This presentation contains all the information about the HIPAA, the Privacy rule and its clinical significance. It also contains the information about the violation of the HIPAA policy.
Chandrapur Call girls 8617370543 Provides all area service COD available
Health Insurance Portability & Accountability Act (HIPAA)
1. Submitted to:
Dr. D. Manjula
Asst. Professor,
Department of Pharmaceutics,
COPS, DSU
Banglore.
Presented by:
Arpitha.B. M
M Pharm (I SEM),
Department of Pharmaceutics,
COPS, DSU
Banglore.
Health Insurance Portability &
Accountability Act (HIPPA)
3. Introduction
• HIPAA Privacy Regulations establishes national
standards for protecting the privacy of health
information.
• They impose new restrictions on the use and
disclosure of protected health information.
• They give patients greater access to and protection
of their medical records and more control over how
they are used.
3Department of Pharmaceutics COPS, DSU HIPAA
4. HIPAA
• HIPAA is the Health Insurance Portability and
Accountability Act of 1996.
• It is a privacy rule provides Federal Privacy Protection
for individually identifiable health information called
Protected Health Information.
• The Privacy rule is located at 45 CFR Part 160 and
Subparts A and E of Part 164.
• In Aug 14, 2002- modification to the HIPAA Privacy
rule.
4Department of Pharmaceutics COPS, DSU HIPAA
5. Reason for arrival
In 2000 many patients were diagnosed with depression
They all received free samples of an anti depressant
medication
After investigation the truth has been disclosed that the
doctors shared patient information with the industries.
Patients
wonder
why..?
5Department of Pharmaceutics COPS, DSU HIPAA
7. Titles of HIPAA
There are 5 HIPAA sections of the act, known as titles
• Title I: Focus on Health Care Access, Portability, and
Renewability.
• Title II: Preventing Health Care Fraud and Abuse;
Administrative Simplification; Medical Liability Reform.
• Title III: Tax-related health provisions governing
medical savings accounts
• Title IV: Application and enforcement of group health
insurance requirements
• Title V: Revenue offset governing tax deductions for
employers
7Department of Pharmaceutics COPS, DSU HIPAA
9. TITLE 1: Focus on Health Care Access,
Portability, and Renewability.
• Regulates the availability of group and individual health
insurance policies:
• Title I modified the Employee Retirement Income
Security Act along with the Public Health Service Act
and the Internal Revenue Code.
• Requires the coverage of and limits the restrictions that
a group health plan places on benefits for pre existing
conditions.
• Group health coverage may only refuse benefits that
relate to pre existing conditions for 12 months after
enrollment or 18 months for late enrollment.
9Department of Pharmaceutics COPS, DSU HIPAA
10. • Covers "creditable coverage" which includes
nearly all group and individual health plans,
Medicare, and Medicaid.
• Explains a "significant break" as any 63-day
period that an individual goes without
creditable coverage.
• It allows premiums to be tied to avoiding
tobacco use, or body mass index.
Department of Pharmaceutics COPS, DSU HIPAA 10
11. • Requires insurers to issue policies without exclusion
to those leaving group health plans with creditable
coverage exceeding 18 months.
• Renew individual policies for as long as they are
offered or provide alternatives to discontinued plans
for as long as the insurer stays in the market without
exclusion regardless of health condition.
Department of Pharmaceutics COPS, DSU HIPAA
11
12. TITLE 2: Preventing Health Care Fraud and Abuse;
Administrative Simplification; Medical Liability Reform
• Establishes policies and procedures for maintaining
privacy and security of individually identifiable health
information, outlines offenses, and creates civil and
criminal penalties for violations.
• Creates programs to control fraud and abuse and
Administrative Simplification rules.
• Requires the Department of Health and Human
Services (HHS) to increase the efficiency of the
health care system by creating standards.
12Department of Pharmaceutics COPS, DSU HIPAA
13. • HHS initiated 5 rules to enforce Administrative
Simplification:
(1) Privacy Rule,
(2) Transactions and Code Sets Rule,
(3) Security Rule
(4) Unique Identifiers Rule
(5) Enforcement Rule.
Department of Pharmaceutics COPS, DSU HIPAA 13
14. Privacy rule
• The HIPAA Privacy Rule regulates the use and disclosure of
protected health information (PHI) by "covered entities."
• Upon request, covered entities must disclose PHI to an
individual within 30 days.
• Entities mentioned earlier must provide and disclose PHI as
required by law enforcement for the investigation of
suspected child abuse.
