Presentation on theme: "Property of WCDHHS1 WAUKESHA COUNTY DEPARTMENT OF HEALTH AND HUMAN SERVICES HIPAA VOLUNTEER H1N1 CLINIC TRAINING 2009 NOTE: To move from slide to slide."— Presentation transcript:
Property of WCDHHS1 WAUKESHA COUNTY DEPARTMENT OF HEALTH AND HUMAN SERVICES HIPAA VOLUNTEER H1N1 CLINIC TRAINING 2009 NOTE: To move from slide to slide use the Page Up or Page Down buttons on your keyboard
Property of WCDHHS2 What is HIPAA? HIPAA stands for Health Insurance Portability and Accountability Act Originally it focused on ensuring the portability of health insurance for individuals and improving fraud and abuse protections – passed in 1996. Provides the framework for the establishment of a nationwide protection of the confidentiality of health information, security standards and standards and requirements for the electronic transmission of health information.
Property of WCDHHS3 What is HIPAA? A federal act (law) that sets provisions for use of patient information by health care agencies. Federal Regulation 45 CFR Parts 160,162 and 164 Gives individuals more control and access to their medical information. A law that protects individually identifiable medical information from threats of loss or disclosure. Simplify the administration of health insurance claims and lower costs. Mandates the standardization of electronic data exchange. Waukesha County Department of Health and Human Services is governed by this law.
Property of WCDHHS4 Why is Privacy and Security training important? It outlines your role as a volunteer in keeping patient information confidential and secure. It outlines ways to prevent accidental and intentional misuse of protect health information (PHI). To make protected health information secure with minimum impact to staff and business processes. Its not just about HIPAA – it about our organization doing the right thing for our clients/patients! We are required to do it.
Property of WCDHHS5 Why is Privacy and Security training important? We should treat personal electronic data with the same care and respect as weapons- grade plutonium -- it is dangerous, long-lasting and once it has leaked there's no getting it back. -- Corey Doctorow
Property of WCDHHS6 HIPAA has three parts: ELECTRONIC DATA EXCHANGE SECURITY PRIVACY Each part has separate regulations to comply with and HIPAA mandates accountability from us.
Property of WCDHHS7 What is Protected Health Information (PHI)? PHI is individually identifiable health information relating to information: That reveals the physical or mental state of a person’s health. About the payment for the health care services of an individual. That identifies with reasonable accuracy and speed the identity of a patient. Information can be in the form of written, oral, email or other computer generated health information that reveals the identity of the person.
Property of WCDHHS8 Who or what protects PHI? 1. The Federal Government through the laws of HIPAA. There are civil and criminal penalties associated with failure to follow the federal laws. The national news media reports patient information breaches to the public the penalties imposed on health care organizations and their staff. 2. Waukesha County through a. Our established HIPAA policies and procedures b. Training sessions b. The distribution of the Notice of Privacy Practices (NPP) to our patients/clients. 3. You, by following our policies and procedures and the information presented in this training.
Property of WCDHHS9 To maintain Confidentiality- we need both Privacy and Security
Property of WCDHHS11 What is the HIPAA Privacy Rule? The Privacy Regulations went into effect April 14, 2003 Privacy refers to the protection of an individual’s health care data/information. Defines how patient information is used and disclosed.
Property of WCDHHS12 Why is the Privacy Rule Important? Gives individuals rights to control the use and disclosure of their PHI. Puts boundaries on the use of health care information. Sets procedures for maintaining past, present and future patient records. Sets procedures for the sharing and maintaining written, electronic and verbal patient information.
Property of WCDHHS13 Names Medical Record Numbers Social Security Numbers Account Numbers License/Certification numbers Vehicle Identifiers/Serial numbers/License plate numbers Internet protocol addresses Health plan numbers Full face photographic images and any comparable images Web universal resource locaters (URLs) Any dates related to any individual (date of birth) Telephone numbers Fax numbers Email addresses Biometric identifiers including finger and voice prints Any other unique identifying number, characteristic or code What are examples of written PHI that must be protected?
Property of WCDHHS14 What are examples of verbal PHI that must be protected? One patient hearing personal information about the person ahead of them in line. Any medical information that a patient/client would share with you while you are working. Talking about a patient in areas that can be overhead by others, especially the public. Telephone calls where the public can overhear conversations where PHI is discussed. If you speak loud close your door.
Property of WCDHHS15 How do you know what PHI you can access? Ask yourself “Do I need this information to do my volunteer job?” This is the first check. If you don’t need it to do your volunteer job, you shouldn’t be using it.
Property of WCDHHS16 What is Misuse of protected health information? U n a u t h o r i z e d : Access to………. Using….. Taking……….. Possession of…….. Release of ……. Edit of …….. Destruction of…… PHI Without Authorization.
Property of WCDHHS17 What is TPO? HIPAA allows the Use and/or Disclosure of PHI without an authorization for the purpose of: Treatment – the provision of health care Payment – the provision of benefits & premium payment Operations – normal business activities (reporting, data collection & eligibility checks, etc.) These terms are collectively referred to as TPO. PHI released outside of TPO is not allowed except under an authorization or required by law! Minimum necessary applies when releasing information under TPO and only that necessary to perform your job!
Property of WCDHHS18 Notice of Privacy Practices Informs patients of their rights. Describes our plan to protect the patient’s information under the law. Informs patients about how WCDHHS will use or disclose their health information. Explains how a patient can: Access/amend/change/restrict or obtain copies of their health information. File a complaint. Request a list of disclosures. Receive confidential communications. Notice of Privacy Practices Waukesha County is REQUIRED to issue a written Notice of Privacy Practices to patients.
