1 / 24

Introduction to Confidentiality & HIPAA

Introduction to Confidentiality & HIPAA . For Florida KidCare Community Partners September 2009. Confidentiality and the Florida KidCare Community Partner.

kata
Download Presentation

Introduction to Confidentiality & HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Confidentiality & HIPAA For Florida KidCare Community Partners September 2009

  2. Confidentiality and the Florida KidCare Community Partner As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they share with you confidential and safe. HIPAA

  3. What is HIPAA? HIPAA, the Health Insurance Portability and Accountability Act,was finalized August 2002. This act was created to ensure comprehensive health insurance privacy and security regulations. HIPAA

  4. HIPAA Roles HIPAA requires that privacy and security be built into the policies and practices of healthcare providers and health plans. HIPAA sets standards for the electronic transmission of patient health, administrative, and financial information. HIPAA

  5. HIPAA Policies and Practices and Florida KidCare HIPAA sets limits on the type of information permitted for disclosure. Thus Florida KidCare requires a properly completed Florida Healthy Kids Release of Information (ROI) form be on file prior to the release of any account related personal health information (PHI) to third party entities. HIPAA

  6. Release of Information (ROI) • Florida KidCare uses the ROI form to determine who is authorized to access account information. • A ROI form should be voluntarily completed by the applicant parent or guardian. • One ROI must be properly completed and on file for each enrollee (child) prior to disclosure. Making sure to initial where indicated. • ROI form is available in English, Spanish and Creole.

  7. HIPAA Policies and Practices and Florida KidCare (Cont.) Within limits, HIPAA allows for the free flow of PHI for treatment, payment and health care operations. This is why the ROI is so important. HIPAA

  8. PRIVACY All Florida KidCare applicants or enrollees have the right to privacy and to keep information about themselves from being disclosed. Florida KidCare uses the ROI form to determine who is authorized to access account information. HIPAA

  9. Levels of Disclosure Florida KidCare staff are limited to the type of information they are allowed to disclose to third parties. Such as: Full disclosure – All account information provided Minimum disclosure – Information needed to resolve a family’s concerns is provided Limited disclosure – Confirmation of coverage, and Dates of coverage, and Name of child’s health & dental plan, Amount of premium being paid are provided No disclosure - No information is provided without a completed ROI on file. HIPAA

  10. Contracted Community Partners Account Access With the successful completion of the HIPAA training, contracted Florida Healthy Kids Corporation community partners assisting families apply for Florida KidCare may be given “minimum disclosure” to family account information without a ROI.

  11. HIPAA & Non-Applicant Parents Under new legislation a non-applicant parent can have limited disclosure to Florida KidCare account information. In other words, a non-applicant parent can contact Florida KidCare (with the child’s information such as DOB and SSN) and are able to receive the following types of account information without a ROI on file: • Confirmation of coverage • Dates of coverage • Name of child’s health & dental plan • Amount of premium being paid HIPAA

  12. Examples of PHI Name Address Phone Number Social Security Number Date of Birth Premium Payment • Relatives • E-mail Address • Health/Dental Plan # • Employer • Account Number HIPAA

  13. Notices Patients seeking treatment from a health care provider must get a “Notice of Privacy Practices” from their provider. Florida KidCare sends out a notice of privacy practices to all new enrollees and every 3 years to current enrollees. HIPAA

  14. Safeguards, Staff Training and Compliance Covered healthcare organizations must have appropriate technical and administrative safeguards in place to protect patient information such as: All community partners assisting families apply for Florida KidCare must receive HIPAA training and successfully pass the Florida KidCare HIPAA compliance test. HIPAA

  15. Safeguards, Staff Training & Compliance (Cont.) Every covered healthcare organization must have a HIPAA Compliance Officer. Merrio Tornillo acts as the HIPAA officer for FHKC, you can reach her at (850) 701-6167. HIPAA

  16. Security To ensure an applicant or enrollee’s privacy, certain security safeguards must be in place to: Protect information from accidental or intentional disclosure to unauthorized persons, and Protect information from alteration, destruction, or loss. HIPAA

  17. Complaints Who Do I Contact When An Applicant or Enrollee’s Rights Are Violated? Contact the HIPAA Compliance Officer of the organization that violated the privacy regulation. File a federal complaint to the United States Department of Health and Human Services Office of Civil Rights. HIPAA

  18. Unauthorized Disclosure of Protected Health information Community partners who fail to comply with HIPAA policies and proceduresrisk the discontinuation of their FHKC contract. HIPAA

  19. Penalties for HIPAA Non-Compliance HIPAA calls for severe civil and criminal penalties for non-compliance, including: Fines up to $25,000 for multiple violations of the same types of information in a calendar year Fines up to $250,000 and/or imprisonment up to 10 years for knowingly misusing individually identifiable health information HIPAA

  20. Why Must You Comply with HIPAA? You must comply with HIPAA because as a community partner you may receive PHI electronically such as: Florida KidCare eligibility determinations Florida KidCare premium amounts Florida KidCare enrollment information HIPAA

  21. What HIPAA Means For You as a Community Partner To maintain HIPAA security you must: Prevent unauthorized access and disclosure Prevent loss of information Secure electronic information Secure paper records Overheard Conversations Be careful what you discuss among staff both inside and outside of the office HIPAA

  22. What HIPAA Means For You as a Community Partner Information Left in Public View All paper files must be collected and stored or shredded every day To prevent unauthorized disclosures Florida KidCare staff will: Always check the credentials of a requester Always check a client’s authorization Report incidents to your organization’s HIPAA Compliance Officer HIPAA

  23. E-mail Encryption Use encryption when sending an e-mail with PHI. Check with your IT Department on how to encrypt your correspondence. Do not copy others on an e-mail with PHI without written consent from the client HIPAA

  24. Additional Information For additional information about HIPAA visit the U.S. Department of Health and Human Services at: http://www.hhs.gov/ocr/privacy/index.html HIPAA

More Related