Presentation is loading. Please wait.

Presentation is loading. Please wait.

2015 User Conference HIPAA and Patient Safety: Why It Matters April 24, 2015 (GEN-AO1) Presented by: Susan J. Kressly, MD, FAAP Medical Director, Office.

Published byBarnard Wade Modified over 9 years ago

Similar presentations

Presentation on theme: "2015 User Conference HIPAA and Patient Safety: Why It Matters April 24, 2015 (GEN-AO1) Presented by: Susan J. Kressly, MD, FAAP Medical Director, Office."— Presentation transcript:

1 2015 User Conference HIPAA and Patient Safety: Why It Matters April 24, 2015 (GEN-AO1) Presented by: Susan J. Kressly, MD, FAAP Medical Director, Office Practicum General Session

2 2015 Office Practicum User Conference Learning Objectives ▪ Understand what HIPAA and Patient Safety have to do with my practice ▪ Identify resources that I can use for my practice ▪ Identify 3 areas where I can improve security and safety for my practice

3 Disclaimer

4 2015 Office Practicum User Conference HIPAA ▪ HIPAA Privacy Rule ▪ HIPAA Security Rule ▪ HIPAA Breach Notification Rule ▪ Patient Safety Rule

5 2015 Office Practicum User Conference Who does this affect? ▪ ALL medical practices ▪ NOT just those who participate in Meaningful Use or Medical Home

6 2015 Office Practicum User Conference HIPAA Privacy Rule ▪ Major goal: HIPAA Privacy is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well beingHIPAA Privacy ▪ Administrative Requirements: a covered entity must develop and implement written privacy policies and procedures that are consistent with the Privacy Rule

7 HIPAA Privacy Rule Let’s take a closer look……

8 2015 Office Practicum User Conference HIPAA Privacy Rule ▪ Establishes national standards ▪ Protect individual’s medical records and other personal health information (PHI) ▪ Applies to health plans, healthcare clearinghouses, health care providers

9 2015 Office Practicum User Conference HIPAA Privacy Mandates Practices ▪ Have in place safeguards to protect the privacy of PHI ▪ Set limits on use and disclosure of PHI without specific patient authorization ▪ Recognize patients have rights over their PHI including: ▪A right to examine and receive a copy of their health record ▪A right to request correction of their health record information

10 2015 Office Practicum User Conference Provider Notice of Privacy Policies ▪ Provide notice no later than the first date of service (except in emergencies) Provide notice ▪ Make a “good faith” effort to obtain written acknowledgement of receipt of the notice & if unable document why ▪ Make the most recent notice (one that reflects any changes in policies) available for individuals to request and take with them

11 2015 Office Practicum User Conference Sample/Model HIPAA Privacy Policies ▪ HHS Sample Policies in English & Spanish HHS Sample Policies in English & Spanish ▪ HIPAA Resources from AAFPAAFP ▪ Kressly Pediatrics HIPAA Policy (feel free to adapt for your practice) Kressly Pediatrics

12 2015 Office Practicum User Conference HIPAA Policy Question 1 Q. Do we have to update our HIPAA policy annually? A. No. A covered entity is required to promptly revise and distribute its notice whenever it makes material changes to any of its privacy practices.No

13 2015 Office Practicum User Conference HIPAA Policy Question 2 Q. Do we have to get annual or periodic signatures from patients/families? A. No. Only to acknowledge the original receipt of the HIPAA policyNo

14 2015 Office Practicum User Conference HIPAA Policy Question 3 Q. Is our practice required to notify patients via mail or email of any changes to our policy? A. No. If you make a change to your policy, you must make the new policy available to your patients, post it in a clear & prominent location in your facility and on your website if you have one.No

15 2015 Office Practicum User Conference HIPAA Privacy Question 1 Q. Can an 18 year old sister pick up forms or a prescription for her younger brother? A. Yes. The practice may share relevant information with the family & other persons if it can reasonably infer, based on professional judgment, that the patient does not object. Yes

16

17 2015 Office Practicum User Conference HIPAA Privacy Question 2 Q. What can I do for other offices/health systems who refuse to send me information without expressed written consent from the patient? A. Consider creating a fax form requesting information with HIPAA references at the bottom

18 2015 Office Practicum User Conference HIPAA Security Rule ▪ Goal: The Security Standards for the Protection of Electronic Protected Health Information establish a national set of security standards for protecting certain health information that is held or transferred in electronic formSecurity Standards ▪ Administrative Requirements: a covered entity must adopt reasonable & appropriate policies and procedures to comply with the provisions of the Security Rule

