Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ON- LINE TRAINING EVENT HIPAA (Health Insurance Portability & Accountability Act) ENTER.

Similar presentations


Presentation on theme: "1 ON- LINE TRAINING EVENT HIPAA (Health Insurance Portability & Accountability Act) ENTER."— Presentation transcript:

1

2 1 ON- LINE TRAINING EVENT HIPAA (Health Insurance Portability & Accountability Act) ENTER

3 2 What is ? What is HIPAA? Its a law enacted to 1) protect personal health information, 2) minimize health insurance fraud, and 3) reduce administrative health care expenses. Its a law enacted to 1) protect personal health information, 2) minimize health insurance fraud, and 3) reduce administrative health care expenses. NEXT

4 3 What does HIPAA cover? The law specifically addresses three (3) areas: The law specifically addresses three (3) areas: Medical Billing Transaction Standards Medical Billing Transaction Standards Protected Health Information (PHI) Privacy Standards Protected Health Information (PHI) Privacy Standards Information Security Standards Information Security Standards NEXT

5 4 Transaction Standards National medical billing transaction standards are in place… National medical billing transaction standards are in place… Medical providers have been identified by an assigned number Medical providers have been identified by an assigned number Uniform transaction codes are used by medical providers Uniform transaction codes are used by medical providers Common electronic medical billing transaction standards and guidelines are in use Common electronic medical billing transaction standards and guidelines are in use Other Requirements Other Requirements Data usage & storage policies Data usage & storage policies Compliant Business Associate contracts Compliant Business Associate contracts Audits of Privacy, Security & Business Practices Audits of Privacy, Security & Business Practices Information sharing policies Information sharing policies Minimum Necessary information exchangeMinimum Necessary information exchange Electronic data information access controls Electronic data information access controls NEXT

6 5 Security Standards These standards ensure the confidentiality, integrity, & availability of protected electronic health information, and… These standards ensure the confidentiality, integrity, & availability of protected electronic health information, and… …protects against threats or hazards to the security of the information …protects against threats or hazards to the security of the information Areas Involved with Security Areas Involved with Security Administrative Administrative Physical Safeguards Physical Safeguards Technical Security Services Technical Security Services Technical Security Mechanism Technical Security Mechanism NEXT

7 6 Information Security - Examples Administrative Controls Administrative Controls Identifying Business Associates & Issuing Appropriate Agreements Identifying Business Associates & Issuing Appropriate Agreements Reinforce the Importance of Information Compliance Reinforce the Importance of Information Compliance Cooperate with the internal HIPAA Audit & Risk Assessment Processes Cooperate with the internal HIPAA Audit & Risk Assessment Processes NEXT

8 7 Information Security – Examples (Contd) Physical Safeguards Physical Safeguards Positioning Computer Monitors away from view Positioning Computer Monitors away from view Discussing patient/client information in a private location Discussing patient/client information in a private location Keeping patient/client records out of sight or access of others Keeping patient/client records out of sight or access of others Knowing who is in your Facility or Office & when (Sign In/Out) Knowing who is in your Facility or Office & when (Sign In/Out) NEXT

9 8 Information Security – Examples (Contd) Technical Security Services & Mechanisms Technical Security Services & Mechanisms IS Department IS Department Data Security includes Fire Walls, Pop Up Blockers, Virus Alerts, etc. Data Security includes Fire Walls, Pop Up Blockers, Virus Alerts, etc. System Control Measures System Control Measures Data Back-up Protocols Data Back-up Protocols HIPAA Security Policies & Guidelines HIPAA Security Policies & Guidelines Computer Data & Systems are County Property Computer Data & Systems are County Property NEXT

10 9 Privacy Standards These standards apply to protected health information (PHI) which includes any individually identifiable health information. It does not apply to data contained in educational or employment records. These standards apply to protected health information (PHI) which includes any individually identifiable health information. It does not apply to data contained in educational or employment records. The privacy standards apply to both electronic and hard copy records to include fax, photocopy, carbon copy, etc. The privacy standards apply to both electronic and hard copy records to include fax, photocopy, carbon copy, etc. Protected Health Information (PHI), created by, stored or received by a covered entity falls under HIPAA and must be protected by establishing safeguards. Protected Health Information (PHI), created by, stored or received by a covered entity falls under HIPAA and must be protected by establishing safeguards. NEXT

11 10 Privacy Standards (Contd) Gives Individuals more control over their own PHI. Gives Individuals more control over their own PHI. Sets rules for use and release of PHI Sets rules for use and release of PHI Strikes a balance when public responsibility requires disclosure of data to protect the public Strikes a balance when public responsibility requires disclosure of data to protect the public NEXT