Property of WCDHHS20 What is the HIPAA Security Rule? The Security regulations went into effect April 21,2005. Security means controlling: how patient data is stored. how patient data is accessed.
Property of WCDHHS21 Why is Security important? Security outlines ways how we can prevent accidental and intentional misuse of protected information.
Property of WCDHHS22 What is the HIPAA Security Rule? The security policies requires that we: Know our policies, standards and procedures. Apply physical and technical safeguards.
Property of WCDHHS23 System Security How do we protect our computer systems and our patients’ information in them? Read on to explore this…
Property of WCDHHS24 How to apply the Security Rule? ADMINISTRATIVE SAFEGUARDS - Our policies and procedures tell us what we need to do to maintain security. TECHNICAL SAFEGUARDS – Many technical devices are needed to maintain security. These include computer passwords, screen savers, devices to scan ID badges and safe disposal of paper with patient information on it. PHYSICAL SAFEGUARDS– Many physical barriers and devices are needed to maintain security. These include locks on doors, identifying visitors, storing records in file cabinets that protect our property and the health information that we store. PERSONNEL SAFEGUARDS – Policies and procedures that manage the assignment of access authority to staff. Includes such things as who has access to what computer systems, access based on a person’s role in the organization and what systems they need to do their job and effective training to include HIPAA.
Property of WCDHHS25 Facility Security How can I help protect our facilities? (Applies if you work in one of the buildings) Wear your ID Badge at all times (it helps identify you as a WCDHHS volunteer). Only let authorized personnel through “authorized personnel entrances. If you notice that someone has gained access, report it to your supervisor. Report any security concern or suspicious behavior to Supervisory Staff.
Property of WCDHHS26 What are considered Restricted Areas? Restricted areas are those areas within our facilities where PHI and/or organizationally sensitive information is stored or utilized. Examples include: Area where nurses are giving shots. Area where medical supplies and equipment are stored. Area that contains the refrigerators that stores the vaccinations.
Property of WCDHHS28 What is Electronic Data Exchange? The rules that govern the format of the electronic transfer of information between providers and payers to carry out financial or administrative activities related to health care. Information includes coding, billing and insurance verification.
Property of WCDHHS29 HIPAA PRIVACY AND SECURITY VIOLATION EXAMPLES
Property of WCDHHS30 Access Violation – Access of PHI by a Coworker A volunteer asked an employee friend who had a computer look up to see if they had any records in our computer systems. Is this against Waukesha County’s policies?
Property of WCDHHS31 Access Violation Yes. It is inappropriate to ask your coworkers or other employees to do this if it is not part of their regular assigned job responsibilities.
Property of WCDHHS32 Talking with Friends About Work You had a negative encounter with a patient at the clinic or overhead a negative encounter and really need to vent to a friend or spouse after work. What can you discuss? Working in health care isn’t easy and patient confidentiality MUST be maintained at all times – at work, during non-work hours and even after your assignment ends with Waukesha County. Here are some helpful tips………….
Property of WCDHHS33 Talking with Friends About Work Do not share with family, friends, or anyone else a patient’s name, or any other information that may identify him/her, for instance: It would not be a good idea to tell anyone that a patient came in to have their flu shot. Why? Because this person may not want you to do that. Do not inform anyone that you know a famous person, or their family member, was seen at our organization. You cannot swear your family, friends or anyone else to secrecy that they not tell your story to anyone else.
Property of WCDHHS34 Safeguards to Protect Information
Property of WCDHHS35 1. Be knowledgeable about HIPAA This training will provide you with a basic understanding of HIPAA. Waukesha County is placing trust in you to follow the policies. Choosing not to follow these rules Could put you at risk. Could put our organization - Waukesha County- at risk.
Property of WCDHHS36 2. Think before you share/disclose patient information in public areas. Discussions should occur in private areas. Remember- you can be overheard anywhere.
Property of WCDHHS37 2. Think before you share information- Releasing information Share patient information only with authorized individuals. In most cases, a written authorization is required for patient information to be released. Check with a Supervisor if you should have a question.
Property of WCDHHS38 3. Protect access to information If you DO NOT need certain information to do your job….. DON’T ASK DON’T READ IT DON’T BE NOSEY
Property of WCDHHS39 4. Keep information out of site from the public. Ensure that paperwork with patient information (completed clinic forms) are placed in designated areas. Cover clipboards Never leave paper with PHI unattended. Carry paperwork so others cannot see any patient names. Transportation of patient information must be done in locked designed Waukesha County containers.
Property of WCDHHS40 5.Properly destroy patient information Any paper with confidential patient information on it that is to be destroyed shall be placed in the designed County shredding containers or shredded on site. This paper CANNOT go into the regular trash. Ask an employee for assistance if you are unsure where the containers are located.
Property of WCDHHS41 How and whom do you report a concern to ? It is your duty to report any concerns, any suspicious activity you have about privacy and security. Tell a supervisor right away.
Property of WCDHHS42 To receive credit for the HIPAA training, complete the following forms and send or give to Colleen Martin The Training Acknowledgment Form Read it. Complete test and record test answers on this form. Sign it. The Confidentiality/Non-Disclosure Statement Read it. Sign it. Note there are two other forms that need to be completed and returned as well. Permission to Perform A Background Check Background Information Disclosure
Property of WCDHHS43 Thank you for your participation H and I n-Hand P rotecting A ltogether A ll patientinformation