• Covered entities may disclose PHI to law enforcement if
requested to do so by court orders, court-ordered warrants,
subpoenas, and administrative requests.
• A covered entity may reveal PHI to facilitate treatment,
payment, or health care operations without a patient's
written authorization.
Department of Pharmaceutics COPS, DSU HIPAA 14
15. 2013 Omnibus Rule Update
• The revised definition of "significant harm" to an
individual in the analysis of a breach provides more
investigation to cover entities with the intent of
disclosing breaches that were previously not
reported.
• Protection of PHI was changed from indefinite to 50
years after death.
• The HIPAA Privacy rule may be waived during a
natural disaster.
15Department of Pharmaceutics COPS, DSU HIPAA
16. Right to access
• The Privacy Rule requires medical providers to give
individuals PHI access when an individual requests
information in writing. A provider has 30 days to
provide a copy of the information to the individual. An
individual may request the information in electronic
form or hard-copy.
• Individuals have the right to access all health-related
information (except psychotherapy notes of a provider,
and information gathered by a provider to defend
against a lawsuit).
• Providers may charge a reasonable amount for copying
costs. However, no charge is allowable when providing
data electronically from a certified electronic health
record (EHR) using the "view, download, and transfer."
Department of Pharmaceutics COPS, DSU HIPAA 16
17. • An individual may authorize delivery of information
using either encrypted or un-encrypted email,
media, direct messaging, or other methods. When
using un-encrypted delivery, an individual must
understand and accept the risks of data transfer.
• An individual may request in writing that their PHI be
delivered to a third party.
• An individual may request in writing that their
provider send PHI to a designated service used to
collect or manage their records, such as a Personal
Health Record application.
Department of Pharmaceutics COPS, DSU HIPAA 17
18. • Any other disclosures of PHI require the covered
entity to obtain prior written authorization.
• When a covered entity discloses PHI, it must make a
reasonable effort to share only the minimum
necessary information.
• The Privacy Rule gives individuals the right to
demand that a covered entity correct any inaccurate
PHI and make reasonable steps to ensure the
confidentiality of communications with individuals.
• The Privacy Rule requires covered entities to notify
individuals of PHI use, keep track of disclosures, and
document privacy policies and procedures.
Department of Pharmaceutics COPS, DSU HIPAA 18
19. Relative disclosure
• Hospitals may not reveal information over the
phone to relatives of admitted patients.
• This has impeded the location of missing
persons, as seen after airline crashes,
hospitals are reluctant to disclose the
identities of passengers being treated, making
it difficult for relatives to locate them.
19Department of Pharmaceutics COPS, DSU HIPAA
20. Transactions and Code Sets Rule
• HIPAA was created to improve health care system
efficiency by standardizing health care transactions.
HIPAA added a new Part C titled "Administrative
Simplification" that simplifies healthcare transactions
by requiring health plans to standardize health care
transactions.
• For example, medical providers who file for
reimbursements electronically have to file their
electronic claims using HIPAA standards to be paid.
Department of Pharmaceutics COPS, DSU HIPAA 20
21. Security Rule
• The Security Rule complements the Privacy Rule.
While the Privacy Rule pertains to all Protected
Health Information, the Security Rule is limited to
Electronic Protected Health Information.
• It lays out 3 types of security safeguards:
a. administrative,
b. physical, and
c. technical
Department of Pharmaceutics COPS, DSU HIPAA 21
22. Administrative safeguards
• Covered entities must adopt a written set of privacy
procedures and designate a privacy officer for
developing and implementing required policies and
procedures.
• Procedures must identify classes of employees who
have access to electronic protected health
information and restrict it to only those employees
who need it to complete their job function.
• The procedures must address access authorization,
establishment, modification, and termination.
Department of Pharmaceutics COPS, DSU HIPAA 22
23. • Entities must show appropriate ongoing training for
handling PHI.
• Covered entities must back up their data and have
disaster recovery procedures.
• Internal audits are required to review operations
with the goal of identifying security violations.
• Procedures should document instructions for
addressing and responding to security breaches
Department of Pharmaceutics COPS, DSU HIPAA 23
24. Physical safeguards
• Control physical access to protected data.
• Control the introduction and removal of
hardware and software from the network and
make it limited to authorized individuals.
• Access to equipment containing health
information must be controlled and monitored.
• Require proper workstation use, and keep
monitor screens out of not direct public view.
• If the covered entities utilize contractors or
agents, they too must be thoroughly trained on
PHI.
