requirements

Privacy of healthcare information

• Privacy regulations effective April, 2003
• Prohibits disclosure of Protected Health Information
• Exceptions include:
  • Disclosure to the individual patient
  • Providing medical treatment and payment
  • Other disclosures as authorized by patient

Protected Health Information (PHI)

• Individually Identifiable Health Information
• Transmitted in writing, electronically, orally
• Specific identifiers

PHI and oral communications

• All PHI must be protected from disclosure
• Special care must be afforded to oral communications

Examples of common privacy traps

The Privacy Officer

• Provider's primary contact and responsible person for privacy issues
• The "go to" person for any question regarding privacy

Civil and criminal penalties

• Applicable for knowingly violating the privacy law
• Civil penalties of $100 for each violation
• Criminal penalties include jail term and major fine

Privacy training requirements

• Applicable to all who may have access to PHI
• All must receive training by April, 2003

Two major forms

• Notice of Privacy Practices
• Authorization Form
• Consent Form is not required

Notice of Privacy Practices

• Presented prior to or during admission
• Provides details of provider's privacy practices
• Must accommodate non-English speaking patients

Authorization Form

• Patient makes decision as to who can receive information
• Patient has right to no disclosure
• Patient has right to total disclosure

What information can be released?

• Condition and location of patient
• Unless specifically blocked by patient
• Patient may change or revoke authorization

Consent Form is not required

• Not required to receive treatment
• Provider has option to request voluntary usage of Consent Form

Patient's rights regarding their PHI

• Patients have right to receive copies of PHI
• Patient can request that PHI be amended
• Records must be kept for six years

Conclusion

• Training contains the basic elements of privacy
• Changes are likely in the future

Copyright © 2003 Healthcare Online Training, LLC