Presentation on theme: "Pasadena Villa Network of Services Employee HIPAA Training."— Presentation transcript:
Pasadena Villa Network of Services Employee HIPAA Training
HIPAA –Who? We are bound by Federal and State laws that govern the privacy and confidentiality of our residents. They govern how we access, use and disclose Protected Health Information (PHI). Included in this rule are employees, interns, volunteers and any business associates of Pasadena Villa Network of Services.
HIPAA—Who? We are not alone. The Federal rule covers the following: Health care provider, health plan Public health authority Insurer (life, health, etc) Schools, universities Employers Healthcare clearinghouse
HIPAA—What? HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
HIPAA—What? HIPAA protects an individual’s health information and his/her demographic information. This is called “protected health information” or “PHI”. Information meets the definition of PHI if, even without the patient’s name, if you look at certain information and you can tell who the person is then it is PHI. The PHI can relate to past, present or future physical or mental health of the individual. PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, email, fax, or verbal communications.
HIPAA—What? HIPAA provides the framework for the establishment of nationwide security standards and confidentiality of health information. Under HIPAA we must maintain reasonable and appropriate administrative, technical and physical safeguards to ensure the integrity and confidentiality of PHI.
HIPAA—What? HIPAA defines information as protected health information if it contains the following information about the patient, the patient’s household members, or the patient’s employers : Names Dates relating to a patient, i.e. birthdates, dates of medical treatment, admission and discharge dates, and dates of death Telephone numbers, addresses (including city, county, or zip code) fax numbers and other contact information Social Security numbers Medical records numbers Photographs Finger and voice prints Any other unique identifying number *Information included in this rule may be written, recorded or oral
HIPAA—What? The PHI can relate to past, present or future physical or mental health of the individual. PHI describes a disease, diagnosis, procedure, prognosis, or condition of the individual and can exist in any medium – files, voice mail, email, fax, or verbal communications. HIPAA provides the framework for the establishment of nationwide security standards and confidentiality of health information
State of Florida Florida Statute 397 prohibits disclosure or use of patient records (any information that is written or not) unless permitted by the patient or regulation.
HIPAA—What? Electronic Health Records The Obama Administration wants everyone to have an EHR by 2015. Defined as: An electronic record of health- related information on an individual that is created, gathered, managed and consulted by authorized health care clinicians and staff.
Electronic Records Electronic records are more convenient, more efficient and allow us to do more with the data. EHRs increase the ability to access, transmit and copy large volumes of data quickly. EHRs increase the ability to combine data from different sources quickly.
Electronic Records The risk of harmful transmission of information rises exponentially as the number of people who have access to that information rises. HIPPA criminal convictions to date did not involve the clinical data, but rather the financial and demographic data, used primarily for identity theft.
HIPAA & YOU It is your responsibility to curb human nature (curiosity, sharing of information), to be sensitive to the residents information, to respect the resident’s right to privacy and to know our policies and procedures. When we provide our residents with quality services, it includes protecting their confidential information.
HIPAA & the Resident HIPAA stipulates the following patient’s right under its privacy rule: Patients have a right to receive a notice of the privacy practices of any health care provider health clearing house, or health plan. Patients have a right to see their PHI and get a copy. Patients have a right to request that changes be made to correct errors in their records or to add information that ha been omitted. Patients have a right to see a list of some of the disclosures that have been made of their PHI. Patients have a right to request that you give special treatment to their PHI. Patients have a right to request confidential communications. Patients have a right to complain.
HIPAA & the Resident A health provider can disclose an individual’s PHI without the patient’s authorization if the disclosure deals with treatment, payment, operations, or if the information is mandated by law. Otherwise, for most other uses, the patient will need to authorize the provider to make the disclosure.
Right to Inspect The Individual Right to Inspect: Residents may request to see or copy their chart and must fill out the appropriate form to do so. In limited cases, we may deny this request in writing (such as legal action being brought on my an individual, psychotherapy notes). Requests and Denials will be handled by the Compliance Manager (so please forward them directly).
Authorization to Release Information This form will be signed at admission and anytime records are requested. A copy of the request and/or ROI will be loaded into Best Notes Any records sent out will also be documented into Best Notes when release. Documentation creates a Log of PHI
ROI Requirements Specific information to be released The name and/or other information to identify who information will be sent or received An expiration date (1 year from signature if not specified) A statement about the individual’s right to revoke the authorization Signature, Witness, & Date Statement about potential for re-disclosure This form should be completed entirely to be valid
Request to Amend Clients have the right to request an amendment (clarification or challenge) to their medical/clinical file. *Remember psychotherapy notes are not disclosed. However, the remaining parts of their file, group notes, daily progress notes, medication records, demographic information are subject to their review.
Request to Amend If the client does not agree with certain documentation in their records, they may request for the entry to amended. The client must put the request in writing (there is a form). Requests and Denials will be handled by the Compliance Manager.
Log of Disclosure HIPAA states that residents have a right to receive an accounting of certain instances when protected health information about them is disclosed by us. Disclosures are logged into Best Notes by adding the LOG of PHI form to the record.
Log of Disclosure Disclosures will include the Date, Name of the individual to whom information was sent, a brief description of information sent and reason (Disability Determination, Continuity of Care, etc) Each Disclosure should have an accompanying Release of Information loaded into the chart. Accounting will be sent no later than 60 days from requests.
Minimum Necessary HIPAA requires us to make “reasonable efforts” to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. Our employees must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule (HIPAA / 42 CFR).
HIPAA & Security We must have in place appropriate administrative, technical and physical safeguards to protect the privacy of PHI. – Visitor Sign-In sheets – Electronic, password protected client records – Clean Desk protocol: limit paper laying around – Limited fax use: mailing information is preferred – Low tone of voice
HIPAA & Security Our company utilizes an e-mail system to assist in the communication of daily operations. This tool has it’s positives and negatives. E- mail permits us to communicate effortlessly and at great speed, and to copy and distribute documents as never before. The flip side of these enormous opportunities for more effective communications are equally enormous risks that PHI will be distributed improperly.
HIPAA & Security All Emails MUST be sent through your Pasadena Villa account All Emails MUST have a HIPAA signature attached. ROI must be in place to communicate about the resident. Policies & Procedures are found in the Information Management section of the P&P
Violations/Complaints Knowingly obtains or discloses individually identifiable health information: $50,000 fine and imprisonment for one year. $100,000 fine and imprisonment for five years.
Violations/Complaints THE BIGGIE! For obtaining or disclosing individually identifiable health information with the intent to sell, transfer or use the information for commercial advantage, personal gain, or malicious harm. (Identify theft) A maximum fine of $250,000 and/or up to TEN YEARS imprisonment.
Violations/Complaints A resident has the right to submit a complaint if he believes that the health provider has: Improperly used or disclosed their PHI Concerns about their HIPAA Privacy policies Concerns about the provider’s compliance of its privacy policies. The patient may file the complaint with either of the following: The Privacy Officer: Heather McMahon The US Department of Health and Human Services, Office of Civil Rights, www.hhs.gov/ocr/hipaawww.hhs.gov/ocr/hipaa