Thread: HIPAA Compliance 45 CFR 164
08-29-2002, 10:25 PM #1
HIPAA Compliance 45 CFR 164
Are you HIPAA compliant. Deadline for submission of complaince plan is Oct 15, 2002. Any healthcare provider who collects or stores patient health information in electronic form is subject to compliance. What are you doing to ensure your in compliance?
09-14-2002, 09:19 AM #2
- Join Date
- Sep 2001
- Xenia, Ohio
We are not yet compliant, but I have begun the process of training our employees and collecting sample policies from other agencies. We are a Fire based EMS agency. If anyone has a plan or policy they could share I would greatly appreciate it. I can be contacted off list at firstname.lastname@example.org . Alot of folks have a blank stare when you mention HIPAA in this area.
Jason Kinley, Lieutenant/Paramedic
Xenia Fire Division
09-19-2002, 03:29 PM #3
This is going to be a huge problem for most EMS services, esp. small and midsize fire based services. Few people seem to be aware of the profound changes required to conform to the new requirements and to avoid civil and criminal penalties for HIPPA privacy violations. I'm sure this will change after the implementation for small organization next year.
Heres a basic overview, as I understand it.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Cover personally identifiable information including electronic, paper, and oral communication formats.
Implementation date is April 14, 2003 for everyone other than large organizations. Large organizations deadline has been extended.
Patients will have greater control over thier private health care infomation.
1) Privacy Rights:
Providers must clearly, in writting, inform patient of the allowable uses and disclosures of thier personl information. Patient will have to be informed of their rights to see, to amend, and to receive an accounting of who has viewed their record.
2) Patient Consent
Provider must make a good faith effort to obtain written acknowledgement from pt about the providers privacy policies, but the patient must be treated even if this acknowledgement is refused. This is differnet than consent for treatment.
3) Patient Authorization
Patient authorizes you to disclose specific personally identifiable information for a specific purpose that expires at a specific time.
This includes nonclinincal paymnet/reimbursement issues. Even calling to verfy insurance falls into this category. Again, you can't withhold treatment if the patient refuses.
4)Minimun Disclosure Standard
You must limit use(including access), disclosure and request for health information to the minimun necessary. If you only need a phone number that is all the access you give. (remember the patient has a right to an accounting of who and why their record has been accessed)
Minimun disclosure standard doesn't apply to health care providers for treatment purposes. For example, you will have access to pt records from nursing homes etc for care during treatment/transports.
Compliance date is April 14, 2003 when penalites become effective. Civil penalties start at $100 per violation, up to $25,000 per person per year for each HIPAA violation
*) Up to $50,000 fine per person, per year, plus 1 year in jail for knowlingly violating patient privacy.
*)Up to $100,000 fine, plus up to 5 years in jail for obtaining health information under false pretenses.
*)Up to $250,000 fine, plus up to 10 years in jail for obtaining or disclosing protected health information with the intent to sell it.
You can't be sued at present as no private right for redress has been authorized at present, however enforcement will be throught the Department of Health and Human Services Office of Civil Rights.
Be sure the software you will be using is HIPAA complient. Ask the vendor, and if not, have they filed a compliance plan. Oct 15 is the deadline.
Hope this helps.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)