Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Published byJoy Edwards Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved."— Presentation transcript:

1 1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved

2 2 Team Assignments  Assign security responsibilities to one or more individuals.  Record the names and/or job titles of the people who are responsible for addressing requests to view or amend protected health information.

3 3 Team Assignments  Record the names and/or job titles of the people who are responsible for processing requests for an “accounting of disclosures”.

4 4 Team Assignments  Designate a privacy official who is responsible for development and implementation of privacy policies and procedures.  Designate a contact person responsible for receiving complaints.

5 5  Create an inventory of PHI and note the processes in place for handling it.  Determine how PHI is used.  Determine how PHI is disclosed. Establish Procedures for Handling, Processing and Storing Protected Health Information (PHI)

6 6  Determine the kinds of information to which each staff member should have access.  Update your employee manual to include sanctions for any employees who leave a secure area unlocked, or who fail to follow established privacy and security procedures.

7 7  Prepare a list of all routine and non-routine uses and disclosures.  Establish minimum necessary access policies and procedures for staff. Establish Procedures for Handling, Processing and Storing Protected Health Information (PHI)

8 8 Ensure Adequate Physical Security to Safeguard PHI  Keep track of who has keys to the office itself and to the secure areas inside.  Place door locks on storage rooms where archives are stored.  Develop strategies to handle PHI trash disposal.  Put locks on chart filing cabinets located in public areas.

9 9  Keep computer servers that contain PHI in rooms that are open only to essential personnel.  Position workstations so that the screens are not easily viewable by passersby. Ensure Adequate Physical Security to Safeguard PHI

10 10 Ensure Adequate Physical Security to Safeguard PHI  Develop policies and procedures for backups of data.  Document procedures for bringing hardware and software into and out of the facility.

11 11 Establish Clear Rules to Ensure Client Privacy  Establish personnel clearance procedures.  Establish personnel termination procedures.  Give each employee a written copy of the client privacy rules for your office.

12 12 Establish Clear Rules to Ensure Client Privacy  Make sure each employee understands that they are permitted to use or disclose only the minimum amount of PHI necessary to accomplish the intended purpose.

13 13 Establish Client Amendment Procedures LOCATION OF PHITIME LIMIT PHI that is maintained in the office.Provide approval and access or notice of denial within 30 days of the request. PHI that is maintained outside the office (i.e., a storage facility). Provide approval and access or notice of denial within 60 days. Time Limits in Which You Must Respond to Requests for PHI

14 14 Establish Client Amendment Procedures  Obtain one 30-day extension.  Will only be granted if you give the client written notice explaining the delay, including a date when the request will be completed.

15 15 Establish Client Amendment Procedures  A written record of all client requests for PHI.  Identify two “reviewing individuals” who are licensed health care professionals to help address client appeals.

16 16 Establish Client Amendment Procedures  Establish a process for approvals and denials.  Establish a reasonable fee for copying PHI.

17 17 Establish Client Amendment Procedures  Incorporate HIPAA compliance into your clinical research consent forms.  Keep psychotherapy “process” notes separate from the rest of the medical record.

18 18 Establish a Formal Complaint Procedure  Incorporate complaint procedure into your notice of privacy practices.  Develop a system to keep detailed records of all complaints, and document how and when these complaints were addressed.

19 19 Establish a Formal Complaint Procedure  Make sure that staff understands that they are not allowed to pressure any client to waive their right to file a complaint.  Create a logbook to document all complains.

20 20 Establish a Formal Complaint Procedure  Be certain that no staff intimidate or retaliate against any individual who files a complaint or exercises any other right guaranteed under HIPAA regulations.

21 21 Publish a Notice of Privacy Practices and Adhere To It  Write and publish a notice of privacy practices.  Keep copies of past notices of privacy practices.  Create a written acknowledgement of receipt of the notice of privacy practices.

22 22 Publish a Notice of Privacy Practices and Adhere To It  Obtain authorization for uses and disclosures associated with purposes other than treatment, payment, or health care operations.  Retain all acknowledgement forms and authorization forms.

23 23 Vendor Relationships  Establish a chain of trust agreement with each organization with which you exchange PHI electronically.

24 24 Vendor Relationships  Establish a business associate agreement with any organization that provides a service that involves the use or disclosure of PHI.  Take steps to cure any known breach of the business associate agreement.

25 25 Train the Workforce  Make sure all staff receive privacy and security training.  Develop security awareness in the workforce.  Teach physical security habits.

26 26 Train the Workforce  Ensure that everyone understands policies and procedures.  Use periodic security reminders.

Download ppt "1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Understanding HIPAA Privacy Regulations

Understanding HIPAA Privacy Regulations
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Similar presentations

Ads by Google