| 1. |
What is HIPAA? |
| A. |
It is an acronym for the Health Insurance Portability and Accountability Act of 1996. |
| 2. |
When did this take affect? |
| A. |
The enactment was in August 1996 and compliance dates were set after rounds of public comment. For our purposes all covered entities had to comply with the HIPAA rules by April 14, 2004. |
| 3. |
HIPAA Act? |
| A. |
Title I: Health care insurance access, portability and renewability.
Title II: Preventing Healthcare fraud and abuse; Administrative simplification; Medical liability reform. |
| |
|
| Why does Focus and its employees need to worry about HIPAA? |
| The Act covers Health Plans, Providers of health care service and Health Care Clearinghouses. We as a company are covered by the clients we serve through the “business associates contract” we sign. |
| |
|
| Covered Entity |
| Who are the covered entities? |
 |
Health Plans. |
|
Healthcare Clearing Houses. |
|
Healthcare Providers. |
|
Medical Transcription Service Owner by virtue of a business associate. |
|
All business associates are covered under the Act because the services involve use and disclosure of Protected Health Information (PHI). |
| |
|
Protected Health Information (PHI) |
| |
What is a PHI?
PHI means any patient identifiable information regardless of the media form it is in, whether at rest or in transit. |
| |
| Guidelines for communication of PHI at Focus Infomatics Inc. |
|
Never discuss specific medical treatment with any employees inside or outside of Focus. |
|
Never allow access to patient information to people other than the individual authorized by the patient. |
|
Patient information must be stored and maintained in a safe and secure manner (ex. password protected computer systems, secured business site.) |
| |
|
| Email: |
|
Always disclose the Protected Health Information in a password protected zip file. |
|
Ensure that the email is being sent to recipient address corresponds to the intended recipient. |
|
Password for the zip file must never be sent via email and must be communicated only via phone. |
| |
|
Ensure that an Email Notice is present at the end of email as follows: “Privileged and Confidential: The information in this e-mail message may contain confidential health information that is privileged and legally protected from disclosure by federal law, the Health Insurance Portability and Accountability Act (HIPAA). This information is intended only for the personal and confidential use of the intended recipient(s). If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.” |
| |
|
| Fax: |
|
Ensure that the fax is being sent to recipient fax number corresponds to the intended recipient. |
|
Ensure that the Fax Cover sheet has a notice as follows: |
| |
|
| “The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message an deleting it from your computer or destroy if printed” |
| |
|
Printed Copies or Printed Fax with PHI: |
| |
| » |
The printed copy or print fax with PHI should be handled carefully by storing it in the drawer’s if needed to be stored for further reference else it should be stored in a safe box which will need to be shredded. |
| » |
Printed copies or printed faxes with PHI should not be kept at any places where anyone has easy access to it, for e.g.: your desk or on the printer or fax machine. |
| » |
Always ensure to store the printed copies or printed faxes with PHI in the drawer’s before leaving the office. |
|
| |
|
Phone:
Always try to disclose minimum necessary information about the PHI (Protected Health Information) over the phone. Also try and refer to the job number or the MR number or account number to refer to the PHI and not directly refer to the patients name, address etc whenever possible. |
| |
|
| Business Associate and Business Associate Agreement |
| |
|
| Business Associate: |
A person who, on behalf of the covered entity, performs or assist the in the performance of a function or activity involving the use or disclosure of PHI (Does include members of the covered entity's workforce) Example include legal, medical transcription, actuarial, accounting, consulting and auditing firms.
A covered entity can permit a business associate to create, receive, maintain or transmit electronic PHI on the covered entity's behalf only if the covered entity obtains satisfactory assurance that the business associate will appropriately safeguard the information. |
| |
|
| HIPAA Privacy Rule |
|
A rule that creates national standards to protect people’s personal health information. This rule also gives patients increased access to their medical records. |
|
Privacy is defined as having policies and procedures in place to control access to protected information. |
| |
|
What do we need to do as employees to protect the privacy and confidentiality of PHI?
As a business associate, Focus employees should read the business associates contract for each facility for which they are assigned. They should understand the privacy and security measures for that client before they “go live” with that client. |
| |
|
Focus Infomatics Inc - Security Policy
Focus Infomatics Inc has a written Security policy. It covers |
|
Security Mission and Objectives |
|
The Security Policy |
| |
| » |
Minimum Standards |
| » |
Transcription Platform Security and Password Policy |
| » |
Data safety and Security Guidelines |
| » |
Procedure for Dissemination of company data security policy |
|
|
Security Implementation |
|
HIPAA Compliance Worksheet. |
| |
|
|
If I have questions or need additional information what resources can I use? |
| |
| » |
Department of Health and Human Services www.hhs.gov |
| » |
Office of Civil Rights www.hhs.gov/ocr/hipaa |
| » |
Centers for Medicare & Medicaid Services www.cms.hhs.gov/hipaa |
|
| |
|
