Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.

Published byVanessa Shanna Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Group 3 Angela, Rachael, Misty, Kayelee, and Krysta."— Presentation transcript:

1 Group 3 Angela, Rachael, Misty, Kayelee, and Krysta

2 What is a Privacy Notice? The privacy notice is really called (NPP), Notice of Privacy Practices. It is a formal document that explains in simple terms – how, when, and why a patient’s medical record may be disclosed. This document answers a lot of questions regarding PHI and the practice’s guide to handling their patient’s PHI.

3 What is the Impact of HIPAA’s Privacy Rule? Notifying patients about their privacy rights and how their personal health information can be used. Adopting and implementing privacy procedures for the practice. Training employees so that they understand the privacy procedures of the practice. Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed. Securing patient records containing personal identifiable health information so that they are not readily available to those who do not need them.

4 What has to be in the Notice of Privacy Practices? It must contain specific language as required by the U.S. Department of Health and Human Services (HHS), typically displayed at the beginning of the notice. “THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU (NAME OF PRACTICE) MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO YOUR INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.”

5 The Notice Should Contain: A statement that the office is committed to PHI privacy. Should state that the practice has the right to minor changes or reconsider or alter this notice if the privacy practices change. The office must give detailed examples of how PHI may be used in the practice. The practice must inform the patient of your obligations concerning the use and disclosure of his or her PHI.

6 The Notice Should Contain: The practice must inform the patient of his or her right to:  Receive a copy of the Notice of Privacy Practices  Consent to disclosure of his or her health information  Restrict certain uses and disclosures of his or her PHI  Receive confidential communications  Inspect and copy his or her PHI  Make changes to his or her PHI  An accounting of PHI disclosures for other treatment, payment, and health care operations (TPO)  Complain about alleged privacy violations by the practice to the Health and Human Services

7 The Practice’s Responsibilities To make sure that every patient gets a copy of the Notice of Privacy Practice at their first office visit or if you have made any changes to the notice. Must post the notice in the main office The Notice of Privacy must appear on the practice’s Web site and be downloadable ( If the practice has a Web site ) The practice must get written documentation from the patient that he or she received this notice.

8 Healthcare Requirements Healthcare organizations will be required to address the following four areas as defined by the Department of Health and Human Services (DHHS): Administrative procedures — Procedures for establishing and enforcing security policies Physical safeguards — Safeguards that protect physical computer and network facilities Technical security services — Services that protect, control, and monitor access to health care information Technical security mechanisms — Mechanisms for protecting information and restricting access to data transmitted over networks

9 Administration Procedures Data backup plan Disaster recovery plan Emergency mode operation plan Security reminders Protection from malicious software Log-in monitoring Password management

10 Physical Safeguards Locked doors Signs warning of restricted areas Surveillance Cameras Alarms Property control such as tags and engraving on equipment Personnel controls such as identifications badges Private security service or patrol for the facility

11 Technical Security Services Unique user identification Emergency access procedure Automatic logoff Encryption and decryption Password protection

12 Technical Security Mechanisms Routers, Firewall, and Proxy servers Passwords Cryptography, encryption Antivirus software Security management Process Assigned security responsibility Security awareness training

13 HIPAA Enforcement Follow phone protocols- A medical office must have specific guidelines for what information is given over the phone. Certain individuals, like health insurance reps or family members, might have clearance to be told patient information. But other callers should be given only basic information that does not violate HIPAA.

14 HIPAA Enforcement Protect workstations- A computer should always be locked when the person who uses it is away from the desk. This is to prevent unauthorized use. Protect papers- Documents like medical claims and bills should be turned face down when the person who is responsible for them is away from the desk. The files must be kept in secure containers where they can't be read by someone passing by.

15 HIPAA Enforcement Use HIPAA compliant waste baskets and shredders. Some offices have color-coded trash bins, one set for regular trash like apple cores and gum wrappers, and another covered set of bins for documents. The documents that go in the secure bins get shredded every day. The other trash bins get emptied by cleaning people at night. Educate. A well-informed staff will be more adept at following HIPAA regulations, and they'll know why they're doing it. Conversations about the laws are good, and help to get everybody on the same page.

16 Under What Circumstances Can the Practice Use and Disclose Protected Health Information (PHI)? The practice is permitted to use or disclose PHI:  To the individual.  To carry out treatment, payment, and health care operations (TPO).  Without written authorization but with an opportunity to agree or disagree prior to the use or release  When data is de-identified.  When public good permits the use/disclosure.

17 PHI the Practice is Required to disclose: They are REQUIRED to disclose information:  To avoid a serious threat to your health or safety.  Military and Veterans  Public health risks  Lawsuits and Disputes  Law enforcement  Coroners, Medical Examiners, and Funeral directors  National security and Intelligence activities  Protective services for the President

18 http://www.ouwb.ohiou.edu/hipaa/ohic-oucom/textframe.htm http://indianapainsociety.org/index.php/regs/hipaa-physican- offices http://www.hhs.gov

Download ppt "Group 3 Angela, Rachael, Misty, Kayelee, and Krysta."

Similar presentations

Online Course Module 3 Patients Right to Object to Disclosures (Opt Out) START Click to begin…

Online Course Module 3 Patients Right to Object to Disclosures (Opt Out) START Click to begin…
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.

Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Similar presentations

Ads by Google