Home » Employees » Educational Pieces » HIPAA TRAINING


HIPAA TRAINING

HIPAA TRAINING

HIPAA-Health Insurance Portability and Accountability Act

HIPAA: Privacy Compliance

The HIPAA Privacy Rules – finalized on August 14, 2002 – ensures that personal medical information you share with doctors, hospitals, and others who provide and pay for healthcare is protected. It is the first-ever comprehensive federal protection guideline for the privacy of health information.

Basically, the Privacy Rule does the following:

  • Imposes new restrictions on the use and disclosure of personal health information
  • Gives Patients greater access to their medical records, and
  • Gives patients greater protection of their medical records.

You can make sure you protect personal patient data by learning the basics of the final HIPAA Privacy Rule outlined in this handbook.

Who is covered by the HIPAA Privacy Rule?

You're covered by the HIPAA Privacy Rule – and termed a covered entity – if you are a:

  • Healthcare provider
  • Health Plan
  • Healthcare clearinghouse
  • Business associate who has access to patient records.
What is Protected Health Information (PHI)?

When a patient gives personal health information to a covered entity, that information becomes Protected Health Information – or PHI. It includes:

  • Any health information or patient information used or disclosed by a covered entity in any form-oral, recorded, on paper, or sent electronically, or:
  • Any personal health information that contains informationthat connects the patient to the information
  • Examples of information that might connect personal health information to the individual patient include:
    • The individual's name, address, diagnosis, or treatment
    • Social security or other identification numbers
    • Physician's personal notes, Billing information

What are the rules for the use and disclosure of Protected Health Information?

HIPAA's Privacy Rule is all about the use and disclosure of Protected Health Information or PHI. With few exceptions, PHI can't be used or disclosed by anyone unless it is permitted or required by the Privacy Rules.

PHI is used when:
  • Shared
  • Examined
  • Applied
  • Analyzed
PHI is disclosed when:
  • Released
  • Transferred
  • In any way accessed by anyone outside the covered entity.
You are permitted to use or disclose PHI:
  • For treatment, payment, and healthcare operations
  • With authorization or agreement from the individual patient
  • For disclosure to the individual patient
  • For incidental uses such as physicians talking to patients in a semi-private room.
You are required to release PHI for use and disclosure:
  • When requested or authorized by the individual – although some exceptions apply
  • When required by the Department of Health and Human Services for compliance or investigation.
When is authorization required?

But you are required to get a signed authorization from the patient if you use or disclose his or her Protected Health Information for purposes other than:

  • Treatment
  • Payment
  • Healthcare operations.
Generally, authorization is required to use PHI:
  • For use or disclosure of psychotherapy notes (except for treatment, payment, or healthcare operations)
  • For use and disclosure to third parties for marketing activities such as selling lists of clients. However, covered entities can communicate freely with patients about treatment options and health-related information.
What is included in an authorization form?

Each authorization form only covers the use/disclosure outlined in that form. The form must contain:

  • A description of the PHI to be used/disclosed, in clear language.
  • Who will use/disclose PHI, and for what purpose
  • Whether or not it will result in financial gain for the covered entity
  • The patient's right to revoke the authorization
  • A signature of the patient whose records are used/disclosed, and a date of signing.
  • An expiration date.
When is authorization not required?
  • PHI can be used/disclosed without authorization, but with
  • patient agreement, for the following reasons:
  • To inform family members or other identified persons involved in the patient's care, or notify them on patient location, condition or death
  • To inform appropriate agencies during disaster relief.
Other permitted uses/disclosures that do not require patient agreement include:
  • Public health activities related to disease prevention or control To report victims of abuse, neglect, or domestic violence.
  • Health oversight activities such as audits, legal investigations, licensure or for certain law enforcement purposes or government functions
  • For coroners, medical examiners, funeral directors, tissue/organ donations, or certain research purposes
  • To avert a serious threat to health and safety.
What is minimum necessary?

In general, use/disclosure of PHI is limited to the minimum amount of health information necessary to get the job done. That means:

  • Covered entities must develop policies and practices to make sure the least amount of health information is shared
  • Employees must be identified who regularly access PHI
  • The types of PHI needed and conditions for access.

The minimum necessary rules do not apply to use/disclosure of medical records for treatment, since healthcare providers need the entire record to provide quality care.

What is the Privacy Notice?

Patients have the right to adequate notice concerning the use/disclosure of their PHI on the first date of service, or as soon as possible after an emergency. And new notices must be issued when American Home Health Corporation's privacy practices change.

The Privacy Notice must:
  • Contain patient's rights and the covered entities' legal duties
  • Be made available to patients in print
  • Be displayed at the office, or posted on a web site if possible.

