- Articles

CPC Exam Prep — What is HIPAA?


Alicia: The first slide that we’ve got is
the CPT exam prep: What is HIPAA? HIPAA does go across the board and touches everybody
in the medical field, whether you’re a clinician, whether you’re a coder, whether you’re
a patient, whether you’re a secretary in the medical office, it really touches everybody. What is HIPAA? Well, one way that you can
recognize that somebody knows what they’re talking about when they’re talking about
HIPAA is if they spell it HIPAA for the abbreviation versus HIPPA. And I had a student one time
when we had done the study on HIPAA, then she gone to her doctor’s office and she
said “All the plackets that they had throughout the office – which they had one like in
front of every room where you’re going to see the doctor – every single door had that
‘We are HIPPA compliant’” and it was spelled HIPPA. And so, she let them know and
it was one of those “ah!” moments, you know. So, most of the times when you think about
HIPAA, you think about privacy; and that is a big part of HIPAA, but it’s not the only
thing that you need to know about HIPAA especially if you’re a coder. If you’re a patient
and you’re concerned about your privacy, that’s when people in the lay community
think about HIPAA, privacy is the main thing that they’re thinking about. But now that
there’s advances in electronic technology, it’s not just privacy that they have to
worry about, it’s transferring information from one entity to another, one facility to
another. There are rules and regulations that go with that. Congress added a Federal privacy
protection for individually identifiable health information which has its own little acronym.
The Rule set national standards for protection of individual’s identifiable health information
by three types of covered entities: health plans, and healthcare clearinghouses, and
health care providers who conduct the standard health care transactions electronically. Now, when they did this, when they first started
working at this in 2000 and then they made some changes in 2002 & 2003, and there’s
still probably going to make changes in the future as technology increases and we’re
able to do more and more with health records, we’ll see the HIPAA evolve and grow. Let
me scroll down here… As the healthcare community grows, as the
need grows for privacy and secure documents, EHRs and stuff like that. So, HIPAA also has
Administrative Simplification provision that requires HHS to adopt national standard for
electronic health care transactions and code sets – that’s what we do, we work with
code sets – unique health identifiers and security. So, it is much bigger than just privacy, OK?
I found this little cup: “I Heart [Love] Coding.” Anyway, this is the website that
I was able to get most of that information, it’s much more detailed than what I’m
giving you right now, but you may want to go, check that out. I found this picture and
this looks exactly – was a little spooky, like the very first medical records department
that I worked in. This was the back room where all the records were kept. There were no empty
spaces; I think we had one that was empty. It was a small hospital in a resort area.
And I looked at this and I looked twice and it brought back memories, this was almost
20 years ago. Then I found another fantastic slide, this
was though from 2012, and I’m sure it’s changed since then. Here we go: HIPAA Violations,
Type of Breach & Number of Instances. Now, physical theft – that would be somebody
physically taking a record or information, like just swiping it, I guess. Unauthorized access and disclosure – now,
this would be considered when somebody came in and a computer was left up and they went
in and look at somebody’s documentation; or if they got somebody’s password, just
plain hacking in. It’s only 16%, so it’s not as many as you think, but I think most
facilities have a lot of protection. I know ours, if we weren’t typing; it’s like
every 60 seconds. No, it wasn’t that fast but it would lock us out of the hospital. Physical loss, 14% — the doctor took the
record home to make notes because he was behind and he forgot it, something like that. Let’s
see… other unknown it’s just 1%. Improper disposal – everything has to be shredded
but there is a time limit on how long you have to keep medical records. Let’s say
that they’ve got them, they used to put them on that file fiche [microfiche]– I
think is what they called them. You know, like you got the library where you put it
in the machine and then you scroll and it made you dizzy and you can move the little
glass panel, everything was on that, and then now everything is put into a computer drive.
But, what you do with all that paper? When you’re required to keep it for some many
years – I can’t remember off the top of my head how long that is – but if it is
not shredded properly or the storage facility that the hospital was paying to have all of
those records stored if something improper happened there.
And combination, 9% — they did more than one type. You know, I thought that was pretty interesting,
HIPAA violations. And again this was like 2012, so it’s a few years back. With upcoming HIPAA Audits becoming an undeniable
short-term reality, no health care organization can afford to overlook HIPAA compliance. If
where you’re working and you’re working in maybe a doctor’s office with one doctor
or two doctors, if you don’t have a compliance plan that is involved with HIPAA and HIPAA
is not something that you talk about on a pretty regular basis, it might want to be
brought up. Even facilities are very proactive with HIPAA compliance. The most recent major HIPAA violation by the
University of California at Los Angeles Health System (UCLA) prompted a settlement of $865,000
for violating privacy laws by leaking celebrity medical data to the news media. Remember when
princess over in England and she went to the hospital and the whole brouhaha that happened
when some radio situation called in and pretended to be the king and queen, and they gave out
information. It was just a mess, and that is kind of like what that is. You know a star
goes in and has their nose job and then they leaked out that they had a nose job, I guess
might be one thing. Anyway, I thought that was a cute little cartoon:
“Ha Ha! This guy has a chronically itchy butt.” “Hilarious!” Anyway, we can code
that by the way, can’t we? Earlier this year – which again this was
in 2012 that the site where I found this was at, so it is not… this happened back in
2012 not earlier this year – Cignet Health was the recipient of a $4.3 million fine for
refusing patient access to the medical data. As seen in HIPAA Violations above, the greatest
number of HIPAA violations occur in the form of physical theft, including paper records
and portable electronic devices. We all are using these. When I was in the
medical records department, way back when, you would never see anybody with a laptop
come in and be working on medical records, and now everybody’s got a laptop that they’re
walking around with. Anyway, I thoughtthat was funny that she’s on the floor, she can’t
find the table. And again, there’s the website if you want to go find more information about
that. http://resource.onlinetech.com/2011-hipaa-violations-and-audits/

About Bill McCormick

Read All Posts By Bill McCormick

Leave a Reply

Your email address will not be published. Required fields are marked *