Post on 31-Mar-2015
HIPAA Training – Part I Health Insurance Portability and Accountability Act
THE LAW AND THE BASICS
Our Goals
•Define what HIPAA is.•Learn simple ways to protect information.•Learn how to continually develop procedures.•Learn how to continually give training.•Discuss the following 3 items:• Regulations and Glossary of Terms• Forms & Records• Policies & Procedures
HIPAA
The HIPAA Law
•Quite simple.•Gives a general policy outline.•Quite vague on procedures and specifics.•Up for interpretation.
HIPAA
The HIPAA Law
•Attorneys interpret it and give you a scary outlook.•Medical professionals who have researched the law give you a much more comfortable outlook.
HIPAA
The Basics
•Privacy•The more electronic the world gets, the easier it is to steal information.•Bank accounts•Credit cards
HIPAA
The Basics
Privacy Act•Telemarketers•Personal identity thieves•Lost identity•Electronic billing
HIPAA
The Government and Personal Information
•Freely talked about.•Freely passed around.•Freely entered and passed online.•Freely stolen.
HIPAA
The Government and Personal Information
•HIPAA Privacy Act was created in 1996 to protect patients’ rights•Enforcement began in 2003•Heavier enforcement in April 2005 when HIPAA Security came in to affect
HIPAA
Electronic Billing
45 daysvs.
28 days
HIPAA
Electronic Billing
•Insurance Companies•Coding
• Dentists are already using CDT-5.• Physicians are currently using ICD-10.
Electronic Billing
•Insurance Companies•Health Identification Numbers
• Used instead of Social Security Numbers.
HIPAA Law
•One more scary thing…•You have to pay the fines—not the doctor.•$250,000 and/or 10 years in federal prison
HIPAA
What Do You Have to Do to Protect Information and to Avoid the Fines?
• Understand and have answers to two basic questions.
• Continually have training.• Keep records.
HIPAA
The Two Questions…
• Do I have the patient’s permission?• What have I done to protect the patient’s
privacy?
HIPAA
Due Diligence
• Having an answer for each question.• You can’t be fined for doing due diligence.• They can have you change something,
but they can’t fine you.
HIPAA
Due Diligence
• Can I call a person by their name?• Can I leave information on a patient’s
voicemail or answering machine?• Can they sign in on the sign-in sheet?
Creating Diversion
• TV in the lobby.• Interesting magazines.• Good volume of music.
The Seriousness of the Law
Why Would Anybody Steal Chart Information?• Personal Identity Theft• Money
HIPAA
The Seriousness of the Law
Why is that important?• Unsupervised, outside service doing
business in this office• Cleaning Service• Repair Service• Charts
HIPAA
The Seriousness of the Law
Penalties• $250,000 with the intent to sell, transfer or use
information for commercial advantage, malicious harm or personal gain. (CA Law - $250,000), and/or
• 10 years in federal prison for personal and financial gain.• The doctor will be charged $100 per chart up to
$25,000. (CA law - $2,500)• Knowing and willful
– $100,000 and 5 years in prison. (CA law - $25,000)
The Seriousness of the Law
Penalties• If it is traced back to an employee causing the
breach, then the same fine applies to them.• If you are answering those two questions and
doing due diligence then you have nothing to worry about.
Protected Health Information (PHI)
PHI - Any information that can identify the patient’s health information• Name, Address, • DL#, SS#• Telephone numbers• FAX numbers• E-mails• Medical records numbers• Health plan beneficiary numbers• Account numbers• Certificate/ license numbers
Protected Health Information (PHI)
PHI - Any information that can identify the patient’s health information• Vehicle numbers• URLS• IP address• Finger, Voice, Teeth or Retina prints• Photographic Images
Securing the PHI
Secure Information• Charts• Appointment Books• Message Pads
Securing the PHI
Charts• HIPAA says that charts must be secured.• Close the office door after hours. Lock it. The
janitor doesn’t need to be in there.
Securing the PHI
Charts• Turn charts over and away
from viewing the PHI.
Securing the PHI
Appointment Books• Turn them over or close them after use.• Place them in a drawer after hours.
Securing the PHI
Message Pads/Sticky Pads• Cover them • Don’t plaster the sticky notes all over a
viewable wall.• Shred all information to be discarded.
Securing the PHI
Shredders• Shredding is mandatory.• Crosscut shredders are the best.• Can be done at the office. • Can be done by an outside service.
Securing the PHI
Shredder Trucks• Use a truck that shreds at your office• Don’t use one that takes your charts away and
says they will shred it at their site
How Long Do I Have To Keep Charts
• Seven years for adults• The Dental Association recommends 10
years.• 20 years for children.• If a minor leaves your practice before
they become an adult, then their childhood records need to be kept for 20 years after their last appointment.
How Long Do I Have To Keep Charts?
It is best to keep them at least
30 years, if not indefinitely.