HIPAA Health Insurance Portability and Accountability Act
Information for New York State of Office of Mental Health Employees
New York State
George E. Pataki, Governor
Office of Mental Health
James L. Stone, MSW, CSW, Commissioner
Published by the OMH
Bureau of Education and Workforce Development
Heard about HIPAA?
HIPAA is a federal law that was passed in 1996. HIPAA stands for the
What does HIPAA have to do with OMH and with you?
OMH, as a health care provider, is required to comply with the HIPAA federal regulations that set standards for:
- Privacy Rule about a person’s health information.
- the safety and security of health information, whether it’s on computer or on paper.
- electronic billing of claims to pay for health care services.
You, personally, will be affected by HIPAA because your own doctor, hospital, or other health care provider will have to follow HIPAA rules.
As an OMH employee (or someone not technically employed by OMH but who comes into OMH to volunteer, study, or perform), you’ll also have to know how HIPAA might affect your day-to-day activities. We will be providing you with more detailed information and training regarding HIPAA. Since HIPAA requires OMH to educate its employees (as well as certain other nonemployees) about HIPAA, we will be documenting all staff’s receipt of HIPAA-related education and training.
Some OMH employees (mostly at Central Office) will have to learn how OMH Medicaid and Medicare billing will have to change to meet HIPAA standards.
But most other OMH employees will have to learn about the HIPAA Privacy Rule and how it might affect:
- how we deal each day with the people we serve; and,
- how we keep records about people and how we share these records with others.
One very important fact about HIPAA privacy rule requirements: they take effect on April 14, 2003!
You should know that rules about keeping a person’s records private, and getting permission to share those records, are not brand new in OMH. State Mental Hygiene Law has long required OMH to protect the privacy of what the Law calls clinical records — basically all the records about the care and treatment of the people we serve.
HIPAA is different in that it has more detailed rules – especially about:
- When to get a person’s written or oral permission to share health information.
- When to give a person a written privacy notice that tells the person how OMH will deal with his/her clinical information.
- What OMH has to do as an organization to implement HIPAA (among other things, OMH has to appoint a Privacy Officer and has to train employees about HIPAA).
Some things that we will have to do under the HIPAA privacy rule are:
- Be careful to avoid discussinginformation about a person with co-workers who may not have a “need to know.”
- Be careful to avoid discussing information about a person in public areas, or in telephone conversations that can be easily overheard by others.
- Keep and protect written information in the work environment about a person away from the eyes of others who do not have a “need to know.”
- Make sure that casual visitors can’t just wander into areas in which clinical information about a person is kept.
- Know when information about a person can be shared without the person’s permission, and when the person has to give written or oral permission to share information.
- Make sure that if we have computer access to confidential/private information about a person, we follow all policies/procedures for maintaining the confidentiality and security of thatinformation.
OMH will provide more facts and details about the HIPAA privacy rule before the April 14, 2003 implementation date.
So, now that you’ve heard about HIPAA, expect more information to come your way during the next few months.
Comments or questions about the information on this page can be directed to the Office of the Counsel.