HOME | ABOUT US | CONTACT |

Medical Records Privacy for
Tribal Health Programs



The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the most significant body of health care legislation enacted since Medicare. HIPAA's far-reaching provisions govern all health care entities that maintain or transmit protected health information in both paper and electronic format. While it may seem like a daunting task to comply with all HIPAA regulations, compliance not only helps maintain privacy but also streamlines your organization's operations and safeguards your practice from legal risk.

One of the most significant changes to HIPAA, medical records and patient information is The American Recovery and Reinvestment Act (ARRA). ARRA gives power to state Attorney Generals to bring actions to obtain injunctive relief or damages on behalf of state residents who have been or are threatened or adversely affected by violations of HIPAA. Previously, HIPAA did not permit individuals to obtain monetary damages for HIPAA violations, and enforcement was handled at the federal level. The financial penalties for violations of HIPAA have also increased, and a percentage of the civil penalites collected will be distributed to invdviduals harmed by the violations.

This course will introduce new regulations related to technological innovations in medical records handling as well as how the concept of "meaningful use" relates to medical records privacy. During this hands-on class, we'll review the Indian Health Service (IHS) HIPAA Privacy Requirements Checklist, which correlates requirements to policies, procedures and action items. Sign up today.

T O P I C S   I N C L U D E
Laws, Acts and Regulations Affecting Health Care
  • Privacy Act (1974)
  • Health Insurance Portability and Accountability Act (1996)
  • Privacy Rule
  • Patient Self Determination Act
  • False Claims Act
  • Emergency Medical Treatment and Active Labor Act (EMTALA)
  • Balanced Budget Act (1997)
  • Federal Medical Care Recovery Act (FMCRA)
  • Administrative Simplification Compliance Act
  • Indian Health Care Improvement Act Reauthorization (2001)
  • Access to Medical Treatment Act (2001)
  • Medicallly Underserved Access to Care Act (2001)
  • Drug Availability and Health Care Access Improvement Act (2001)
  • Health Care Antitrust Improvements Acts (2002)
Privacy Standards
  • Managing electronic and paper records
  • Procedures for securing records properly
  • Controlling access
  • Multiple providers and information sharing
  • Contracting with ouside providers
Security Standards
  • Understanding security procedures
  • Required vs. addressable implementation specifications
  • Maintaining electronic records
Gap Analysis and IHS Forms
  • Assessing current systems and practices
  • Identifying gaps and problem areas
  • Value of the walk-through
  • New IHS-approved forms
  • Using IHS forms
Business Associates
  • Outsourcing of transcription
  • Release of information
  • Coding
  • Other areas specific to medical records
Privacy Requirements
  • Outline of HIPAA privacy standards, including:
    • Privacy of individually identifiable health information
    • Notice of privacy practices for protected health information
    • Access of individuals to protected health information
    • Accounting of disclosures of protected health information
  • Existing policies and procedures
Administrative Requirements
  • Roles and responsibilitis of a privacy officer
  • Writing a scope of work
  • Consent and requirement standards
  • Authorization for use and disclosure standards
  • Minimizing risk of incidental disclosures
Additional Considerations
  • American Recovery and Reinvestment Act (ARRA)
  • "Meaningful Use"
  • Using IHS technical support to meet electronic transfer standards
  • New IHS recommended policies
  • Use of policies as a model
  • Next steps for implementing change and achieving compliance
Focused Group Work
  • Your privacy and security policies and procedures
  • Possible discussion topics:
    • Administrative requirements
    • Scope of privacy officer's duties
    • Consent requirement standards
    • Authorization for use and disclosure standards
    • Minimizing the risk of incidental disclosures
    • Physical safeguards
    • Technical security services
  • Identifying medical records privacy problem areas in your policies and procedures
  • Brainstorming solutions and revisions to rectify problems and meet requirements

Click here to find out how you can bring a Falmouth Institute seminar to your location!
© Copyright 2012 | Terms of Use | Privacy Policy