12 11 Breach of Privacy Standards Holds violators accountable with civil and criminal penalties Holds violators accountable with civil and criminal penalties Penalties can be imposed if the individuals rights are violated Penalties can be imposed if the individuals rights are violated Office of Civil Rights (OCR) is charged with enforcement Office of Civil Rights (OCR) is charged with enforcement Internal investigation may result in progressive disciplinary action up to and including termination of employment Internal investigation may result in progressive disciplinary action up to and including termination of employment Information breach must be reported to OCR Information breach must be reported to OCR NEXT

13 12 Why is HIPAA important to Franklin County? The County is a Covered Entity under HIPAA The County is a Covered Entity under HIPAA The County provides and pays for the cost of healthcare The County provides and pays for the cost of healthcare Corporate authority rests with the County Commissioners Corporate authority rests with the County Commissioners County Commissioners are responsible for all contracts involving healthcare County Commissioners are responsible for all contracts involving healthcare The County & its Employees are responsible for Due Diligence The County & its Employees are responsible for Due Diligence There is no liability insurance protection, because it is the law There is no liability insurance protection, because it is the law NEXT

14 13 HIPAA does not apply to PHI… …when there are more stringent State or Federal regulations that do apply to the protected health information in question …when there are more stringent State or Federal regulations that do apply to the protected health information in question NEXT

15 14 What are an Individuals Rights under HIPAA? They have a right to… They have a right to… …access and copy health records …access and copy health records …to request amendment or correction to their records …to request amendment or correction to their records …to an accounting record of disclosures of information from their record …to an accounting record of disclosures of information from their record …to specify how confidential information is communicated …to specify how confidential information is communicated …to request restriction on how health information is disclosed or used …to request restriction on how health information is disclosed or used NEXT

16 15 Policies & Procedures for a Covered Entity Policies and procedures are required to address the various elements of HIPAA ( the Employee Information Section of to access these) Policies and procedures are required to address the various elements of HIPAA (Refer to the Employee Information Section of KIOSK, HIPAA to access these) A Company must appoint a privacy officer to 1) Oversee the program, 2) Investigate Complaints, and 3) Train Employees A Company must appoint a privacy officer to 1) Oversee the program, 2) Investigate Complaints, and 3) Train Employees Franklin County is, Risk Manager Franklin County Privacy Officer is Loretta McClure, Risk Manager NEXT

17 16 When can a covered entity use PHI? The rule requires written authorization from the individual before anyone can release PHI for purposes other than: The rule requires written authorization from the individual before anyone can release PHI for purposes other than: Treatment Treatment Payment Payment Healthcare operations Healthcare operations Covered health care providers must obtain a one-time consent to use or disclose PHI, even for treatment, payment or health care operations (Note: This is not an Authorization.) Covered health care providers must obtain a one-time consent to use or disclose PHI, even for treatment, payment or health care operations (Note: This is not an Authorization.) NEXT

18 17 Authorization Gives a covered entity authority to use or disclose PHI for specified purposes Other than treatment, payment, health care operations Includes: What information is being disclosed Who is authorized to disclose the information Who is going to use or receive the information NEXT

19 18 HITECH Requirements – Recent Revisions to HIPAA New requirements managing PHI New requirements managing PHI Business Associates held to same standard as County Business Associates held to same standard as County New rules for data breach notification to include thresholds, timelines, and methods New rules for data breach notification to include thresholds, timelines, and methods Business Associate must notify County of any data breach involving County provided information Business Associate must notify County of any data breach involving County provided information Increased penalties Increased penalties NEXT

20 19 Business Associates An individual or corporate person that performs on behalf of the County any function or activity involving the use or disclosure of PHI An individual or corporate person that performs on behalf of the County any function or activity involving the use or disclosure of PHI Is not a member of the covered entitys workforce Is not a member of the covered entitys workforce i.e., legal, actuarial, accounting, consulting, data processing, management, administrative, accreditation, financial services or anything else for which the County may contract where PHI is involved i.e., legal, actuarial, accounting, consulting, data processing, management, administrative, accreditation, financial services or anything else for which the County may contract where PHI is involved NEXT

21 20 What are Business Associate (BA) requirements, under an Agreement? Permitted PHI activities of BA identified Permitted PHI activities of BA identified BA agrees not to use or disclose PHI other than as permitted by the agreement BA agrees not to use or disclose PHI other than as permitted by the agreement BA agrees to use appropriate safeguards to prevent unauthorized use or disclosure of PHI BA agrees to use appropriate safeguards to prevent unauthorized use or disclosure of PHI BA agrees to report any unauthorized use or disclosure of PHI to the County BA agrees to report any unauthorized use or disclosure of PHI to the County BA ensures anyone receiving PHI under the agreement adheres to the same conditions as BA BA ensures anyone receiving PHI under the agreement adheres to the same conditions as BA Agreement termination, BA returns or destroys all County PHI in its possession or extends the protections of the contract to information retained Agreement termination, BA returns or destroys all County PHI in its possession or extends the protections of the contract to information retained NEXT

