Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy & Security EVMS Health Services 2004 Training.

Published byKory Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "HIPAA Privacy & Security EVMS Health Services 2004 Training."— Presentation transcript:

1 HIPAA Privacy & Security EVMS Health Services 2004 Training

2 Privacy & Security Privacy –what should be protected Security –how to protect it

3 Privacy What should be protected? Any health information that can be used to identify the patient

4 Patient Identifiers Name Date of Birth Date of Visit Social Security # Postal Address (even zip) Telephone/Fax # Medical record/Chart # Email Address/URL Account # Photographs

5 Privacy Ways to protect patient information: –Turn computer screens inward –Keep patient schedules covered –Talk quietly – don’t use patient’s name –Shred documents –Verify identity before disclosure –Use security controls

6 Security Is a process not a product Examples of Security Controls –Set automatic log offs after 20 minutes –Use screensavers w/ password features –Virus protection software –Log-on trails

7 Security Weakest link in security is people why? Don’t see it as important Laziness Averse to technology Don’t know controls are there

8 People Controls - management/leadership Don’t assign system passwords until employees have Privacy Training Tell staff how to safeguard work areas Store confidential information on network drive – not hard drive Don’t ever share passwords

9 People Controls Monitor Behavior  Are staff logging off computers?  Are they accessing information not needed for their job?  Is sensitive information removed whenever possible (minimum necessary rule?)  Are fax cover sheets used?  Are recycling bins used?

10 People Controls Monitor Actions  Is the Privacy Notice prominently displayed?  Are new patients being asked to initial/sign the privacy notice acknowledgement?  Are accidental disclosures logged in the patient’s disclosure log?  Are privacy complaints being forwarded to the privacy office?

11 Fax Transmittals - controls Always use a fax cover sheet that lets the recipient know who to contact “just in case” there is a transmission error – If you make a mistake, the “unauthorized” disclosure must be logged in the patient’s medical record.

12 Disclosure Log - in the medical record We are required by law to “log” the following types of disclosures: Public health Social Services Law enforcement Unauthorized (or accidental) disclosures

13 Data bases #1 Risk area Do it right Get patient authorization (even for prospective research) Protect data w/ security controls Limit access Don’t store on portable devices Update data fields

14 EVMS Privacy & Security Manuals It is your responsibility to follow the EVMS HIPAA Privacy & Security Policy & Procedures Each manager is required to review the Privacy & Security procedures with staff Privacy Policy & Procedures: http://hsmail.evms.edu/compliance/compliance web/ http://hsmail.evms.edu/compliance/compliance web/ Security Policy & Procedures: http://info.evms.edu/bfis/postdocs/itac_1/hipaa_ /policies_/bov20030710secu/default.htm

15 Mini Quiz Someone is caught accessing the PHI of a co-worker. How do you handle this situation?  Report person to supervisor/Privacy Office  Tell person that she can get fired, but don’t report to Privacy Office  Find out what person was looking at so you can report it (click mouse for answer) Report person to supervisor/Privacy Office immediately

16 Mini Quiz What are some ways to protect patient information?  Turn computer screens inward  Keep schedules covered up  Talk quietly, without using the patient’s name  All of the above (click mouse for answer) All of the above

17 Mini Quiz You use an electronic device to store/use health information. How do you protect the information?  Log off system when not in use  Store information on password protected network drive  Keep portable devices on you or locked up at all time  All of the above (click mouse for answer) All of the above

18 Mini Quiz The following are patient identifiers: A) Date of birth B) Date of office visit C) Strep throat diagnosis D) A & C E) A & B (click mouse for answer) E) A & B

19 Mini Quiz A patient does not want to be contacted by EVMS for fundraising purposes. What should be done? A) remove patient’s address & telephone # from IDX B) ask patient to complete an opt-out fundraising form & forward to Privacy Office C) call the EVMS Institutional Advancement office for advice (click mouse for answer) Answer is B!

20 Mini Quiz Are you allowed to share passwords?  It is ok to give passwords to nurses, but no one else  IDX passwords can be shared but not electronic medical record passwords  No one is allowed to share passwords – ever (click mouse for answer) No one is allowed to share passwords!

21 Privacy - questions/concerns Contact the Privacy Office:

Download ppt "HIPAA Privacy & Security EVMS Health Services 2004 Training."

Similar presentations

Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
HIPAA Workforce Training

HIPAA Workforce Training
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Your Role in Corporate Compliance and HIPAA Confidentiality

Your Role in Corporate Compliance and HIPAA Confidentiality
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A

Protecting Client Data HIPAA, HITECH and PIPA Part 1A
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

Similar presentations

Ads by Google