Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.

Similar presentations


Presentation on theme: "Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit."— Presentation transcript:

1 Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit Medical Center© Reviewed: January, 2009

2 Page 2 of 16 DMC HIPAA Privacy and Security HIPAA RULES Privacy Became law on April 14, 2003 Information regarding patients is confidential. This information is Protected Health Information (PHI) Security Became law on April 21, 2005 Information regarding patients maintained, stored, and transmitted electronically is Electronic Protected Health Information (EPHI) General Rule: Information about our patients should only be used or disclosed as authorized.

3 Page 3 of 16 DMC HIPAA Privacy and Security USING AND DISCLOSING PHI PHI disclosure is permitted for purposes of: Treatment Payment Hospital Operations Use is limited to the “Minimum Necessary” to conduct your job duties Policies exist to guide the disclosure of information (DMC policy 1 HIM 153) Accessing your own information is inappropriate and may result in disciplinary action

4 Page 4 of 16 DMC HIPAA Privacy and Security PROTECTED INFORMATION PHI includes information: On paper In a computer Orally communicated In any other form EPHI includes information: On your computer hard drive On floppy disks, CDs or magnetic tapes Sent via the Internet - - By - Other means

5 Page 5 of 16 DMC HIPAA Privacy and Security Name Street Address, City, County, Zip Code Dates: Birth, Admission, Discharge or Date of Death Numbers: Social Security, Medical Record, FIN, Patient Account, Health Plan Beneficiary Telephone or Fax Numbers Address EXAMPLES OF PHI AND EPHI

6 Page 6 of 16 DMC HIPAA Privacy and Security Privacy Rule DO NOT share passwords or login ID DO NOT write down password where others may access it. Log-off your computer when you will be away a significant period of time “Suspend” when you will be away from your computer for a short period of time Position monitors out of view of the public eye Security Rule Change your password every 90 days Choose passwords that are NOT easily guessed Use password protected screensavers, suspense mode and keyboard locks Place disks or tapes in a secure location Immediately report anyone outside of DMC IS Security asking for your password SECURING PHI

7 Page 7 of 16 DMC HIPAA Privacy and Security Privacy Rule Use caution and respect patients’ privacy when discussing protected health information in public Read and understand the policies and procedures relating to HIPAA Privacy and Security (DMC policy 1 CG 035) When using or disclosing PHI, limit the PHI to the minimum necessary to accomplish the intended use or disclosure SECURING PHI

8 Page 8 of 16 DMC HIPAA Privacy and Security with PHI sent outside the DMC should be encrypted. The steps to encrypt are: - Type SECURE in capital letters in the subject line - will be sent to a secure holding site - The receiver will get a notification with instructions on retrieving the secure Faxes Double check fax number Use cover page which includes your contact information If fax is received by the wrong location, have the fax destroyed or returned to you SENDING PHI AND EPHI

9 Page 9 of 16 DMC HIPAA Privacy and Security DO NOT open any unknown attachments, files or unrecognizable s Report any suspicious activity, such as new software or hardware appearing on your computer to the DMC Help Desk DO NOT install unapproved software/hardware or use unapproved , such as Hotmail, Yahoo, etc. Contact your manager/supervisor or the DMC Help Desk if you believe someone may have logged onto your computer PROTECTING YOUR COMPUTER AND PHI

10 Page 10 of 16 DMC HIPAA Privacy and Security EMERGENCY DOWNTIMES The DMC has a contingency plan to address system access during power failures, disasters, weather hazards, or other situations limiting access to patient data: Know the recovery plan as it relates to your job Know the related policies (available on the DMC Intraweb) Know how to report emergencies Know how the emergency may impact patient care

11 Page 11 of 16 DMC HIPAA Privacy and Security SECURING PHI ON WIRELESS DEVICES The biggest risk to PHI on Personal Digital Assistants (PDA) and laptops is theft. Secure PDA’s and Laptops: Always use password protected screen saver Passwords should be kept secure and confidential Back-up data Consider encrypting PHI Install and use virus protection software Lock devices in a secure location when not in use If device is stolen, an incident report should be filed

12 Page 12 of 16 DMC HIPAA Privacy and Security PENALTIES FOR HIPAA VIOLATIONS Disciplinary action up to and including termination Exclusion from participation in Medicare and Medicaid programs Jail sentences for employees, administrators and physicians: HIPAA Specific – - Up to One Year for misuse of protected health information - Up to Five Years for misuse of PHI under false pretenses - Up to Ten Years for misuse with intent to sell, transfer or use PHI for commercial advantage, personal gain or malicious harm

13 Page 13 of 16 DMC HIPAA Privacy and Security PENALTIES HIPAA violations may result in millions of dollars in fines: $50,000 for misuse of protected health information $100,000 for misuse of PHI under false pretenses $250,000 for misuse with intent to sell, transfer or use PHI for commercial advantage, personal gain or malicious harm

14 Page 14 of 16 DMC HIPAA Privacy and Security HIPAA REPORTING DMC will take disciplinary action for breaches of privacy and information security, up to and including termination: You are required to understand the law, and how it affects your job Even an “accidental” disclosure could have consequences As a condition of employment, employees agree to read and abide by the policies and procedures covering HIPAA Individuals should immediately report any observed or suspected HIPAA breach to - - Your manager/supervisor - Corporate Audit and Compliance Department at: Compliance Hotline at:

15 Page 15 of 16 DMC HIPAA Privacy and Security HIPAA SUMMARY Safeguarding PHI is everyone’s job. If you have questions or concerns about your responsibility in protecting patient health information: - Talk to your supervisor - Send your questions to - - Call Corporate Audit and Compliance Department at:

16 Page 16 of 16 DMC HIPAA Privacy and Security SUMMARY We hope this NetLearning course has been both informative and helpful. Feel free to review this course until you are confident about your knowledge of the material presented. Click any of the following menu selections located on the left side of the screen: Take Test button to complete the requirements for this course My Records button to return to your CBL Courses to Complete list Exit button to close the Student Interface


Download ppt "Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit."

Similar presentations


Ads by Google