Department of Pharmaceutics COPS, DSU HIPAA
24
25. Technical Safeguards
• HIPAA covered entities such as providers completing
electronic transactions, healthcare clearinghouses,
and large health plans must use only the National
Provider Identifier (NPI) to identify covered
healthcare providers in standard transactions.
• The NPI replaces all other identifiers used by health
plans, Medicare, Medicaid, and other government
programs.
• The NPI does not replace a provider's DEA number,
state license number, or tax identification number.
Department of Pharmaceutics COPS, DSU HIPAA 25
26. • The NPI is 10 digits (may be alphanumeric), with the
last digit a checksum. The NPI cannot contain any
embedded intelligence;
• the NPI is a number that does not itself have any
additional meaning.
• NPI is unique and national, never re-used, and except
for institutions, a provider usually can have only one.
• An institution may obtain multiple NPIs for different
"sub-parts" such as a free-standing surgery or wound
care center.
26Department of Pharmaceutics COPS, DSU HIPAA
27. Unique Identifiers Rule (National
Provider Identifier, NPI)
• HIPAA covered entities such as providers completing
electronic transactions, healthcare clearinghouses, and
large health plans must use only the National Provider
Identifier (NPI) to identify covered healthcare providers
in standard transactions.
• The NPI replaces all other identifiers used by health
plans, Medicare, Medicaid, and other government
programs. The NPI does not replace a provider's DEA
number, state license number, or tax identification
number.
27Department of Pharmaceutics COPS, DSU HIPAA
28. Enforcement Rule
• The Enforcement Rule sets civil financial money
penalties for violating HIPAA rules.
• It establishes procedures for investigations and
hearings for HIPAA violations.
• The US Dept. of Health and Human Resources has
investigated over 20,000 cases resolved by requiring
changes in privacy practice or by corrective action.
• If noncompliance is determined, entities must apply
corrective measures.
• Complaints have been investigated against pharmacy
chains, major health care centers, insurance groups,
hospital chains, and small providers.
Department of Pharmaceutics COPS, DSU HIPAA
28
29. According to the HHS, the following issues have been reported
according to frequency:
• Misuse and disclosures of PHI
• No protection in place for health information
• Patient unable to access their health information
• Using or disclosing more than the minimum necessary
protected health information
• No safeguards of electronic protected health information
• The most common entities required to take corrective
action according to HHS are listed below by frequency:
• Private Practices
• Hospitals
• Outpatient Facilities
• Group insurance plans
• Pharmacies
29Department of Pharmaceutics COPS, DSU HIPAA
30. Title III: Tax-related health provisions
governing medical savings accounts
• Standardizes the amount that may be saved per
person in a pre-tax medical savings account.
• Makes medical savings accounts available to
employees covered under an employer-sponsored
high deductible plan for a small employer and self-
employed individuals
30Department of Pharmaceutics COPS, DSU HIPAA
31. Title IV: Application and enforcement of
group health insurance requirements
• Title IV specifies conditions for group health plans
regarding coverage of persons with pre-existing
conditions and modifies continuation of coverage
requirements. It clarifies continuation coverage
requirements and includes COBRA clarification.
31Department of Pharmaceutics COPS, DSU HIPAA
32. Title V: Revenue offset governing tax
deductions for employers
• Provisions for company-owned life insurance for
employers providing company-owned life insurance
premiums, prohibiting the tax-deduction of interest
on life insurance loans, company endowments, or
contracts related to the company.
• Repeals the financial institution rule to interest
allocation rules.
32Department of Pharmaceutics COPS, DSU HIPAA
33. • Amends provisions of law relating to people who give
up United States citizenship or permanent residence,
expanding the expatriation tax to be assessed against
those deemed to be giving up their US status for tax
reasons
• Makes ex-citizens' names part of the public record
through the creation of the Quarterly Publication of
Individuals Who Have Chosen to Expatriate.
Department of Pharmaceutics COPS, DSU HIPAA 33
34. Clinical Significance of HIPAA
• HIPAA Privacy and Security Rules have
substantially changed the way medical
institutions and health providers function. The
complex legalities and severe civil and financial
penalties, as well as the increase in paperwork
and implementation costs, have substantially
impacted health care. All health professional
must be trained in HIPAA and have an
understanding of the potential pitfalls and acts
that can lead to a violation.
