hipaa & you
DESCRIPTION
HIPAA & YOU. A practical guide to privacy and security for MTs. Theresa Leppert, RHIT. Who is Theresa Leppert, RHIT, LMT and why is she presenting on the topic of HIPAA?. Theresa Leppert, RHIT, LMT. HIPAA – Health Insurance Portability & Accountability Act. - PowerPoint PPT PresentationTRANSCRIPT
1
HIPAA & YOUA practical guide to privacy and security for
MTs.Theresa Leppert, RHIT
2
Theresa Leppert, RHIT, LMT
• Who is Theresa Leppert, RHIT, LMT and why is she presenting on the topic of HIPAA?
3
Vocabulary/abbreviations
• HIPAA – Health Insurance Portability & Accountability Act.
• PHI – Protected Health Information• CE – Covered Entity• BA – Business Associate• ARRA – American Recovery and Reinvestment Act • HITECH – Health Information Technology for Economic
& Clinical Health
4
• I know what HIPAA is already, okay….• <Scratches head> but what the heck is ARRA and/or HITECH?
• American Recovery and Reinvestment Act (The Stimulus Plan)• Health Information Technology for Economic and Clinical Health Act HIPAA, ARRA,
HITECH
5ARRA/HITECH
• Under HITECH, physicians can qualify for up to $44,000 in Medicare bonus incentives, and/or $65,000 in Medicaid bonus incentives if they demonstrate “meaningful use” of an Electronic Health Record.
• What is meaningful use?• So how does ARRA and/or HITECH affect me?• As a patient, that means in the near future (if not now), your
medical providers will have an electronic record on you.• As an MT…… Well, I am sure you have already seen changes
in our industry.
6
Medicare HITECH timeline
Year of Use
2011 2012 2013 2014 2015 2016 Totals
$$ Incentive
$18,000 $12,000 $8,000 $4,000 $2,000 $44,000
$18,000 $12,000 $8,000 $4,000 $2,000 $44,000
$15,000 $12,000 $8,000 $4,000 $39,000
$15,000 $8,000 $8,000 $31,000
ARRA/HITECH FAQs
7
Medicaid HITECH Timeline
Year
2011 $25,000
2012 $10,000 $25,000
2013 $10,000 $10,000 $25,000
2014 $10,000 $10,000 $10,000 $25,000
2015 $10,000 $10,000 $10,000 $10,000 $25,000 1%
2016 $10,000 $10,000 $10,000 $10,000 $25,000 2%
2017 $10,000 $10,000 $10,000 $10,000 3%
2018 $10,000 $10,000 $10,000
2019 $10,000 $10,000
2020 $10,000
Totals $65,000 $65,000 $65,000 $65,000 $65,000 $65,000
ARRA/HITECH FAQs
8
Who is eligible for HITECH Incentives?
• Hospitals• Skilled nursing facilities• Nursing facilities• Home health entities• Long term care facilities• Health care clinics• Community mental health centers• Renal dialysis Facilities• Blood Centers• Ambulatory Surgery Centers• Emergency medical svc providers
• Federally qualified health centers• Group practices• Pharmacies• Laboratories• Physicians (MD, DO, DDS,
DDM, DPM, OD, DC)• Practitioners (PA, NP, CNS,
CRNA, CNM, CSW, Psy, RD)• Indian Health Svc Providers• Rural Health Clinics• Therapists
ARRA/HITECH FAQs
9
Who is NOT eligible for HITECH incentives?
• Free clinics that do not bill Medicare or Medicaid• Physical therapists• Hospital-based physicians• Acupuncturists and other holistic providers• Any practice not eligible for Medicare or Medicaid
payments
10MTSO Owners
• I am the owner of an MTSO, what do I need to focus on? Well, best practices dictate:
• Confidentiality Agreement• Secure work area• Destruction of PHI• Email encryption• Voice files/Demog systems – passwords!
11
MTSO Owners – cont’d
• The MTSO should require assurance (contractually!) of the following for offsite computer security purposes:
• Work computer ONLY, password protected• Firewalls• Antivirus, Malware, and Operating System UTD• No gaming/music file-sharing programs• Repairs – remove PHI!• Contract terminations – Destruction Certification
12At-Home MTs
• I work at home, what do I need to focus on?• Secure location• Screen facing away• Password protected• Screen saver/Auto Logoff• Consider privacy screen• Shredder
WEDI-SNIP Security and Privacy Workgroup
13
At-Home MTs – cont’d
• Be ALERT to potential risks! The following can mitigate those risks….