Once a patient has received notice of his or her rights, covered entities must make an effort to get written acknowledgement of receipt of notice from the patient, or document reasons why it was not obtained. And copies must be kept of all notices and acknowledgements.

What are the patient privacy rights?

The Privacy Rules grants patients new rights over their PHI. It's your job to make sure they can exercise their rights, including the following:

  • Receive Privacy Notice at time of first delivery of service
  • Restrict use and disclosure, although the covered entity is not required to agree
  • Have PHI communicated to them by alternate means and at alternate locations to protect confidentiality
  • Inspect, correct, and amend PHI and obtain copies, with some exceptions
  • Request a history of non-routine disclosures, and
  • Contact designated persons regarding any privacy concern or breach of privacy
What about the privacy rights of minors?

In general, parents have the right to access and control the PHI of their minor children-except when state law overrides parental control. Examples include:

  • HIV testing of minors without parental permission
  • Cases of abuse
  • When parents have agreed to give up control over their minor child.
What must American Home Health Corporation do to comply?
  • Allow patients to see and copy their PHI
  • Designate a full- or part-time privacy official responsible for implementing the program.
  • Designate a contact person responsible for receiving complaints.
  • Develop a Notice of Privacy Practices document.
  • Develop policies and safeguards to protect PHI and limit incidental use or disclosure.
  • Institute employee-training programs, so everyone knows
  • about the privacy policies and procedures for safeguarding PHI.
  • Institute a complaint process, and file and resolve formal complaints.
  • Make sure contracts with business associates comply with the Privacy Rule.
What happens to those who do not comply?

If you violate the Privacy Rules, HIPAA set civil and criminal penalties including:

  • A $100 civil penalty up to a maximum of $25,000 per year for each standard violated
  • A criminal penalty for knowingly disclosing PHI-a penalty that may escalate to a maximum of $250,000 for onspicuously bad offenses.

But if you unknowingly make a mistake, remember: the Department f Health and Human Services is mandated to give American Home Health Corporation advice and technical assistance to help work out our problems.

What can you do to protect patient's privacy and confidentiality?

HIPAA protects our fundamental right to privacy and confidentiality. That means HIPAA's Privacy Rules is everyone's business-from the CEO to the healthcare professional to the maintenance staff. To do your part:

  • Make sure you fully understand our privacy practices.
  • Protect your patients' personal health information.
  • Encourage others to do the same.

In review, it is our responsibility to ensure the privacy of our clients is protected. This means limiting our communication about our clients to only those who have a need to know. If you believe there has been a violation please call Janelle Fulfs to discuss the circumstances so appropriate actions can be taken, if any.

Summary of Notice of Privacy Practices

The following information is a summary of the NOTICE OF PRIVACY PRACTICES, which is attached, in full text. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE SUMMARY OF NOTICE OF PRIVACY PRACTICES The following information is a summary of the NOTICE OF PRIVACY PRACTICES, which is attached, in full text. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

We are required by law to maintain the privacy of your medical information. We must provide you with a copy of this notice. We must follow the terms of this notice. If the notice is changed in any material way, a revised notice will be available upon request.

  • We will use your medical information for Treatment. For example, a nurse who is providing your care will report any changes in your condition to your doctor.
  • We will use your medical information for Payment. For example, we may need to give your insurance plan information about your diagnosis, treatment and supplies used.
  • We will use your medical information for Health Care Operations. For example, we may use your medical information to evaluate our services.
  • We may contact you at any phone number or address you have provided to us to remind you of an appointment or other health care matters or to obtain payment for our services.
  • We may use your name and address for fund raising activities.
  • We may use and disclose your medical information to inform you of treatment alternatives or other health related benefits and services.
  • We may disclose your medical information to family members or others who are involved in your care or payment for that care.
  • If we have a patient directory, we will include information about you in that directory.

You must notify Janelle Fulfs in writing if you do not want us to communicate with you in any of these ways.

We may use your medical information for any uses that are required or permitted by law. Other uses and disclosures will be made only with your written authorization. You may cancel an authorization at any time by notifying Janelle Fulfs in writing. You have the following rights:

  • Right to privacy notice; Right to request restrictions on uses and disclosures of your medical information; Right to receive confidential communications; Right to inspect and copy your medical information;
  • Right to request an amendment to your medical information; and Right to an accounting of disclosures of your medical information.

If you feel that your privacy rights have been violated, please contact the individual listed at the end of this notice immediately or the U.S. Secretary of Health and Human Services. Contact Information. Our Designee, Janelle Fulfs, can be contacted at (630) 236-3501.

