• Past history
• Current diagnosis and treatment
• Correspondence relating to patient.

True/False

Medical records are legal documents and may be subpoenaed.

• Record of patient from birth to death
• Document for continual management of patient's health care
• Provides data and statistics on health matters
• Tracks ongoing patterns of patient's health

• Full name
• Address
• Telephone number
• Date of birth
• Marital status
• Employer and insurance information

True/False

"If it is not documented, it did not happen"

• Never send entire medical chart unless it is requested
• Do not send original
• Record may not be released to patient without physician's permission
• Patient must sign release form for information to be sent to insurance company.

10 years

Minor's records must be kept until patient reaches age of maturity plus period of the statute of limitations.

• Health Insurance Portability and Accountability Act
• 1996
• Regulates the privacy of patient health information

• Improve insurance portability
• Combat fraud, abuse, and waste in healthcare
• Promote the expanded use of medical savings accounts
• Simplify the administration of health insurance

• Past, present, future individually identifiable health information
• Name, age, gender Social Security Number, zip code, e-mail

• Emergency situation
• Language barrier without an interpreter
• Treating prison inmates

True/False

Some states have stricter privacy standards than those of HIPAA.  In this case, state's law would take precedence over the Federal HIPAA regulation

• Identifiers are used to reduce confusion and errors.
• Published 2002
• Uses employer's tax ID number or Employer Identification Number (EIN)

Remove:

• Patient's name
• Address, including e-mail
• Telephone and fax numbers
• All dates, including birth (except year), admission, discharge, and death
• Social Security number
• Medical records numbers
• Health care insurance numbers
• License numbers
• Facial photos
• Other identifying numbers or characteristics

(It is a federal crime)

• Up to $100 per person, per incident for minor disclosures
• Up to $25,000 for multiple violation of the same standard in a calendar year.
• Federal criminal liability for improper disclosure of information or for obtaining information under false pretenses carries sanctions of up to $50,000 and one year in prison
• Up to $250,000 and/or up to 10 years in prison for obtaining PHI under false pretenses with the intent to sell, transfer, or use the info for personal gain or for malicious action, such as Medicare fraud

• Copy of privacy notice
• Access to medical records
• Limit how health care information is shared
• Accounting of who information is given to
• Ask to be contacted in a special way
• Examine health information provider's copy
• Complain to "covered entity" if violation of privacy is suspected

• Patient authorization that complies with HIPAA rules
• Waiver of authorization from a privacy board or Institutional Review Board (must include extensive documentation as required by HIPAA)

• Does not prevent physicians or hospitals from sharing patient info to treat
• Does not prevent disclosure to clergy
• Allows hospitals and physicians to share info with spouse or anyone patient has identified as involved in their care.
• Does not apply to most police or fire department (may release info about accident victims)
• Does limit info EMTs may disclose

• Appoint and train privacy officer
• Conduct internal assessment of existing policies
• Enter agreements with all non employee service providers
• Adapt procedures for handling patient requests 
• Implement notice of privacy practices

• Revise employee manuals regarding HIPAA standards
• Train all employees on policies and procedures
• Retain signed authorization and any agreements with patients restricting disclosure of PHI for a period of 6 years
• Implement and enforce sanctions for filations
• Establish complaint process for noncompliance