34Department of Pharmaceutics COPS, DSU HIPAA
35. Clinical Care Effects
• HIPAA, combined with stiff penalties for violation, may
result in medical centers and practices withholding life-
saving information from those who may have a right to
it and need it at a crucial moment. Through the HIPAA
Privacy Rule, the US Government Accountability Office
found that health care providers were "uncertain about
their legal privacy responsibilities and often responded
with an overly guarded approach to disclosing
information. Ultimately, the solution is the education
of all healthcare professionals and their support staff
so that they have a full appreciation of when protected
health information can be legally released.
Department of Pharmaceutics COPS, DSU HIPAA 35
36. Education and Training Effects
• Education and training of healthcare providers and
students are needed to implement HIPAA Privacy and
Security Acts. Effective training and education must
describe the regulatory background and purpose of
HIPAA and provide a review of the principles and key
provisions of the Privacy Rule
Department of Pharmaceutics COPS, DSU HIPAA 36
37. Research Effects
• HIPAA restrictions on research have affected the
ability to perform chart-based retrospective
research. This has made it challenging to evaluate
patients prospectively for follow-up.
• HIPAA Privacy rules have resulted in as much as a
95% drop in follow-up surveys completed by
patients being followed long-term.
• Recruitment of patients for cancer studies has led
to more than 70% decrease in patient accrual and
a tripling of time spent recruiting patients and
mean recruitment costs.
37Department of Pharmaceutics COPS, DSU HIPAA
38. • Significant legal language required for research
studies is now extensive due to the need to protect
participant's health information. While such
information is important, a lengthy legalistic section
may make these complex documents less user-
friendly for those who are asked to read and sign
them.
• Many researchers believe that the HIPAA privacy
laws have a negative impact on the cost and quality
of medical research
Department of Pharmaceutics COPS, DSU HIPAA 38
39. Costs
• The costs of developing and revamping systems and
practices and an increase in paperwork and staff
education time have impacted the finances of
medical centers and practices at a time when
insurance companies and Medicare reimbursements
have decreased.
• Ultimately, the cost of violating the statutes is so
substantial, that scarce resources must be devoted to
making sure an institution is compliant, and its
employees understand the statutory rules.
Department of Pharmaceutics COPS, DSU HIPAA
39
40. Funding organization
Department of Pharmaceutics COPS, DSU HIPAA 40
• Agency of Health care Research and Quality.
• Centre for Disease control and Prevention.
• Centre for Medi care and Medic aid Services
41. Violations of HIPAA
Civil
• For an individual who unknowingly violates HIPAA:
$100 fine per violation with annual maximum of
$25,000 for those who repeats violation. There is
also $50,000 per violation, and an annual maximum
of $1.5 million.
• For a violation that is due to reasonable cause and
not due to willful neglect: There is $1000 charge per
violation, an annual maximum of $100,000 for those
who repeatedly violates.
41Department of Pharmaceutics COPS, DSU HIPAA
42. • There is also $50,000 penalty per violation and an
annual maximum of $1.5 million.
• For HIPAA violation due to willful neglect, with
violation corrected within the required time period.
There is $10,000 penalty per violation, an annual
maximum of $250,000 for repeat violations. There is
$50,000 penalty per violation with an annual
maximum of $1.5 million.
• For HIPAA violation due to willful neglect and not
corrected. There is a penalty of $50,000 per
violation, an annual maximum of $1,000,000,
$50,000 per violation, and an annual maximum of
$1.5 million.
Department of Pharmaceutics COPS, DSU HIPAA 42
43. Criminal
• For entities that are covered and specified individuals
who obtain or disclose individually identifiable health
information willfully and knowingly: The penalty is up
to $50,000 and imprisonment up to 1 year.
• For offenses committed under false pretenses, the
penalty is up to $100,000 with imprisonment up to 5
years.
• For offenses committed with the intent to sell,
transfer, or use individually identifiable health
information for commercial advantage, personal gain
or malicious harm, the penalty is up to $250,000
with imprisonment up to 10 years.
43Department of Pharmaceutics COPS, DSU HIPAA
44. The US Department of Health and Human Services Office
for Civil Rights has received over 100,000 complaints of H
IPAA violations, many resulting in civil and criminal
prosecution.
• Examples of HIPAA violations and breaches include:
• Hospital staff disclosed HIV testing concerning a
patient in the waiting room, staff were required to take
regular HIPAA trainings, and computer monitors were
repositioned.
• Office manager accidentally faxed confidential medical
records to an employer rather than a urologists office,
resulting in a stern warning letter and a mandate for
regular HIPAA training for all employees.
• Surgeon fired after illegally accessing personal records
of celebrities, fined $2000 and 4 months in jail.
Department of Pharmaceutics COPS, DSU HIPAA 44