Preparation for Child Psych PRITE and Boards
Revision as of 16:35, 28 February 2012 by Eugene Grudnikoff MD (Talk | contribs) (Privacy Rule)

Jump to: navigation, search

Introduction

Health Insurance Portability and Accountability Act of 1996 (HIPAA) deals with employees keeping their insurance coverage, national electronic healthcare standards. THe part generally relevant to doctors have to do with the Privacy and Security provisions of the HIPAA law.

Who is not bound by HIPAA

  • Covered entities include hospitals, insurance companies, and doctors are bound by the Privacy and Security rules of HIPAA.
  • Life insurance companies, employers, worker comp agencies, schools, and law enforcement are not covered entities.


Privacy Rule

  • regulates use and disclosure of protected health information (PHI) by covered entities. PHI includes any part of medical record or billing history.

Covered entities must disclose PHI

  • to the patient (upon written request, within 30 days), and
  • when required by law (child abuse, gun shot wounds, etc)

Covered entities may, but not required to, disclose PHI without written authorization for

  • billing and insurance coverage
    • this includes traditional billing, ED giving PHI to ambulance company or outside lab, so they can bill.
  • to the individual (a must with written authorization)
  • treatment
    • this includes releasing medical information to a specialist who will treat the pt. or to a nursing home, where pt. is being discharged.
  • psychotherapy notes is an important exception; written authorization is required for release of PHI to the individual or others.
  • covered entities may design their own process of written consent for disclosing PHI which does not normally require authorization under the Privacy Rule. Consent is not equivalent to written authorization which has specific Privacy Rule applications.
  • Entities must notify the patient about their disclosure practices (i.e. do they disclose PHI when permitted, without consent), and thus patients are asked to sign The Notice of Privacy Practices, and are given a HIPAA brochure.
  • Additional information about situations when covered entities may disclose PHI

Individuals have the right to request restrictions on how a covered entity will use and disclose protected health information about them for treatment, payment, and health care operations.

Main lesson

HIPAA does not require consent or authorization for a doctor to discuss the care of the patient with another doctor. However an institution may design its own consent procedure and require doctors to abide by it. In either case, patient must be notified how the institution handles the PHI via the Notice of Privacy Practices.





Security Rule

Security rule outlines the necessary safeguards in protecting electronic PHI.

References

(1) http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

Retrieved from "http://learnpsychiatry.org/w/index.php?title=HIPAA&oldid=2169"