• Shred anything that has PHI• Never leave PHI unattended• De-identify reports (i.e. sample rpts, QA rpts)• Encrypt Emails!• Don’t hold PHI any longer than needed• Restrict others from using your work PC
14
To Fax or not to Fax?
• Does anyone still fax? YES! How can I mitigate my risk?
• Only fax if absolutely necessary• Use a coversheet – and have a
disclosure statement on coversheet!• Double- and triple-check fax numbers
(Preprogram if possible!)• Retain coversheet and fax
confirmation for 1 year
15
What is considered a BREACH?
• Unintentional breach• Deliberate unauthorized access without PHI disclosure• Deliberate unauthorized disclosure or deliberate
tampering without personal gain• Deliberate unauthorized disclosure for personal gain
HIPAA Compliance for MTs
16Possible Penalties
17
We had a breach – now what?
• Depends on the level of the breach!• Unintentional• Contact recipient, ask to destroy the PHI• Document situation/said destruction• Notify privacy officer (if you have one.)
• Deliberate – all of the above, plus:• Institute disciplinary process, possible immediate
termination
18
How to make HIPAA fun
• (Yes, I said FUN!)• This website has some HIPAA Games that are great
training tools – I highly recommend these! (Choose Security and Privacy Challenge)• http://
www.healthit.gov/providers-professionals/privacy-security-training-games
19
So why is all this so important?
• Medical Identity Theft!• In 2013, medical-related identity theft accounted for 43%
of all ID thefts in the United States. • The US Dept. of HHS says since 2009, between 27.8
million and 67.7 million medical records have been breached.
20
Motives for MID theft
• Illegal or bogus treatment – fraudulent claims• Theft of medical services, from simple ER visits to
complex surgeries• To obtain prescription drugs
21
The price of M.I.D. Theft
• Ruined Credit• Loss of Healthcare Coverage• Inaccurate records that are difficult to correct.• Legal troubles
22
Signs of M.I.D. Theft
• A bill for medical services you didn’t receive• A call from a debt collector about a medical debt you
don’t owe• Medical collection notices on your credit report• A notice from your health plan about reaching benefit
limit• Denial of insurance because your records show a
condition you do not have
23QUESTIONS???
24Sources
• ARRA/HITECH FAQs - http://www.arrahitechsolutions.com/ARRA_HITECH_Act_FAQ_s.html#What_is_HITECH
• MT’s Checklist by WEDI-SNIP Security and Privacy Workgroup.• HIPAA Compliance for MTs - http://
support.mededocs.com/documents/HIPAA_Compliance_for_MTs.pdf • HIPAA Privacy and Security – AHDI online resources. http://
www.ahdionline.org/Resources/DocumentsandStandards/HIPAAPrivacyandSecurity/tabid/272/Default.aspx
• Economic Stimulus Act Expands HIPAA, funds Health Information Technology. http://www.ssd.com/files/Publication/18eaf3fa-2703-47f7-bcde-a1031986bcf4/Presentation/PublicationAttachment/84c34466-763f-4c83-b8de-a1dcea0d7041/Healthcare_Alert_Economic_Stimulus_Act_Expands_HIPAA_Funds_Health_Information_Technology_022009.pdf
• “Safeguarding PHI: Focus Points for Offsite Transcriptionists” Diane Hatch and Renee M. Priest, CMT.
25Sources – Cont’d
• “HIPAA for MTs” Version 1.0 from AAMT.org• Select Medical Frequently Asked Questions• 2014-2015 Select Medical HIPAA Awareness – Non-Workforce Edition• HealthIT.gov Security Training Games -
http://www.healthit.gov/providers-professionals/privacy-security-training-games
• “Medical Identity Theft” Consumer Information from FTC. http://www.consumer.ftc.gov/articles/0171-medical-identity-theft
• “The Rise of Medical Identity Theft In Healthcare” by Michael Ollove. http://www.kaiserhealthnews.org/stories/2014/february/07/rise-of-indentity-theft.aspx
• “Medical Identity Theft” by Coalition Against Insurance Fraud. http://www.insurancefraud.org/scam-alerts-medical-id-theft.htm