Chapter 7 Privacy Law and HIPAA



Chapter 7 Privacy Law and HIPAA

Teaching Strategies

• Ask students to describe their last encounter with the HIPAA regulations. Was it at their doctor’s office, the dentist or the pharmacy? Was HIPAA explained to them or was it a routine

“sign this form” encounter? Have any students not had an encounter with the HIPAA regulations when they should have, i.e., their family practitioner has not asked them to sign a HIPAA release?

• Have students give examples of where they have seen HIPAA violated recently, particularly

with regard to confidentiality of medical information. Listen carefully to their responses as

sometimes what the student thinks is a HIPAA violation is not a HIPAA violation.

• Invite a HIPAA compliance officer from a local medical practice and/or hospital to be a guest

speaker in the class.

• Have students research the updates to HIPAA by using the websites listed in the text.

Has anything changed?

• A patient arrives in the lobby and refuses to complete the sign in sheet, loudly stating that

sign in sheets are a violation of HIPAA. In another incident, a patient objects to having her

name called when it is her turn to see the physician. She says a clinic in a neighboring

city matches photographs of patients to the patients sitting in the waiting room, since

HIPAA prohibits calling out names where others can hear. Have students discuss how they are going to handle these particular situations.

• Use the two situations in the preceding bullet to begin a discussion of how a fear of HIPAA

violations and subsequent fines can lead to unsubstantiated rumors and fears. Ask students

what they can do to prevent “overkill” concerning compliance with the HIPAA privacy standard.

• The focus of HIPAA has been Standard 2 Privacy Rule. Discuss with the students the importance of the other 3 standards as part of doing the business of health.

• Have students collect privacy notices from various offices. See if there are any major differences.

• Ask students to prepare a short essay on “the importance of privacy in my life.” You will get a wide variety of responses to the topic.

Answers

Check Your Progress

1. Information collected and stored about individuals should be limited to what is necessary

to carry out the functions of the business or government agency collecting the information;

once collected, access to personal information should be limited to those employees who must use the information in performing their jobs; personal information cannot be released outside the organization collecting it unless authorization is obtained from the subject; when information is collected about a person, that person should know that the information is being collected and should have the opportunity to check the information for accuracy.

2. Health Insurance Portability and Accountability Act (HIPAA)

3. Under HIPAA, covered entities include health plans, health care clearinghouses, and all

health care providers that transmit HIPAA standard transactions electronically. Covered

transactions are electronic exchanges of information between two covered-entity business

partners using HIPAA-mandated transaction standards.

4. hospitals, long-term care facilities, clinics, physicians’ offices, health care plans, medical

laboratories, and so on.

5. physicians treating the same patient exchange medical records for the patient; a hospital forwards a patient’s medical information to an insurance company; a physician’s office forwards

a patient’s medical information to an insurance company; a physician sending patient identifiable information to a billing service; any health care provider employs another entity, such as a clearinghouse or billing agency, to send claims to payers or health plans

6. State preemption means that if a state’s privacy laws are stricter than HIPAA privacy standards and/or guarantee more patients’ rights, the state laws will take precedence.

7. Standard 1: Transactions and Code Sets—for uniformity in reporting

Standard 2: Privacy Rule—for protecting PHI during electronic transmission

Standard 3: Security Rule—for securing electronic storage and transmission against unauthorized intruders

Standard 4: National Identifier Standard—providers for uniform national identifiers for

the movement of electronic transactions. The four identifiers are: provider, health plan, employer, and individual.

8. Standard 2: Privacy Rule

9. Disclosure to authorized HHS representatives; disclosure to patient

10. Access to medical records and the right to copy them; Request for amendment to designated

record set; Request for an accounting of disclosures of PHI; Request to be contacted at an alternate location; Requests for further restrictions on who has access to PHI; Right to file a complaint.

Chapter 7 Ethics Guide

Discussion Questions

Ethical Issue #1

1. No, since Sharon’s husband has no legal or ethical reason to receive the information.

2. They should explain to family members and friends that it is illegal and unethical for them to release such information about patients.

Ethical Issue #2

1. You can explain that the privacy notice concerns the patient’s rights about release of his medical information, and ask him to take the notice with him. You should also note the refusal and your action in the chart.

Ethical Issue #3

1. Because of the possibility of unauthorized persons’ misuse of individuals’ medical information, and because such information is limited by law to those authorized to receive it.

2. Privacy for protected health information can never be completely guaranteed, because of the possibility of theft or human error.

3. The medical office records assistant has not acted ethically, behaving in a rude and inappropriate manner with the patient. Patients should be treated with respect at all times.

The physician has not acted ethically behaving in a rude and inappropriate manner with the patient. Patients should be treated with respect at all times.

The person requesting that the patient submit his request in writing has acted ethically. The person responsible for faxing a patient’s health information has not acted ethically. The mistake was probably not intentional, but checking and double-checking fax numbers before sending protected health information should be the rule.

Chapter 7 Review

Applying Knowledge

1. Health Insurance Portability and Accountability Act

2. U.S. Department of Health and Human Services (HHS)

3. Complaints are filed with HHS, through the Office for Civil Rights

4. Centers for Medicare and Medicaid Services

5. Covered entities are health care providers that transmit HIPAA standard transactions electronically and are people, businesses, or agencies that must comply with the HIPAA Standards and Privacy Rule.

6. An electronic transmission is the sending of information from one network-connected

computer to another. HIPAA addresses it because protected health information is often

transmitted electronically, and such transmissions must protect patient confidentiality.

7. to standardize and simplify the recording and transmission of health information

8. Standard 1—Transactions and Code Sets

9. Notice of Privacy Practices

10. all health records collected for a patient, including lab results, X-rays, notes, and so on

11. the law that most stridently protects patient privacy

12. to mandate protection of electronic networks and equipment from unauthorized intrusion

13. a

14. d

15. b

16. d

17. a

18. b

19. d

20. c

21. b

22. d

23. a

24. k

25. j

26. h

27. b

28. c

29. f

30. d

31. g

32. a

33. e

Case Studies

34. Give Mona a privacy notification form on which she can stipulate where she wants to

be notified, and who she authorizes to receive her health care messages.

35. Lewis can request a list of all those who have received his PHI, and his health care provider

should fulfill his request.36. No, the EMT cannot release this information—especially since the patient herself refused to

release the information—because to do so would violate the patient’s privacy.

37. No, they cannot release the information because to do so would violate the patient’s

privacy.

38. Answer depends upon the circumstances. If the child is a minor and if the information is

not about the teenager’s need for birth control or other sexual orientation health care, then the mother has the right to the information. However, if the child is not a minor and/or the information is pertinent to the daughter’s care because she (the daughter) is sexually active, then the mother is not entitled to the information. Most physicians try to cover themselves in such situations by making sure all the appropriate releases are in place when minors are accepted as patients.

Internet Activities

39. The web site inside.duke.edu is Duke University’s healthcare newsletter. Although the article on “Training the HIPAA” was written shortly after HIPAA became effective, it is a well organized website that will give the students an opportunity to see a lot of information in a concise manner.

40. Answers will vary.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download