Presentation on theme: "Pasadena Villa Network of Services"— Presentation transcript:
1Pasadena Villa Network of Services Employee HIPAA Training
2HIPAA –Who?We are bound by Federal and State laws that govern the privacy and confidentiality of our residents.They govern how we access, use and disclose Protected Health Information (PHI).Included in this rule are employees, interns, volunteers and any business associates of Pasadena Villa Network of Services.
3HIPAA—Who? We are not alone. The Federal rule covers the following: Health care provider, health planPublic health authorityInsurer (life, health, etc)Schools, universitiesEmployersHealthcare clearinghouse
4HIPAA—What?HIPAA is the federal Health Insurance Portability and Accountability Act of The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
5HIPAA—What?HIPAA protects an individual’s health information and his/her demographic information. This is called “protected health information” or “PHI”. Information meets the definition of PHI if, even without the patient’s name, if you look at certain information and you can tell who the person is then it is PHI. The PHI can relate to past, present or future physical or mental health of the individual. PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, , fax, or verbal communications.
6HIPAA—What?HIPAA provides the framework for the establishment of nationwide security standards and confidentiality of health information.Under HIPAA we must maintain reasonable and appropriate administrative, technical and physical safeguards to ensure the integrity and confidentiality of PHI.
7HIPAA—What?HIPAA defines information as protected health information if it contains the following information about the patient, the patient’s household members, or the patient’s employers:NamesDates relating to a patient , i.e. birthdates, dates of medical treatment, admission and discharge dates, and dates of deathTelephone numbers, addresses (including city, county, or zip code) fax numbers and other contact informationSocial Security numbersMedical records numbersPhotographsFinger and voice printsAny other unique identifying number*Information included in this rule may be written, recorded or oral
8HIPAA—What?The PHI can relate to past, present or future physical or mental health of the individual.PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, , fax, or verbal communications.HIPAA provides the framework for the establishment of nationwide security standards and confidentiality of health information
9State of FloridaFlorida Statute 397 prohibits disclosure or use of patient records (any information that is written or not) unless permitted by the patient or regulation.
10HIPAA—What?Electronic Health Records The Obama Administration wants everyone to have an EHR by Defined as: An electronic record of health-related information on an individual that is created, gathered, managed and consulted by authorized health care clinicians and staff.
11Electronic RecordsElectronic records are more convenient, more efficient and allow us to do more with the data.EHRs increase the ability to access, transmit and copy large volumes of data quickly.EHRs increase the ability to combine data from different sources quickly.
12Electronic RecordsThe risk of harmful transmission of information rises exponentially as the number of people who have access to that information rises.HIPPA criminal convictions to date did not involve the clinical data, but rather the financial and demographic data, used primarily for identity theft.
13HIPAA & YOUIt is your responsibility to curb human nature (curiosity, sharing of information), to be sensitive to the residents information, to respect the resident’s right to privacy and to know our policies and procedures. When we provide our residents with quality services, it includes protecting their confidential information.
14HIPAA & the ResidentHIPAA stipulates the following patient’s right under its privacy rule:Patients have a right to receive a notice of the privacy practices of any health care provider health clearing house, or health plan.Patients have a right to see their PHI and get a copy.Patients have a right to request that changes be made to correct errors in their records or to add information that ha been omitted.Patients have a right to see a list of some of the disclosures that have been made of their PHI.Patients have a right to request that you give special treatment to their PHI.Patients have a right to request confidential communications.Patients have a right to complain.
15HIPAA & the ResidentA health provider can disclose an individual’s PHI without the patient’s authorization if the disclosure deals with treatment, payment, operations, or if the information is mandated by law. Otherwise, for most other uses, the patient will need to authorize the provider to make the disclosure.
16Right to InspectThe Individual Right to Inspect: Residents may request to see or copy their chart and must fill out the appropriate form to do so.In limited cases, we may deny this request in writing (such as legal action being brought on my an individual, psychotherapy notes).Requests and Denials will be handled by the Compliance Manager (so please forward them directly).
17Authorization to Release Information This form will be signed at admission and anytime records are requested.A copy of the request and/or ROI will be loaded into Best NotesAny records sent out will also be documented into Best Notes when release.Documentation creates a Log of PHI
18ROI Requirements Specific information to be released The name and/or other information to identify who information will be sent or receivedAn expiration date (1 year from signature if not specified)A statement about the individual’s right to revoke the authorizationSignature, Witness, & DateStatement about potential for re-disclosureThis form should be completed entirely to be valid
19Request to AmendClients have the right to request an amendment (clarification or challenge) to their medical/clinical file. *Remember psychotherapy notes are not disclosed.However, the remaining parts of their file, group notes, daily progress notes, medication records, demographic information are subject to their review.
20Request to AmendIf the client does not agree with certain documentation in their records, they may request for the entry to amended. The client must put the request in writing (there is a form).Requests and Denials will be handled by the Compliance Manager.
21Log of DisclosureHIPAA states that residents have a right to receive an accounting of certain instances when protected health information about them is disclosed by us.Disclosures are logged into Best Notes by adding the LOG of PHI form to the record.
22Log of DisclosureDisclosures will include the Date, Name of the individual to whom information was sent, a brief description of information sent and reason (Disability Determination, Continuity of Care, etc)Each Disclosure should have an accompanying Release of Information loaded into the chart.Accounting will be sent no later than 60 days from requests.
23Minimum NecessaryHIPAA requires us to make “reasonable efforts” to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.Our employees must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule (HIPAA / 42 CFR).
24HIPAA & SecurityWe must have in place appropriate administrative, technical and physical safeguards to protect the privacy of PHI.Visitor Sign-In sheetsElectronic, password protected client recordsClean Desk protocol: limit paper laying aroundLimited fax use: mailing information is preferredLow tone of voice
25HIPAA & SecurityOur company utilizes an system to assist in the communication of daily operations. This tool has it’s positives and negatives. permits us to communicate effortlessly and at great speed, and to copy and distribute documents as never before. The flip side of these enormous opportunities for more effective communications are equally enormous risks that PHI will be distributed improperly.
26HIPAA & SecurityAll s MUST be sent through your Pasadena Villa accountAll s MUST have a HIPAA signature attached.ROI must be in place to communicate about the resident.Policies & Procedures are found in the Information Management section of the P&P
27Violations/Complaints Knowingly obtains or discloses individually identifiable health information:$50,000 fine and imprisonment for one year.$100,000 fine and imprisonment for five years.
28Violations/Complaints THE BIGGIE!For obtaining or disclosing individually identifiable health information with the intent to sell, transfer or use the information for commercial advantage, personal gain, or malicious harm. (Identify theft)A maximum fine of $250,000 and/or up to TEN YEARS imprisonment.
29Violations/Complaints A resident has the right to submit a complaint if he believes that the health provider has:Improperly used or disclosed their PHIConcerns about their HIPAA Privacy policiesConcerns about the provider’s compliance of its privacy policies.The patient may file the complaint with either of the following:The Privacy Officer: Heather McMahonThe US Department of Health and Human Services, Office of Civil Rights,