15 terms

Radiology - HIPAA

What does HIPAA stand for?
Heath Insurance Portability and Accountability Act
Purpose of HIPAA
affects the entire healthcare industry. Includes rules that are meant to: make the management of healthcare information easier, protect the privacy of patients' health information, protect the security of patients' health information, help people obtain/maintain health insurance benefits when they change jobs
Benefits of HIPAA to patient
an understanding of how their PHI may be used by the facility; ability to approve who may use or disclose their PHI; a right to access and amend PHI
protected health information. Information related to any healthcare provided to a person. Includes demographic information that can be used to identify the patient. Information that can be used in some manner to identify the person
Benefits of HIPAA for hospital
enhance patient confidence and develop a positive public image; minimize potential for civil and/or criminal penalties and fines
Benefits of HIPAA for healthcare industry
establish minimum standards and requirements; allows facilities to continue to disclose PHI needed for certain activities
Consequences of failure to comply
-may be responsible for civil penalties and fines
- may be accused of criminal violations and can result in even larger penalties and fines and possible jail time
- may be excluded from participation in Medicare program
- may hurt reputation of hospital
HIPAA Violation Punishments
-fines up to $250,000 or 10 year jail sentence
-if you knowingly release info = may spend year in jail or pay $50,000 fine
- gain access to health information under false pretences = may serve 5 year sentence and pay $100,000 fine
a document that tells patients how their PHI may be used by the hospital and explains their rights
form signed by patient for the use and disclosure of specific PHI. Should be obtained for uses and disclosures that aren't related to treatment, payment, and healthcare operations. Not required for uses or disclosures required by law or for public heath purposes
privacy officer
responsible for developing and maintaining privacy related policies and procedures; provides training; oversees the privacy functions at the Hospital; ensures hospital must assign the privacy officer to handle complaints and respond to questions regarding notice
business associate
a person or organization that uses or receives PHI from the Hospital in order to perform or assist the Hospital with some activity or function (ie: independent contractors, consultants, lawyers, auditors, information system, billing companies)
April 14, 2003
privacy rules set the minimum standards that facilities must follow to protect patients' health information
Situations where signed authorization isn't required
-coroner may have report when patient dies
-patient is suspected victim of a crime
-upon court order
-police request regarding criminal investigation
-when caregiver suspects child abuse and reports it to police
-FDA requires report about medical devices
-communicable diseases must be reported to state health agencies
patient rights
-notice of privacy practices
-access their PHI
-request additional privacy protections
-request confidential communications
-accounting of the uses/disclosures of their PHI
-request amendment to their PHI