This course is approved by the North Carolina Department of Health and Human Services Division of Facility Services - Group Care Licensure Section (NC-DHHS)
Program Sponsor ID #032316; Approval # . This activity is approved for 1.00 contact hours.
Relias Learning, LLC is approved by the California Department of Social Services as a Continuing Education Program Vendor to provide Continuing Education training courses to administrators of Group Homes.
Vendor/Provider # : 2000224-730-2
Approval # 224-0141-32562
This activity is approved by the California Department of Social Services for 1.00 contact hours.
Relias Learning, LLC is approved by the California Department of Social Services as a Continuing Education Program Vendor to provide Continuing Education training courses to administrators of Adult Residential Facilities.
Vendor/Provider # : 2000224-735-2
Approval # 224-0141-32608
This activity is approved by the California Department of Social Services for 1.00 contact hours.
Relias Learning, LLC is approved by the California Department of Social Services as a Continuing Education Training Program Vendor to provide Continuing Education training courses to administrators of residential care facilities for the elderly.
Vendor / provider # 2000224-740-2; Approval # 224-0141-32667. This activity is approved by the California Department of Social Services for 1.00 contact hours.
This educational offering has been reviewed by the National Continuing Education Review Service (NCERS) of the National Association of Long Term Care Administrator Boards (NAB) and approved for 1.00 clock hours. If you have any feedback regarding the NAB approved continuing education programs, send your email to the following address: [email protected]
Hour One Part 1 I. Introduction to HIPAA Privacy Rules a. HIPAA is the Health Insurance Portability and Accountability Act b. A federal law enacted by Congress in 1996 c. Two Parts of HIPAA i. Title I – Protects health insurance coverage for workers and their families when they change or lose their job ii. Title II – Created national standards for electronic health care transactions and provisions to address privacy and security of health information d. Privacy Rule i. Health history ii. Medical diagnosis iii. Treatment plans iv. Prescriptions v. Cognitive changes vi. Disabilities or other physical limitations e. The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form f. Learning Engagement Activity: Questions (multiple choice) II. Who is covered by the privacy rules? a. The HIPAA rules apply to covered entities and business associates i. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their heath information 1. Health care providers 2. Health plans 3. Health care clearinghouses ii. Health Plan: 1. Health insurance companies 2. HMOs 3. Company health plans 4. Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs 5. Assisted living providers are not a “health plan” iii. Health Care Clearinghouse 1. Entities that process nonstandard health information they receive from another entity into a standard, or vice versa 2. Assisted living providers are not a “health care clearinghouse” iv. Health Care Provider 1. Health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers 2. This could include assisted living in some circumstances… 3. Doctors 4. Clinics 5. Psychologists 6. Dentists 7. Chiropractors 8. Nursing Homes 9. Pharmacies 10. Learning engagement casescenario III. Does HIPAA apply to assisted living and residential care? a. Varies by state b. Most assisted living residents are private pay c. Caring for residents under state Medicaid programs would increase likelihood of being a covered entity d. Even if you are not a “covered entity” many of the basic privacy and confidentiality provisions are a good practice for all providers IV. What information is protected a. Protected Health Information (PHI) i. Individually identifiable health information ii. Transmitted by a Covered Entity or its Business Associate b. Health information, including demographic information i. Relates to an individual’s physical or mental health or the provision of or payment for health care ii. Identifies the individual c. Examples in Assisted Living i. Physician Report ii. Resident Assessments and Appraisals iii. Medication Records iv. Service Plans V. What Is NOT Covered? a. Employment records of covered entity b. Family educational rights and privacy act (FERPA) records c. Not considered PHI VI. Disclosing personal health information a. Disclosures i. There will be times when you need to disclose personal health information about your residents ii. What is allowed under HIPAA 1. Required disclosures 2. Allowed without authorization 3. Allowed with authorization iii. Permitted Disclosures 1. To the Individual a. A covered entity may disclose protected health information to the resident who is the subject of the information 2. Treatment, Payment, and Health Care Operations a. