Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy and security checklist Can you say YES to each of the following statements.

Published byArchibald Giles Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "HIPAA Privacy and security checklist Can you say YES to each of the following statements."— Presentation transcript:

1 HIPAA Privacy and security checklist Can you say YES to each of the following statements

2 HIPAA MYTHS  MYTH: HIPAA is a Technology issue  FALSE: HIPAA is a business issue. HIPAA will have significant impact on the whole organization, including healthcare providers, clerks, admitting staff, billing staff, etc.  To imply that it is a technology issue ignores the main reason behind the accountability aspect of HIPAA, to protect patient’s identifiable information against fraud, abuse, and unwanted disclosure.

3 HIPAA MYTHS  MYTH: Patient’s are entitled to free copies of their records  Not completely. Patient’s are able to view and obtain copies of their records, but the law specifically allows healthcare providers to impose a reasonable, cost-based fee for certain services, provided that the fee includes only the cost of: (1) Copying, including the cost of supplies for and labor of copying (2) Postage, when the patient request that the information be mailed (3) Preparation and explanation or summary of the protected health information.

4 HIPAA MYTHS  HIPAA will eliminate the use of sign-in sheets in Physician’s offices.  FALSE: The original intent of the low was NOT to eliminate sign-in sheets, but to protect the privacy of patients. You can still use sign-in sheets, but the information provided on the sign-in sheets must be limited to name, date, and time signing-in or signing-out.

5 HIPAA MYTHS  MYTH: Patient’s must sign a new consent for each office visit.  FALSE: Signed consent forms do NOT expire. A healthcare provider must retain the signed consent for at least 6 years from the date it was last in effect. A new consent is required if the patient previously revoked his/her consent. The revocation should be in writing.

6 HIPAA MYTHS  MYTH: HIPAA will prohibit the use of FAXES containing protected health information.  FALSE: You can still fax protected health information, but be sure that a fax/email disclaimer precedes all of your faxes.

7 HIPAA MYTHS  MYTH: Health care providers would have to keep track of everyone who received medical information from them.  FALSE: Healthcare providers will only be required to track the sharing of health information with someone outside of an organization.

8 HIPAA  What do I do if my files are hanging on the wall where people can see them?  1. Turn the file around  2. Purchase covers for the wall holders  3. Keep wall holders inside the room  4. Place stickers on the front of the files that say “confidential”.

9 HIPAA  What if I have open-shelved filing?  1. Make sure that the area is secure at all times. Do not allow anyone other than authorized personnel in the area, if possible.  2. Place stickers on the shelves that say “confidential”.  3. As you work with your files on a daily basis, check for either a confidential stamp or sticker. If absent, mark it confidential as you go. Do not go back to past files, make “stickering” them confidential as a part of your daily routine.

10 HIPAA  QUICK TIPS  1. Never walk away from an open file drawer. Lock after each use.  2. Keep all files away from easy view. Do not keep files laying around with visible PHI.  3. Mark all filing cabinets, files, etc. “confidential”.

11 HIPAA  QUICK TIPS  Phone messages on patient’s answering machines. HIPAA is concerned with protecting your patient’s privacy. One of the easiest ways to violate a patient’s privacy is by exposing PHI on answering machines.

12 HIPAA  QUICK TIPS  WHAT ARE THE RISKS?  1. The risk is that a family member, friend, or other could overhear or receive the message.  2. The risk that the message could be left at the wrong number is also very crucial.  3. The receiver might hear information that the patient does not want to be exposed.

13 HIPAA  QUICK TIPS  INFORMATION TO AVOID  1. Laboratory and test results  2. Any information that links the patient’s name to the medical condition.  3. The type of clinic or specialist the patient is seeing.  4. Personal information (ex: HIV, psychotherapy, substance abuse, pregnancy, etc.)

14 HIPAA  QUICK TIPS  1. Reminders of appointments are OK.  2. Train your employees on a set policy  3. Ask the patient if they would prefer a separate phone line(cell phone, etc.) for follow-up calls. Get it in writing  4. Always use good judgment on the type of messages that you leave.