19 2015 Office Practicum User Conference HIPAA Security Resources ▪ Information Security Policy Template ▪ Security Audit Template Tool for Small Practices Security Audit Template Tool for Small Practices ▪ Cybersecurity Best Practice Checklist Cybersecurity Best Practice Checklist ▪ Regional Extension Center Resources ▪ State Medical Society Resources

20

21 2015 Office Practicum User Conference HIPAA Security Question 1 Q. Must our practice certify our compliance with the standards of the Security Rule? A. No. There is no standard or certification requirements. An organization can decide on whether to use external third parties to perform security assessments but that does not absolve practices from meeting their legal requirements.No

22 2015 Office Practicum User Conference HIPAA Security Question 2 Q. Once we have completed a security risk assessment, are we finished? A. No. Compliance is not a one-time goal but an ongoing process. In general, this includes performing a risk analysis; implementing reasonable and appropriate security measures; and documenting and maintaining policies, procedures and other required documentation.No.

23 2015 Office Practicum User Conference HIPAA Security Question 3 Q. Does security only take into consideration our computer access to our EHR? A. No. Practices should examine physical security safeguards such as unlocked back doors, policies regarding access for terminated employees, visible access to large monitors in a high patient traffic area, etc.

24 2015 Office Practicum User Conference HIPAA Breach Notification Rule ▪ The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates (BA) to provide notification following a breach of unsecured protected health information ▪ Requirements: following a breach of unsecured protected health information, covered entities must provide notification of the breach to affected individuals, the Secretary, & in certain circumstances, to the media

25 2015 Office Practicum User Conference Breach Notification Requirements ▪ Individual Notification ▪Must occur within 60 days of discovery of breach ▪Must occur via first class mail unless prior agreement that patient agrees to email notification ▪ If >500 patients involved in a state/jurisdiction, required to provide notice to prominent media outlets serving the area

26 2015 Office Practicum User Conference HIPAA Breach Question 1 Q. Do I have to report all accidental discovery of any HPI to the HHS secretary? A. No. However, any impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:No

27 2015 Office Practicum User Conference Factors to Consider in Defining “Breach” ▪ The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re- identification ▪ The unauthorized person who used the protected health information or to whom the disclosure was made ▪ Whether the protected health information was actually acquired or viewed ▪ The extent to which the risk to the protected health information has been mitigated.

28 2015 Office Practicum User Conference HIPAA Breach Question 2 Q. If there were only 3 patients affected in a HIPAA breach in my office, do I still have to report this somewhere? A. Yes. All breaches are to be submitted to the Secretary of HHS. Can be done annually for breaches affecting < 500 patients or at the time of occurrence (reporting tool on HHS website)submitted to the Secretary

29 2015 Office Practicum User Conference Patient Safety Rule ▪ The Patient Safety and Quality Improvement Act (PSQIA) establishes a voluntary reporting system designed to enhance the data available to assess and resolve patient safety and health care quality issues The Patient Safety and Quality Improvement Act ▪ To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information to Patient Safety Organizations (PSOs)

30 2015 Office Practicum User Conference HIPAA Enforcement ▪ Enforcement has been transferred to the Office for Civil Rights Enforcement ▪ Enforces Privacy & Security Rules’ in several ways ▪by investigating complaints filed with it ▪conducting compliance reviews to determine if covered entities are in compliance ▪performing education and outreach to foster compliance with the Rules' requirements

31 HIPAA Should You Fear the HIPAA Police?

32 2015 Office Practicum User Conference No Fear Needed ▪ HIPAA is not meant to be punitive ▪ Most investigations lead to continued improvementinvestigations ▪ Make HIPAA a Continuous Improvement Project in your practice ▪ Work to identify gaps and then address them ▪ Good Overview/Additional Information available at multiple places including Medical EconomicsMedical Economics

33 2015 Office Practicum User Conference Best Practices ▪ Have a designated HIPAA Privacy & Security Officer with alternate (in case of vacation) ▪ Commit to ongoing HIPAA education for your office ▪ Maintain a folder of policies, procedures, business associate agreements, potential breach reporting templates, breach notification templates, etc. ▪ Review annually and discuss whether updates necessary

34

35 2015 Office Practicum User Conference Questions ?

36 2015 Office Practicum User Conference We want your feedback!

Download ppt "2015 User Conference HIPAA and Patient Safety: Why It Matters April 24, 2015 (GEN-AO1) Presented by: Susan J. Kressly, MD, FAAP Medical Director, Office."

Similar presentations

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Similar presentations

Ads by Google