Alicia: The first slide that we’ve got is the CPT exam prep: What is HIPAA? HIPAA does go across the board and touches everybody in the medical field, whether you’re a clinician, whether you’re a coder, whether you’re a patient, whether you’re a secretary in the medical office, it really touches everybody.
What is HIPAA? Well, one way that you can recognize that somebody knows what they’re talking about when they’re talking about HIPAA is if they spell it HIPAA for the abbreviation versus HIPPA. And I had a student one time when we had done the study on HIPAA, then she gone to her doctor’s office and she said “All the plackets that they had throughout the office – which they had one like in front of every room where you’re going to see the doctor – every single door had that ‘We are HIPPA compliant’” and it was spelled HIPPA. And so, she let them know and it was one of those “ah!” moments, you know.
So, most of the times when you think about HIPAA, you think about privacy; and that is a big part of HIPAA, but it’s not the only thing that you need to know about HIPAA especially if you’re a coder. If you’re a patient and you’re concerned about your privacy, that’s when people in the lay community think about HIPAA, privacy is the main thing that they’re thinking about. But now that there’s advances in electronic technology, it’s not just privacy that they have to worry about, it’s transferring information from one entity to another, one facility to another. There are rules and regulations that go with that. Congress added a Federal privacy protection for individually identifiable health medical coding information which has its own little acronym. The Rule set national standards for protection of individual’s identifiable health information by three types of covered entities: health plans, and healthcare clearinghouses, and health care providers who conduct the standard health care transactions electronically.
Medical Coding Information | What is HIPAA? – Video
Now, when they did this, when they first started working at this in 2000 and then they made some changes in 2002 & 2003, and there’s still probably going to make changes in the future as technology increases and we’re able to do more and more with health records, we’ll see the HIPAA evolve and grow. Let me scroll down here…
As the healthcare community grows, as the need grows for privacy and secure documents, EHRs and stuff like that. So, HIPAA also has Administrative Simplification provision that requires HHS to adopt national standard for electronic health care transactions and code sets – that’s what we do, we work with code sets – unique health identifiers and security.
So, it is much bigger than just privacy, OK? I found this little cup: “I Heart [Love] Coding.” Anyway, this is the website that I was able to get most of that information, it’s much more detailed than what I’m giving you right now, but you may want to go, check that out. I found this picture and this looks exactly – was a little spooky, like the very first medical records department that I worked in. This was the back room where all the records were kept. There were no empty spaces; I think we had one that was empty. It was a small hospital in a resort area. And I looked at this and I looked twice and it brought back memories, this was almost 20 years ago.
Then I found another fantastic slide, this was though from 2012, and I’m sure it’s changed since then. Here we go: HIPAA Violations, Type of Breach & Number of Instances. Now, physical theft – that would be somebody physically taking a record or information, like just swiping it, I guess.
Unauthorized access and disclosure – now, this would be considered when somebody came in and a computer was left up and they went in and look at somebody’s documentation; or if they got somebody’s password, just plain hacking in. It’s only 16%, so it’s not as many as you think, but I think most facilities have a lot of protection. I know ours, if we weren’t typing; it’s like every 60 seconds. No, it wasn’t that fast but it would lock us out of the hospital.
Physical loss, 14% — the doctor took the record home to make notes because he was behind and he forgot it, something like that. Let’s see… other unknown it’s just 1%. Improper disposal – everything has to be shredded but there is a time limit on how long you have to keep medical records. Let’s say that they’ve got them, they used to put them on that file fiche [microfiche]– I think is what they called them. You know, like you got the library where you put it in the machine and then you scroll and it made you dizzy and you can move the little glass panel, everything was on that, and then now everything is put into a computer drive. But, what you do with all that paper? When you’re required to keep it for some many years – I can’t remember off the top of my head how long that is – but if it is not shredded properly or the storage facility that the hospital was paying to have all of those records stored if something improper happened there.
And combination, 9% — they did more than one type.
You know, I thought that was pretty interesting, HIPAA violations. And again this was like 2012, so it’s a few years back.
With upcoming HIPAA Audits becoming an undeniable short-term reality, no health care organization can afford to overlook HIPAA compliance. If where you’re working and you’re working in maybe a doctor’s office with one doctor or two doctors, if you don’t have a compliance plan that is involved with HIPAA and HIPAA is not something that you talk about on a pretty regular basis, it might want to be brought up. Even facilities are very proactive with HIPAA compliance.
The most recent major HIPAA violation by the University of California at Los Angeles Health System (UCLA) prompted a settlement of $865,000 for violating privacy laws by leaking celebrity medical data to the news media. Remember when princess over in England and she went to the hospital and the whole brouhaha that happened when some radio situation called in and pretended to be the king and queen, and they gave out information. It was just a mess, and that is kind of like what that is. You know a star goes in and has their nose job and then they leaked out that they had a nose job, I guess might be one thing.
Anyway, I thought that was a cute little cartoon: “Ha Ha! This guy has a chronically itchy butt.” “Hilarious!” Anyway, we can code that by the way, can’t we?
Earlier this year – which again this was in 2012 that the site where I found this was at, so it is not… this happened back in 2012 not earlier this year – Cignet Health was the recipient of a $4.3 million fine for refusing patient access to the medical data. As seen in HIPAA Violations above, the greatest number of HIPAA violations occur in the form of physical theft, including paper records and portable electronic devices.
We all are using these. When I was in the medical records department, way back when, you would never see anybody with a laptop come in and be working on medical records, and now everybody’s got a laptop that they’re walking around with. Anyway, I thought that was funny that she’s on the floor, she can’t find the table. And again, there’s the website if you want to go find more information about that.
http://resource.onlinetech.com/2011-hipaa-violations-and-audits/
Get more information about Medical Coding Information | What is HIPAA?
Understanding Medical Billing and Coding – HITECH’s Impact on HIPAA
Covered Entities and Business Associates should be focusing on the true merits of HIPAA compliance, and that’s putting in place documented HIPAA information security and operational policies, procedures, and processes. I’ve worked with so many healthcare providers that lack the basic and fundamental documentation for HIPAA compliance, therefore it’s easy to see why non-compliance issues are still a major factor with HIPAA. I also hear healthcare companies express cost concerns about developing such documents, along with implementing risk assessment and security training initiatives, but with all the free and cost-effective tools available (some of them straight from hhs.gov!), there’s really no excuse for not being HIPAA compliant. Everyone needs to be ensuring the safety and security of PHI, it’s really that simple.