1 of 20

HIPAA Privacy Rule

Approaching HIPAA regulations in the Foodservice Department

2 of 20

  • State the purpose of the Privacy Rule of HIPAA
  • Review the concepts regarding the use and disclosure of Protected Health Information (PHI)
  • Review examples of PHI required when performing your own job

To introduce foodservice employees to the main concepts of HIPAA that affects the foodservice department, specifically the privacy rule.

2

HIPAA Privacy Rule

Purpose:

Objectives:

GORDON FOOD SERVICE -

3 of 20

HIPAA:

H – Health

I – Insurance

P – Portability (and)

A – Accountability

A – Act

3

What does it mean?

HIPAA Privacy Rule

1996 Federal Mandate

GORDON FOOD SERVICE -

4 of 20

HIPAA:

  • 1996 Federal Mandate
  • HIPAA was established to set national standards to protect individual’s medical records and other personal health information.

4

What does it mean?

HIPAA Privacy Rule

GORDON FOOD SERVICE -

5 of 20

Overview of 5 HIPAA Rule Sets

  • Transaction standards: standardizes & reduces the current number of electronic formats
  • Privacy standards: provides that our PHI will be protected from bad uses & disclosures, and gives patients certain controls & rights
  • Security standards: aim is to protect the integrity, confidentiality and availability of PHI
  • Employer unique IDs: unique identifiers for providers & employees for transfer of info
  • Enforcement standards: penalties, methodologies

5

HIPAA Privacy Rule

GORDON FOOD SERVICE -

6 of 20

Overview of 5 HIPAA Rule Sets

Privacy Standards

-Provides that personal health information will be protected from bad uses and disclosures, and gives patients certain control and rights

6

HIPAA Privacy Rule

GORDON FOOD SERVICE -

7 of 20

Protected Health Information

PHI is any documentation or information that:

  • identifies an individual
  • contains health information

7

HIPAA Privacy Rule

GORDON FOOD SERVICE -

8 of 20

HIPAA - The Privacy Rule

  • The Standards for Privacy of Individually Identifiable Health Information
  • Purpose: Protects and gives access to own health info
  • “When using or disclosing protected health information (PHI) or when requesting PHI from another covered entity (CE), a CE must make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.”

8

HIPAA Privacy Rule

GORDON FOOD SERVICE -

9 of 20

Protected Health Information

PHI can be:

  • Written
  • Spoken information
  • Hard copy
  • Electronic

It includes any past, present, or future information about the physical or mental state of the resident.

9

HIPAA Privacy Rule

GORDON FOOD SERVICE -

10 of 20

Protected Health Information

Types of PHI include the following:

  • Billing information
  • Medical insurance forms
  • Prescriptions
  • Patient charts
  • Medical records

10

HIPAA Privacy Rule

Where it might be found:

  • Forms
  • Spoken communication
  • E-mails
  • Faxes
  • White boards

GORDON FOOD SERVICE -

11 of 20

Protected Health Information

Who needs access to PHI?

  • Healthcare providers
  • Billing people
  • Clergy
  • Food service workers
  • Researchers
  • Security people
  • Information technology employees

11

HIPAA Privacy Rule

GORDON FOOD SERVICE -

12 of 20

Protected Health Information

Where and how is PHI used in the foodservice department?

-Name

-Room Number

-Age

-Diagnosis

-Tray Cards

-Diet Office Software

-Dietary Forms

12

HIPAA Privacy Rule

GORDON FOOD SERVICE -

13 of 20

HIPAA – What it means to you

  • If you need to share health information in your job, then you should request only the minimum necessary to carry out your job.

  • If another Covered Entity (i.e. another Nursing Home) requests PHI, you should only provide the minimum necessary to fulfill the request.

13

HIPAA Privacy Rule

GORDON FOOD SERVICE -

14 of 20

HIPAA – Privacy Safeguards

  • Change your computer password regularly
  • Do not leave PHI on a computer screen
  • Do not log onto a computer and then allow others access via your password
  • If it possible to destroy records containing PHI, be sure to shred it completely
  • If discarding records where the records contain PHI in digital format, physically destroy the disk; don’t just throw it away

14

HIPAA Privacy Rule

GORDON FOOD SERVICE -

15 of 20

HIPAA & You

Be aware of PHI needed for your job.

Know who you can share the information with when asked.

Know to respond with the information necessary and NO MORE!

15

HIPAA Privacy Rule

GORDON FOOD SERVICE -

16 of 20

Penalties

  • Wrongful Disclosure
    • Up to $50,000 fine for each offense
    • Imprisonment up to 1 year
  • False Pretenses
    • Up to $100,000 fine for each offense
    • Imprisonment up to 5 years
  • Intent to Sell, Transfer, or Use
    • Up to $250,000 fine for each offense
    • Imprisonment up to 10 years

16

HIPAA Privacy Rule

GORDON FOOD SERVICE -

17 of 20

HIPAA – Is Training Mandatory?

HIPAA requires organizations to provide training for all employees, new work force members, and periodic refresher training.

17

HIPAA Privacy Rule

GORDON FOOD SERVICE -

18 of 20

HIPAA – Who Gets Training?

HIPPA training is required for anyone who comes into contact with protected health information.

18

HIPAA Privacy Rule

GORDON FOOD SERVICE -

19 of 20

HIPAA – Do We Keep Records of Training?

It is important to keep proof of HIPAA training on all employees.

19

HIPAA Privacy Rule

GORDON FOOD SERVICE -

20 of 20

Thank you.

If you have questions,

Please contact the Nutrition Resource Center at:

1.800.968.4426

nrc@gfs.com