Presentation on theme: "Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University."— Presentation transcript:
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University of Florida Privacy Manager Jacksonville Campus
Learning Objectives Learning Objectives HIPAA Training RequirementsPractical Tips for ComplianceBreach Notification
Trust Patients must trust their care givers enough to share personal and often sensitive information needed for care. If trust is broken, the health of the patient suffers first, and the reputation of the institution may follow.
HIPAA Training Orientation and Annual Training are different! You must complete the appropriate online module Electronically sign the Confidentiality Agreement Additional training modules for Shands and VA may be required!
HIPAA Training Complete: General Awareness Training – if you will not be involved in any research OR HIPAA for Researchers – if you will be involved in human subject research. NOTE: If you completed the official training between December 1 and today, you’re good to go – until next January.
Training and Re-training…. Failure to complete the training on time is a Level II HIPAA violation and will result in disciplinary action. Be sure you are included in your college or department’s email list – ◦If so, you will also be on the All-HSC email list.
Privacy Sanctions Sanctions for HIPAA violations are serious: Fines Jail-time UF Sanctions Loss of student privileges, computer access Verbal counseling up to termination Suspension or expulsion Reporting to professional licensing or credentialing boards
New Penalties So, a breach involving PHI for 10 individuals could cost anywhere from $100 to $50,000 per disclosure TiersDescription Minimum per Violation Max per Year (for identical violations) Tier ADid not know $100 - $50,000 $1,500,000 Tier B Reasonable cause – not willful neglect $1,000 - $50,000 $1,500,000 Tier C Willful neglect – corrected w/in 30 days $10,000 - 50,000 $1,500,000 Tier D Willful neglect – uncorrected $50,000$1,500,000
Common HIPAA Violations Unauthorized disclosures: Be aware of your surroundings when discussing patients Use extra caution with privileged information Improper use of portable devices: laptops, PDAs, camera phones, etc. Recording (and sharing) unauthorized pix and videos Failure to use encryption Losing or misplacing equipment Removal of PHI or health records from UF premises.
Practical Tips for Compliance Share PHI only with those who have a professional need to know. Use strong passwords consistent with UF policies. Properly destroy PHI. Do not disable virus protection applications.
Practical Tips for Compliance You are responsible for activity originating from your account. Do not access your own record or that of a family member’s Email PHI when necessary-within the UF domain Encrypt external emails containing PHI-avoid AOL, Yahoo, Gmail.
Breach Notification HITECH Act and Florida law requires covered entities to report breaches to the patient when: – Unencrypted PHI is disclosed – An individual’s SSN is inappropriately disclosed
Examples of a Breach A breach is any unauthorized disclosure: Stolen laptop/tablet Accidental disclosure- sharing PHI with someone over the phone or in person you thought was the patient Emailing/faxing patient information to an unauthorized third party
Reporting a Breach To your supervisor UF Privacy Hotline: (866) 876-4472 Online at firstname.lastname@example.org If you know about a Privacy or Security incident, it is your responsibility to report it!
Primary Take-Aways Only access the PHI you need. Complete HIPAA training Report a breach