22 21 De-Identification of Information Information that does not identify the individual and does not contain information that can be used to identify an individual is not covered by HIPAA. Information that does not identify the individual and does not contain information that can be used to identify an individual is not covered by HIPAA. Examples of de-identifying information: Examples of de-identifying information: No names No names No geographic information No geographic information No dates related to the individual (i.e., birthday, date of hire, etc.) No dates related to the individual (i.e., birthday, date of hire, etc.) No telephone numbers, addresses, social security numbers, account numbers, etc. No telephone numbers, addresses, social security numbers, account numbers, etc. NEXT

23 22 Records handled on behalf of the County should be treated in a confidential manner. Refer to County Confidentiality Policy & Statement Workforce Responsibilities Remember: Loose lips sink ships! NEXT

24 23 Important Points to Consider… When You Must Share Information…Share only the least necessary amount information When You Must Share Information…Share only the least necessary amount information A PHI breach requires immediate notice to the Privacy Officer (Risk Manager) A PHI breach requires immediate notice to the Privacy Officer (Risk Manager) An Unusual Event form can be used to report potential HIPAA violations An Unusual Event form can be used to report potential HIPAA violations Risk and are a part of the Privacy Officers Risk assessments and audits are a part of the Privacy Officers responsibility NEXT

25 24 HIPAA Quiz Next youll receive a series of questions to be answered either true or false. Next youll receive a series of questions to be answered either true or false. Only you will know the outcome of your responses. Only you will know the outcome of your responses. Should you feel you can do better, please feel free to review the presentation again. Should you feel you can do better, please feel free to review the presentation again. START QUIZ

26 25 Question #1 The Countys Privacy Officer should be notified of PHI breaches, HIPAA investigations, and requests for HIPAA training? The Countys Privacy Officer should be notified of PHI breaches, HIPAA investigations, and requests for HIPAA training? FALSETRUE

27 26 Question #1 - Answer CORRECT!!! Risk Manager is Privacy Officer (Loretta McClure) NEXT QUESTION

28 27 Question #1 - Answer The correct answer is: Risk Manager is Privacy Officer (Loretta McClure) NEXT QUESTION

29 28 Question #2 HIPAA covers three sections…1) Transaction Sets, 2) Information Security & 3) Information Privacy? HIPAA covers three sections…1) Transaction Sets, 2) Information Security & 3) Information Privacy? FALSETRUE

30 29 Question #2 - Answer CORRECT!!! HIPAA covers three sections…1) Transaction Sets, 2) Information Security & 3) Information Privacy. NEXT QUESTION

31 30 Question #2 - Answer The correct answer is: TRUE HIPAA covers three sections…1) Transaction Sets, 2) Information Security & 3) Information Privacy. HIPAA covers three sections…1) Transaction Sets, 2) Information Security & 3) Information Privacy. NEXT QUESTION

32 31 Question #3 Information you handle on behalf of the County should be handled in a confidential manner? Information you handle on behalf of the County should be handled in a confidential manner? FALSETRUE

33 32 Question #3 - Answer CORRECT!!! Information you handle on behalf of the County should be handled in a confidential manner. Please refer to Countys Confidentiality Policy & Statement. Information you handle on behalf of the County should be handled in a confidential manner. Please refer to Countys Confidentiality Policy & Statement. NEXT QUESTION

34 33 Question #3 - Answer The correct answer is: TRUE Information you handle on behalf of the County should be handled in a confidential manner. Please refer to Countys Confidentiality Policy & Statement. Information you handle on behalf of the County should be handled in a confidential manner. Please refer to Countys Confidentiality Policy & Statement. NEXT QUESTION

35 34 Question #4 PHI refers to Protected Health Information? PHI refers to Protected Health Information? FALSETRUE

36 35 Question #4 - Answer CORRECT!!! PHI refers to Protected Health Information. PHI refers to Protected Health Information. NEXT QUESTION

37 36 Question #4 - Answer The correct answer is: TRUE PHI refers to Protected Health Information. PHI refers to Protected Health Information. NEXT QUESTION

38 37 Question #5 Medical information provided for an educational file or employment file is NOT considered PHI (Protected Health Information)? Medical information provided for an educational file or employment file is NOT considered PHI (Protected Health Information)? FALSETRUE

39 38 Question #5 - Answer CORRECT!!! NEXT QUESTION Medical information provided for an educational file or employment file is NOT considered PHI (Protected Health Information). Medical information provided for an educational file or employment file is NOT considered PHI (Protected Health Information).