15 HOW AND WHEN TO EXECUTE HIPAA AUDITS AND TRAINING SIMPLE GUIDELINES

16 AUDITS AND TRAINING  1. Complete an audit at least twice a year. Pull at least five files for your audits.  2. Follow the easy questions on your audit sheet, under the “audit” label in your manual, and compare to the file you are working with.  3. Assign a responsible employee to complete this task. It does not have to be a member of your compliance committee.  4. When finished, document your audit by filing it in your HIPAA Compliance Plan and Manual

17 AUDITS AND TRAINING  5. Complete audits at least every quarter  6. Your training sessions should be held at least twice a year. Please have every employee sign an employee compliance training log for these training sessions and place it in the signed training section of your HIPAA Compliance Plan and Manual.  REMEMBER, YOUR HIPAA MANUAL IS INSUFFICIENT IF YOU DO NOT CONTINOUSLY UPDATE, TRAIN, AND AUDIT.  IT IS UP TO YOU TO STAY IN COMPLIANCE WITH HIPAA.

18 HIPAA  1. Except for the patient’s name, confidential patient information is not called out into the waiting room  2. Release of confidential patient information is done ONLY by staff specifically authorized to do so.  3.  Confidential patient information is not left on an unattended printer, photocopier, or fax machine unless these devices are in a secure area. Physical access to fax machines and printers is limited to authorized staff.  4. Staff does not discuss confidential patient information among themselves in public areas.

19 HIPAA  5. Conversations with the patient/family regarding confidential patient information are not held in public areas.  6. Overhead and intercom announcements do not include confidential patient information.  7. Phone conversations and dictation are in areas where confidential patient information cannot be overheard.  8. Computer monitors are positioned away from public view, to avoid observation by visitors.  9. Confidential patient information is discarded in the appropriate secure container or shredded.

20 HIPAA  10. Screens of unattended computers are returned to the logon screen or have a password enabled screen saver. Staff understands their ID and password are confidential and never shares them, or the use of their workstation while logged in.  11. On desks in public areas, chart holders or nurse’s stations, documents with confidential patient information are face down or concealed, avoiding observation by patient’s or visitors.  12. Paper records and medical charts are stored or filed in such a way as to avoid observation by patient’s or visitors, or casual access by unauthorized staff.

21 HIPAA  13. Answering machines volume is turned down so information being left cannot be overheard by other staff or visitors. Voice mail passwords are not the default settings, or the last four digits of your phone number.  14. Patient lists, including scheduled procedures, with information beyond room assignments are not readily visible by patients or visitors.  15. Staff feel comfortable, and obligated, to report misuse of confidential patient information to their supervisor, knowing there will be no retaliation.  16. All supervisors regularly review institutional policies that are applicable for their work assignments with their staff, to insure that current practices and procedures protect patient privacy.

22 HIPAA  17. Only authorized staff has access to confidential patient information, and they access and use only the minimum amount necessary to accomplish their duties. All staff wear the appropriate nametag at all times.  18. For units that are not staffed 24 hours, patient records are filed in locking storage cabinets or rooms that are locked.  19. Visitors and patients are appropriately escorted to ensure they do not access staff areas, dictating rooms, chart storage, etc. Those persons not recognized in restricted areas, are challenged for identification.

Download ppt "HIPAA Privacy and security checklist Can you say YES to each of the following statements."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
CONFIDENTIALITY / PRIVACY. Federal Laws Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….

CONFIDENTIALITY / PRIVACY. Federal Laws Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
Online Course Privacy Contacting Patients and Verification START Click to begin…

Online Course Privacy Contacting Patients and Verification START Click to begin…
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.

WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
System Security & Patient Confidentiality General Lesson 1.

System Security & Patient Confidentiality General Lesson 1.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.

HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
 Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….

 Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.

HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.

Similar presentations

Ads by Google