HIPAA
Sets standards for protecting PHI and governs how covered entities can use and disclose information.
What is the Privacy Rule of the Health Information Portability and Accountability Act (HIPAA).
A persons name, date of birth, address, email address, and phone number.
What is Private Health Information.
Unauthorized access or disclosure of PHI for any reason other than treatment, payment, or healthcare operations
What is a breach of HIPAA.
All requests for Medical Records, even your own personal medical record must go to this department.
What is the Medical Records department (medicalrecords@fccinc.org)?
Establishes security standards and safeguards for protecting ePHI. It outlines requirements for ensuring the confidentiality, integrity, and availability of electronic health information.
What is the Security Rule of the Health Information Portability Accessability and Accountability Act (HIPAA).
written, oral, electronic information that identifies an individual
What is PHI?
The person you report all HIPAA concerns and breaches to.
Who is the Privacy and Security Office?
Treatment, payment, healthcare operations
What are legitimate reasons to access PHI without consent
This is a written document signed by a patient that gives permission for a covered entity to use or disclose PHI for specific purposes not covered by other HIPAA exceptions.
What is authorization?
This means covered entities must make reasonable efforts to limit the use or disclosure of PHI to the minimum necessary to accomplish the intended purpose.
What is the Minimum Necessary Rule?
You always involve your program director when this occurs and NEVER handle this situation without them involved.
What are subpoenas and warrants?
A health plan, a health provider, a health clearing house that electronically transmits health information.
What is a HIPAA covered entity?
The terms, "Sharing, employing, or Analyzing" should be used for this purpose.
What is Using PHI (or PHI moved inside the organization)?
When PHI must be disclosed to the Department of Health and Human Services (HHS) for regulatory compliance and/or certain exceptions when a client/patient asks for it.
What is Mandatory Disclosure? (This still requires a request sent to Medical Records!)
This rule outlines procedures for investigations, hearings, and penalties for violations of HIPAA regulations, if a violation is found once the investigation is complete.
What is the HIPAA Enforcement Rule?
This can occur in a variety of ways, including but not limited to: Waiting Rooms, Visual, Sign-in sheets, Phone calls, Overhearing information, printing to the wrong printer, and shared office spaces.
What is Incidental Uses and Disclosures?
Covered entities are required to provide patients with this type of notice that explains how their health information may be used and disclosed, as well as their privacy rights.
What is the organizational Notice of Privacy Practices?
A staff member provides a community group outside of FCC for AA and has lost the contact information for one of the group members. In group, this person has disclosed they receive services with FCC at another location. The staff member decides to look up their contact information through the FCC Electronic Medical Record (EMR).
What is a breach of HIPAA?
This entity has access to PHI on a case-by-case basis during an investigation of any complaints that have been filed.
Who is the U.S. Department of Health and Human Services?
This entity did NOT get their roles expanded by HIPAA and have more limited access to medical data than in the past.
What are Law Enforcement?