Presentation on theme: "Welcome! NAU HIPAA Awareness Training. What is HIPAA? A federal law dealing with the privacy and security of health information HIPAA stands for Health."— Presentation transcript:
Welcome! NAU HIPAA Awareness Training
What is HIPAA? A federal law dealing with the privacy and security of health information HIPAA stands for Health Insurance Portability and Accountability Act of 1996
How HIPAA applies to Health Care Systems: HIPAA applies to all management, employees, volunteers, temporary employees, students, residents, and trainees—the workforce—employed in health care systems NAU is committed to provide students seeking careers in health occupations with HIPAA awareness training Complying with HIPAA is MANDATORY! Federal Privacy Regulations (April 2001)
How HIPAA applies to Health Care Systems cont’d: There are fines and even criminal penalties if we do not take reasonable steps to comply. Every member of an organization has a role to play—even students!
What is Privacy? Privacy refers to your duty to prevent others from seeing or using protected health information (PHI) about patients. Under HIPAA, a facility can only use and disclose PHI for certain permitted purposes. You SHOULD NOT see or obtain PHI unless you need it do your job. You SHOULD NOT disclose PHI to others unless that is part of your job.
How Privacy Works Patients rely on their healthcare providers to keep their information private Because health care systems promise patient privacy, patients are willing to provide the personal details of their health to provide to help them diagnosis and treat them
What is Protected Health Information? Any information about past, present or future physical or mental health healthcare or payment for healthcare that identifies a patient. Example: name, address, date of birth, date of death, date of admission, date of discharge, telephone number, address, social security number, health record number, account number, and facial photographs.
What forms of records are covered? All protected health information (PHI) about patients: Written Video Electronic Oral
What is Security? Security refers to our duty to keep health information secure and available Facility privacy practices prohibit member of the workforce from obtaining PHI unless they need it to do their job Security safeguards limit access to PHI Privacy and security go hand-in-hand
How HIPAA affects a health care facility HIPAA regulates how health care providers use and disclose protected health information Health care providers are committed to complying with HIPAA regulations Health care providers have developed compliance plans
What is a compliance plan? Policy explaining privacy rules Identifies risks, adopts safeguards to protect PHI Classifies all members of the workforce Trains all members of the workforce Establishes Privacy officer Person identifies in a facility as the contact with any questions, concerns, or complaints
What is a compliance plan contd. Mandatory Reporting If you have first-hand knowledge of a breach of privacy policies or improper use or disclosure of protected health information you report to your supervisor and/or the Compliance (Privacy) Officer. Patients are given information on admission on how to report privacy rights violations to the identified Compliance (Privacy) officer within the organization Patients can also file a complaint with the Secretary of the Department of Health and Human Services Persons reporting to Compliance officers are protected from retaliation
Notice of Privacy Practice Notice of Privacy Practices HIPAA privacy standard that requires an individual's right to receive a notice that outlines how medical information is used and disclosed by an organization How to access and obtain copy of their medical records A summary of patient rights under HIPAA How to file a complaint and contact information
Disclosure of Protected Health Information Authority—Patient Every use and disclosure of protected health information must be authorized by the patient or by State or federal laws Examples: Patients can authorize release of information to a third party State laws require reporting of child abuse We cannot assume every use or disclosure is okay Facilities have developed policies and assigned procedures to dealt with this
Sharing of PHI You may share protected health information ONLY if you need it to do your job Nurse to nurse communication related to assigned clients Health staff to physician in charge of patient care Allied health professional (respiratory, therapists, etc) to those in charge of patient care Chart reviewers for in-house projects NEVER access patient information that is not needed in the performance of your job
Incidental Disclosures are a reality Incidental Disclosure An unintended or unavoidable disclosure of protected health information that occurs as part of a permitted disclosure Example: Quality review committee forgets to delete patient name from quarterly hospital infection report Nurse speaking to patient on phone is heard by another person walking by the nurses station Two patients in the same room Must make reasonable safeguards to protect privacy
Safeguards for PHI All covered entities must have in place reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability to prevent unauthorized or inappropriate access, use or disclosure of PHI It’s the law!
Doing your part Only access confidential information (PHI) if you have a need to know to do your job Take reasonable steps to verify the identify of persons to whom you disclose PHI (if someone asks for PHI and you don’t know if they have a right to information, you can ask for identification) Use or disclose PHI only in the performance of one’s responsibilities and duties (you cannot access patient information that is not a component of assigned work duty) Understand the law and the organization’s policy Attend training and education programs Treat patient information the way you would want your personal information treated
Use Technology Wisely ONLY access patient information if you have a need to know it to do your job Protect your password--never share it with anyone Log off the computer when you leave the area Make sure computer screens are not visible to the public Take steps to ensure the privacy of faxed PHI Audit trails-facilities can monitor where you have been and what you have looked at!
Protect Confidential Information Providing patients with quality healthcare includes protecting their information Everyone is required to do their part! Oct 2011 Rev