40 39 Question #5 - Answer The correct answer is: TRUE NEXT QUESTION Medical information provided for an educational file or employment file is NOT considered PHI (Protected Health Information). Medical information provided for an educational file or employment file is NOT considered PHI (Protected Health Information).

41 40 Question #6 Under the recent HITECH Act, Business Associates are now held to the same HIPAA standards as covered entities? Under the recent HITECH Act, Business Associates are now held to the same HIPAA standards as covered entities? FALSETRUE

42 41 Question #6 - Answer CORRECT!!! NEXT QUESTION Under the recent HITECH Act, Business Associates are now held to the same HIPAA standards as covered entities. Under the recent HITECH Act, Business Associates are now held to the same HIPAA standards as covered entities.

43 42 Question #6 - Answer The correct answer is: TRUE NEXT QUESTION Under the recent HITECH Act, Business Associates are now held to the same HIPAA standards as covered entities. Under the recent HITECH Act, Business Associates are now held to the same HIPAA standards as covered entities.

44 43 Question #7 Business Associates are required to report a breach of information privacy or security to the related provider? Business Associates are required to report a breach of information privacy or security to the related provider? FALSETRUE

45 44 Question #7 - Answer CORRECT!!! NEXT QUESTION Business Associates are required to report a breach of information privacy or security to the related provider. Business Associates are required to report a breach of information privacy or security to the related provider.

46 45 Question #7 - Answer The correct answer is: TRUE NEXT QUESTION Business Associates are required to report a breach of information privacy or security to the related provider. Business Associates are required to report a breach of information privacy or security to the related provider.

47 46 Question #8 Individuals have the right to request copies of their medical record, request changes to that record, and request a list of disclosures of information from the record? Individuals have the right to request copies of their medical record, request changes to that record, and request a list of disclosures of information from the record? FALSETRUE

48 47 Question #8 - Answer CORRECT!!! NEXT QUESTION Business Associates are required to report a breach of information privacy or security to the related provider. Business Associates are required to report a breach of information privacy or security to the related provider.

49 48 Question #8 - Answer The correct answer is: TRUE NEXT QUESTION Business Associates are required to report a breach of information privacy or security to the related provider. Business Associates are required to report a breach of information privacy or security to the related provider.

50 49 Question #9 HIPAA was enacted to assist in reducing health insurance fraud, realize efficiencies in the health insurance administrative process, and expand consumer rights to their own personal health information? HIPAA was enacted to assist in reducing health insurance fraud, realize efficiencies in the health insurance administrative process, and expand consumer rights to their own personal health information? FALSETRUE

51 50 Question #9 - Answer CORRECT!!! NEXT QUESTION HIPAA was enacted to assist in reducing health insurance fraud, realize efficiencies in the health insurance administrative process, and expand consumer rights to their own personal health information? HIPAA was enacted to assist in reducing health insurance fraud, realize efficiencies in the health insurance administrative process, and expand consumer rights to their own personal health information?

52 51 Question #9 - Answer The correct answer is: TRUE NEXT QUESTION Business Associates are required to report a breach of information privacy or security to the related provider. Business Associates are required to report a breach of information privacy or security to the related provider.

53 52 Question #10 HIPAA applies to all situations involving the discussion or disclosure of personal health information. HIPAA applies to all situations involving the discussion or disclosure of personal health information. TRUEFALSE

54 53 Question #10 - Answer CORRECT!!! NEXT HIPAA applies to protected health information (PHI), which is provided in hard copy or electronic format. HIPAA applies to protected health information (PHI), which is provided in hard copy or electronic format. Common sense and good judgment should be used when discussing personal situations of others. Common sense and good judgment should be used when discussing personal situations of others.

55 54 Question #10 - Answer The correct answer is: FALSE NEXT HIPAA applies to protected health information (PHI), which is provided in hard copy or electronic format. HIPAA applies to protected health information (PHI), which is provided in hard copy or electronic format. Common sense and good judgment should be used when discussing personal situations of others. Common sense and good judgment should be used when discussing personal situations of others.

56 55 Questions… Any questions concerning the presentation or HIPAA services available through the County can be directed to Loretta McClure, Risk Manager & Privacy Officer at or (717) Any questions concerning the presentation or HIPAA services available through the County can be directed to Loretta McClure, Risk Manager & Privacy Officer at or (717) NEXT

57 56 Complete Training To be given credit for this training, be sure to submit your information (using the link below). To be given credit for this training, be sure to submit your information (using the link below). THANK YOU for your participation! COMPLETE


Download ppt "1 ON- LINE TRAINING EVENT HIPAA (Health Insurance Portability & Accountability Act) ENTER."

Similar presentations


Ads by Google