Clients Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REV IEW IT CAREFULLY.

Purpose of This Notice

This notice tells you about how we use and disclose your medical information. It tells you about your rights and our responsibilities to protect the privacy of your medical information. It also tells you how to complain to us, or the government if you believe that we have violated any of your rights or any of our responsibilities.

  • We are required by law to maintain the privacy of your medical information. We must provide you with a copy of this notice and get your written acknowledgement of its receipt. We must follow the terms of this notice that are currently in effect.
  • We will tell you if we change this notice. A copy of the revised notice will be available upon request or posted at our location or on our website.
  • We may change our practices and those changes may apply to medical information we already have about you as well as any new information.
  • This notice will be given to you on the date that you first receive medical products or treatment from American Home Health Corporation.
  • In an emergency, we will give you the notice as soon as possible after the emergency treatment has been given.
How We Use or Disclose Your Medical Information For Treatment

We will use medical information about you to provide you with treatment and services. We may share this information with members of our healthcare staff or with others involved in your care such as doctors, nurses, or health care facilities. For example, a nurse who is providing your care will report any changes in your condition to your doctor. We may also disclose your health information to a member of your family or other person who is involved in your care.

For Payment

We may use or disclose your medical information to bill and collect payment for the services we provided to you. For example, we may need to give your health insurance plan information about your diagnosis, treatment and supplies used. We may also contact your insurance plan to confirm your coverage or to request prior approval for a planned treatment or service.

Health Care Operations
  • We may use or disclose your medical information for operational purposes. For example, we may use your medical information to evaluate our services, including the performance of our staff in caring for you.
  • We may also use this information to learn how to continually improve the quality and effectiveness of the health care services that we provide to you. Your name and address may be used to send out patient satisfaction surveys. We may contact you either by telephone or by mail at your home or your office to remind you of an appointment that you have with us or any other matter related to the health care services we provide or payment for your health care services.
  • We may leave messages for you. If you want us to contact you in a certain way or at a certain location, see "Right to Receive Confidential Communications" in this notice. There are some services that are provided for us by our business associates such as accountants, consultants and attorneys. Whenever we share information with our business associates we will have a written contract with them that requires that they protect the privacy of your medical information.
Other Use and Disclosures of Your Medical Information

Fund-raising –Your name and address and the dates you received treatment or services may be added to a mailing list of patients in order to invite you to a fund-raising event or to send you a newsletter. If you do not want to receive these communications, please notify Janelle Fulfs in writing.

Treatment Alternatives – We may use and disclose medical information about you to contact you about other health care treatment that is available to you. If you do not want to receive these communications, please notify Janelle Fulfs in writing.

Health Related Benefits and Services – We may use and disclose medical information about you to contact you about other health care benefits or services that may interest you. If you do not want to receive these communications, please notify Janelle Fulfs in writing.

Individuals Involved in Your Care – We may disclose medical information about you to a family member, other relative, close friend or any other person identified by you if they are involved in your care or payments related to your care. We may also use or disclose medical information about you to notify those persons of your location, general condition or death. If there is a family member, other relative or close friend to whom you do not want us to disclose medical information about you, please notify Janelle Fulfs in writing.

Use or Disclosures That Are Required or Permitted by Law

Disaster Relief – We may use or disclose medical information about you assist in disaster relief efforts. This will be done to notify family members or others of your location, general condition or death in the event of a natural or man-made disaster.

Required by Law – We may use or disclose medical information about you when we are required to do so by law.

Communicable Diseases – We may disclose your medical information to a person who may have been exposed to an infectious disease or who is at risk of spreading the disease or condition.

Public Health Activities – We may disclose medical information about you for public health activities to prevent or control disease.

Victims of Abuse, Neglect or Domestic Violence – We may disclose medical information about you to a government agency if we believe you are the victim of abuse, neglect or domestic violence.

Health Oversight Activities – We may disclose medical information about you to a health oversight agency.

Food and Drug Administration – We may disclose medical information about you to monitor drugs or devices controlled by the Food and Drug Administration.

Legal Activities – We may disclose medical information about you in response to a court proceeding. We may also disclose medical information about you in response to a subpoena or other legal process.

Disclosures for Law Enforcement Purposes – We may disclose information about you to law enforcement officials for law enforcement purposes:

  • As required by law.
  • In response to a court order or other legal proceeding.
  • To identify or locate a suspect, fugitive, material witness or missing person.
  • When information is requested about an actual or suspected victim of a crime.
  • To report a death as a result of possible criminal conduct.
  • About crimes that occur on our premises.
  • To report a crime in emergency circumstances.