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities 3. Opportunity to Agree or Object a. Information permission may be obtained byasking the individual 4. Incidental Use and Disclosure a. Rule permits uses/disclosures incident to an otherwise permitted use or disclosure, provided minimum necessary and safeguards standards are met 5. Public Interests and Benefit Activities a. Public healthactivities b. Abuse, neglect or domestic violence c. Health oversight d. Law enforcement 6. Limited Data Set for research, public health or health care operations a. Identifiers have been removed VII. Authorizations a. Any other disclosure requires a written authorization from the individual i. A covered entity may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization, except in limited circumstances b. An authorization must: i. Be written in specificterms ii. Be in plain language iii. The information to be disclosed or used iv. The person(s) disclosing and receiving the information v. Expiration vi. Right to revoke in writing c. An authorization may allow use and disclosure of protected health information by the covered entity seeking the authorization, or by a third party d. Learning Engagement Activity: Mix and match terms VIII. Minimum necessary e. A central aspect of the Privacy Rule is the principle of “minimum necessary” use and disclosure f. A covered entity must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed g. A covered entity must develop and implement policies and procedures to reasonably limit uses and disclosures to the minimum necessary h. Learning Engagement Activity: OCR video 1.3 minutes IX. Privacy practices notices a. Each covered entity, with certain exceptions, must provide a notice of its privacy practices b. The notice must: i. Describe the ways in which the covered entity may use and disclose protected health information ii. State the covered entity’s duties to protect privacy, provide a notice of privacy practices, and abide by the terms of the current notice iii. Describe individuals’ rights, including the right to complain to HHS and to the covered entity if they believe their privacy rights have been violated iv. Include a point of contact for further information and for making complaints to the covered entity v. Except in certain circumstances, individuals have the right to review and obtain a copy of their protected health information vi. Follow your organization’s policies before releasing information X. Personal Representatives a. The Privacy Rule requires a covered entity to treat a “personal representative” the same as the individual, with respect to uses and disclosures of the individual’s protected health information, as well as the individual’s rights b. A personal representative is a person legally authorized to make health care decisions on an individual’s behalf or to act for a deceased individual or the estate c. The Privacy Rule permits an exception when a covered entity has a reasonable belief that the personal representative may be abusing or neglecting the individual, or that treating the person as the personal representative could otherwise endanger the individual d. Learning Engagement Activity: Questions (multiple choice) XI. Disposing of PHI a. Covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures or PHI, including in connection with the disposal of such information b. In addition, the HIPAA Security Rule requires that covered entities implement policies and procedures to address the final disposition of electronic PHI c. Learning Engagement: Case Scenario safeguardfailure d. PHI Paper Records make unreadable and unable to reconstruct: i. Shredding ii. Burning iii. Pulping iv. Pulverizing e. Labeled prescription bottles and other PHI opaque bags i. In a secure area and
Cynthia McDaniel MSN RN, is a nurse and administrative consultant in long term care. She is the CEO of ElderWise Inc, a senior living consulting and education group. Cynthia has worked as a nurse consultant for the States of Oregon and Washington, a geriatric care manager, a regional director of clinical operations for a senior living company, and an assistant professor at Oregon Health & Science University School of Nursing. Her research in assisted living focused on the characteristics of residents in assisted living communities and the role of the nurse in assisted living. Cynthia holds a Master's of Science in Nursing from Gonzaga University in nursing education. She is a Fellow of the Sigma Theta Tau/John A. Hartford Foundation Geriatric Nursing Leadership Academy. Disclosure: Cynthia McDaniel, MSN, RN has declared that no conflict of interest, Relevant Financial Relationship or Relevant Non-Financial Relationship exists.Instructor: Holly Carlson, MS, RN, CCRN
Holly Carlson, MS, RN, CCRN, is a subject matter expert for Relias. She has 25 years of healthcare experience in both acute and post-acute healthcare environments. Her experience includes leadership and management across the healthcare spectrum. She has owned and operated an assisted living business. Carlson's clinical practice includes acute care, long-term acute care, home health and hospice. Carlson has served for over a decade in various board positions for State Nursing Associations, including president. She has been a nurse planner for multiple continuing education events and has experience as a leader in the design and implementation of an ANCC-CNE accredited approver unit for a multi-state nursing consortium. Carlson is certified as Critical Care Registered Nurse. Disclosure: Holly Carlson, MS, RN, CCRN has declared that no conflict of interest, Relevant Financial Relationship or Relevant Non-Financial Relationship exists.