1. Pasadena Villa Network of Services
Employee HIPAA Training

2. HIPAA –Who?
We are bound by Federal and State laws that govern the privacy and confidentiality of our residents.
They govern how we access, use and disclose Protected Health Information (PHI).
Included in this rule are employees, interns, volunteers and any business associates of Pasadena Villa Network of Services.

3. HIPAA—Who? We are not alone. The Federal rule covers the following:
Health care provider, health plan
Public health authority
Insurer (life, health, etc)
Schools, universities
Employers
Healthcare clearinghouse

4. HIPAA—What?
HIPAA is the federal Health Insurance Portability and Accountability Act of The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.

5. HIPAA—What?
HIPAA protects an individual’s health information and his/her demographic information. This is called “protected health information” or “PHI”. Information meets the definition of PHI if, even without the patient’s name, if you look at certain information and you can tell who the person is then it is PHI. The PHI can relate to past, present or future physical or mental health of the individual. PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, , fax, or verbal communications.

6. HIPAA—What?
HIPAA provides the framework for the establishment of nationwide security standards and confidentiality of health information.
Under HIPAA we must maintain reasonable and appropriate administrative, technical and physical safeguards to ensure the integrity and confidentiality of PHI.

7. HIPAA—What?
HIPAA defines information as protected health information if it contains the following information about the patient, the patient’s household members, or the patient’s employers:
Names
Dates relating to a patient , i.e. birthdates, dates of medical treatment, admission and discharge dates, and dates of death
Telephone numbers, addresses (including city, county, or zip code) fax numbers and other contact information
Social Security numbers
Medical records numbers
Photographs
Finger and voice prints
Any other unique identifying number
*Information included in this rule may be written, recorded or oral

8. HIPAA—What?
The PHI can relate to past, present or future physical or mental health of the individual.
PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, , fax, or verbal communications.
HIPAA provides the framework for the establishment of nationwide security standards and confidentiality of health information

9. State of Florida
Florida Statute 397 prohibits disclosure or use of patient records (any information that is written or not) unless permitted by the patient or regulation.

10. HIPAA—What?
Electronic Health Records The Obama Administration wants everyone to have an EHR by Defined as: An electronic record of health-related information on an individual that is created, gathered, managed and consulted by authorized health care clinicians and staff.

11. Electronic Records
Electronic records are more convenient, more efficient and allow us to do more with the data.
EHRs increase the ability to access, transmit and copy large volumes of data quickly.
EHRs increase the ability to combine data from different sources quickly.

12. Electronic Records
The risk of harmful transmission of information rises exponentially as the number of people who have access to that information rises.
HIPPA criminal convictions to date did not involve the clinical data, but rather the financial and demographic data, used primarily for identity theft.

13. HIPAA & YOU
It is your responsibility to curb human nature (curiosity, sharing of information), to be sensitive to the residents information, to respect the resident’s right to privacy and to know our policies and procedures. When we provide our residents with quality services, it includes protecting their confidential information.

14. HIPAA & the Resident
HIPAA stipulates the following patient’s right under its privacy rule:
Patients have a right to receive a notice of the privacy practices of any health care provider health clearing house, or health plan.
Patients have a right to see their PHI and get a copy.
Patients have a right to request that changes be made to correct errors in their records or to add information that ha been omitted.
Patients have a right to see a list of some of the disclosures that have been made of their PHI.
Patients have a right to request that you give special treatment to their PHI.
Patients have a right to request confidential communications.
Patients have a right to complain.

15. HIPAA & the Resident
A health provider can disclose an individual’s PHI without the patient’s authorization if the disclosure deals with treatment, payment, operations, or if the information is mandated by law. Otherwise, for most other uses, the patient will need to authorize the provider to make the disclosure.

16. Right to Inspect
The Individual Right to Inspect: Residents may request to see or copy their chart and must fill out the appropriate form to do so.
In limited cases, we may deny this request in writing (such as legal action being brought on my an individual, psychotherapy notes).
Requests and Denials will be handled by the Compliance Manager (so please forward them directly).

17. Authorization to Release Information
This form will be signed at admission and anytime records are requested.
A copy of the request and/or ROI will be loaded into Best Notes
Any records sent out will also be documented into Best Notes when release.
Documentation creates a Log of PHI

18. ROI Requirements Specific information to be released
The name and/or other information to identify who information will be sent or received
An expiration date (1 year from signature if not specified)
A statement about the individual’s right to revoke the authorization
Signature, Witness, & Date
Statement about potential for re-disclosure
This form should be completed entirely to be valid

19. Request to Amend
Clients have the right to request an amendment (clarification or challenge) to their medical/clinical file. *Remember psychotherapy notes are not disclosed.
However, the remaining parts of their file, group notes, daily progress notes, medication records, demographic information are subject to their review.

20. Request to Amend
If the client does not agree with certain documentation in their records, they may request for the entry to amended. The client must put the request in writing (there is a form).
Requests and Denials will be handled by the Compliance Manager.

21. Log of Disclosure
HIPAA states that residents have a right to receive an accounting of certain instances when protected health information about them is disclosed by us.
Disclosures are logged into Best Notes by adding the LOG of PHI form to the record.

22. Log of Disclosure
Disclosures will include the Date, Name of the individual to whom information was sent, a brief description of information sent and reason (Disability Determination, Continuity of Care, etc)
Each Disclosure should have an accompanying Release of Information loaded into the chart.
Accounting will be sent no later than 60 days from requests.

23. Minimum Necessary
HIPAA requires us to make “reasonable efforts” to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
Our employees must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule (HIPAA / 42 CFR).

24. HIPAA & Security
We must have in place appropriate administrative, technical and physical safeguards to protect the privacy of PHI.
Visitor Sign-In sheets
Electronic, password protected client records
Clean Desk protocol: limit paper laying around
Limited fax use: mailing information is preferred
Low tone of voice

25. HIPAA & Security
Our company utilizes an system to assist in the communication of daily operations. This tool has it’s positives and negatives. permits us to communicate effortlessly and at great speed, and to copy and distribute documents as never before. The flip side of these enormous opportunities for more effective communications are equally enormous risks that PHI will be distributed improperly.

26. HIPAA & Security
All s MUST be sent through your Pasadena Villa account
All s MUST have a HIPAA signature attached.
ROI must be in place to communicate about the resident.
Policies & Procedures are found in the Information Management section of the P&P

27. Violations/Complaints
Knowingly obtains or discloses individually identifiable health information:
$50,000 fine and imprisonment for one year.
$100,000 fine and imprisonment for five years.

28. Violations/Complaints
THE BIGGIE!
For obtaining or disclosing individually identifiable health information with the intent to sell, transfer or use the information for commercial advantage, personal gain, or malicious harm. (Identify theft)
A maximum fine of $250,000 and/or up to TEN YEARS imprisonment.

29. Violations/Complaints
A resident has the right to submit a complaint if he believes that the health provider has:
Improperly used or disclosed their PHI
Concerns about their HIPAA Privacy policies
Concerns about the provider’s compliance of its privacy policies.
The patient may file the complaint with either of the following:
The Privacy Officer: Heather McMahon
The US Department of Health and Human Services, Office of Civil Rights,