Funeral Directors, Coroners and Medical Examiners – We may disclose medical information about you as necessary to allow these individuals to carry out their responsibilities.

Organ Donation – We may disclose medical information about you to organ procurement organizations if you are an organ donor.

Workers' Compensation – We may disclose medical information about you to comply with workers' compensation laws that provide benefits for work-related injuries or illnesses.

Public Health or Safety – We may use or disclose medical information about you if we believe it is necessary to prevent a threat to the health or safety of a person or the general public.

Military – If you are a member of the Armed Forces, we may use and disclose medical information about you to your military command.

National Security and Intelligence – We may disclose medical information about you to authorized federal officials for national security and intelligence activities.

Security Clearance – We may use medical information about you for a required security clearance.

Inmates – We may disclose medical information about you to a correctional institution or law enforcement official who has custody of you.

Research – We may disclose your medical information to researchers under certain limited circumstances.

Uses or Disclosures That Require Your Authorization

Other uses and disclosures will be made only with your written authorization. You may cancel an authorization at any time by notifying Janelle Fulfs in writing of your desire to cancel it. If you cancel an authorization it will not have any affect on information that we have already disclosed. Examples of uses or disclosures that may require your written authorization include the following:

  • A request to provide certain medical information to a drug company for marketing purposes.
  • A request to provide your medical information to an attorney
  • for use in a civil law suit.

Your Rights

The information contained in your health or medical record is the physical property of American Home Health Corporation. The information in it belongs to you. You have the following rights:

Right to Request Restrictions – You have the right to ask us not to use or disclose your medical information for a particular reason related to treatment, payment or our operations. You may ask that family members or other individuals not be informed of specific medical information. That request must be made in writing to Janelle Fulfs. We do not have to agree to your request. If we agree to your request, we must keep the agreement, except in the case of a medical emergency. Either you or American Home Health Corporation can stop a restriction at any time.

Right to Receive Confidential Communications – You have the right to ask that we communicate with you in a certain manner or at a certain place.

If you want to request confidential communications the request must be made in writing to Janelle Fulfs. We must agree to your request if it is reasonable.

Right to Inspect and Copy Your Medical Information – You have the right to request to inspect and obtain a copy of your medical information. You must submit your request in writing to Janelle Fulfs. If you request a copy of the information or that we provide you with a summary of the information we may charge a fee for the costs of copying, summarizing and/or mailing it to you.

If we agree to your request we will tell you. We may deny your request under certain limited circumstances. If your request is denied, we will let you know in writing and you may be able to request a review of our denial.

Right to Request Amendments to Your Medical Information – You have the right to request that we correct your medical information. If you believe that any medical information in your record is incorrect or that important information is missing, you must submit your request for an amendment in writing to Janelle Fulfs. We do not have to agree to your request. If we deny your request we will tell you why. You have the right to submit a statement disagreeing with our decision. We may deny your request if we determine that the information:

  • Was not created by us
  • Is not part of the medical information that we maintain
  • Is in records that you are not allowed to inspect and copy
  • Is already accurate or complete

Right To An Accounting of Disclosures of Health Information – You have the right to find out what disclosures of your medical information have been made. The list of disclosures is called an accounting. The accounting may be for up to six (6) years prior to the date on which you request the accounting, but cannot include disclosures before April 14, 2003. We are not required to include disclosures for treatment, payment or healthcare operations or certain other exceptions. Requests for an accounting of disclosures must be submitted in writing to Janelle Fulfs.

You are entitled to one free accounting in any twelve (12) month period. We may charge you for the cost of providing additional accountings. We will notify you in advance is there will be a charge.

Right To Obtain a Copy of the Notice – You have the right to request and get a paper copy of this notice and any revisions we make to the notice at any time.

Complaints

You have the right to complain to us and to the United States Secretary of Health and Human Services if you believe we have violated your privacy rights. There is no risk in filing a complaint.

To file a complaint with us, contact by phone or by mail:
Our Designee: Janelle Fulfs, Vice President
1660 North Farnsworth Avenue, Suite 3
Aurora, IL 60505
(630) 236-3501 - Phone

To file a complaint with the United States Secretary of Health and Human Services send your complaint to:

Office of Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, SW
Washington, D.C. 20201

Questions and Information

If you have any questions or want more information about this Notice of Privacy Practices, please contact:

Janelle Fulfs
1660 North Farnsworth Avenue, Suite 3
Aurora, IL 60505

By phone with questions or with written requests for information as defined under the Your Rights section of this notice. Complaints or questions may be made by phone or in writing.




Home » Employees » Educational Pieces » HIPAA TRAINING