Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

Slides:



Advertisements
Similar presentations
A Guide to Compliant Data Management
Advertisements

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA
Free HIPAA Training BCI Computers Free HIPAA Training (c) 2014 BCI Computers all rights reserved.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Information Security Awareness:
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Practical Information Management
From HIPAA to HITECH OMH Briefing.
Health Information Technology for Economic and Clinical Health Act (HITECH)
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Privacy and Information Management ICT Guidelines.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
Why Respect Privacy and Confidentiality? Access to Confidential Information (OP ) Protection and Security of Protected Health Information (OP.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Western Asset Protection
Top 10 Series Changes to HIPAA Devon Bernard AOPA Reimbursement Services Coordinator.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.
HIPAA/HITECH TRAINING. Why are we here?  HIPAA  HITECH  PHI  Minimum Necessary “Need to Know”  Breaches and Fines.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
HIPAA Privacy What Every Staff Member Needs to Know.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
HIPAA Privacy and Security
Health Insurance Portability and Accountability Act of 1996
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA THE PRIVACY RULE Reviewed December 2012.
Enforcement, Business Associates and Breach Notification. Oh my!
Liljana Stevceva, M.D., Ph.D.
HIPAA Basic Training for Privacy and Information Security
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Overview.
Presentation transcript:

Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

Final HIPAA Rule On September 23 rd, we must comply with the HITECH Final Rule that modifies HIPAA. It raises the requirements for patient privacy, and increases the penalties for non-compliance. The UNC Health Care System takes this change very seriously and we want our staff members to understand their responsibilities before the new rule takes effect.

UNC Health Care System (UNC HCS) This training is intended for the all of UNC HCS including Rex, UNC Physicians Network, Chatham Hospital, High Point Regional, Caldwell, Pardee, UNC Hospitals, and the UNC School of Medicine/Faculty Physicians. All physicians, contractors, volunteers, or other individuals that use or have access to UNC HCS patient information should also be aware of the changes.

What has changed? The three areas of the Final Rule that all staff members should know are: 1.Some privacy issues that we could address internally under the old rules will now have to be reported to the Department of Health and Human Services (DHHS). 2.If DHHS determines the UNC Health Care System was negligent we could face significant penalties. 3.HIPAA Rules now directly apply to our Business Associates, but we can be held responsible for their actions.

Final Rule According to the Final Rule, most unauthorized uses or disclosures of protected health information (PHI) will likely be considered breaches. It is now more important than ever that each staff member remembers: what is expected of them each day to protect patient information and minimize unauthorized uses and disclosures of PHI and how to report their concerns if they suspect PHI has been disclosed, exposed, or misused in ANY way.

Protect Each of us has a responsibility to PROTECT PHI. – Continue to make the protection of patient information the highest of priorities. – Do not share PHI with anyone who is not authorized to have it. – Do not access PHI unless you have a work-related reason to view it or an authorization form on file signed by the patient granting you permission. – Only access the minimum amount of information necessary to do your job or fill an authorized request. – If you’re not sure call your entity’s Privacy Office before you access or provide PHI to someone else!

Report If you believe or suspect that PHI may have been put at risk you have a responsibility to REPORT those concerns to your entity’s Privacy or Compliance Office immediately. – The new rule shortens the timeframe in which we must investigate and report any findings. – The minute you believe there is a problem, we need to know. – The sooner we know the better chance we have to limit the damage to the individuals involved.

Mobile Devices & Storage Media Do not store PHI on Mobile Devices or External Storage Media unless it is absolutely necessary. If it is necessary then the device MUST be encrypted and password protected where technically feasible. If not technically feasible, then other alternate safeguards such as increased physical security must be applied. Mobile Devices – Laptops – Smart Phones/Tablets – Cameras Storage Media – CD’s/DVD’s – USB Drives – Memory Cards, Disks, etc. Staff members who use mobile devices or storage media take on additional responsibilities to protect the information they place on these devices.

Lost or Stolen Devices If any Mobile Device or Storage Media is lost or stolen you must report it to your entity’s Help Desk, Privacy Office, or Compliance Office immediately. If you use your personal cell phone for work- related reasons it must also be encrypted and if it is lost or stolen you must report it, as well.

Why Protect & Report? We are required by law to report breaches to HHS When we report a breach, we are essentially reporting a violation of the Privacy Rule (HIPAA) If HHS suspects that the breach or violation resulted from “willful neglect,” they will conduct a compliance review We can be fined as much as $50,000 per violation of each provision of HIPAA.

Breach Response Two things can increase the amount of the fines: Willful neglect – This means acting in a manner that shows conscious, intentional failure or reckless indifference towards our obligation to comply with the HIPAA rules Failure to correct the violation quickly – Do not delay reporting to your Privacy Officer any incident that you know or think might be a HIPAA violation!

Unauthorized Uses and Disclosures Here are some types of unauthorized uses and disclosures to be particularly alert to avoiding: Fax sent to the wrong number Patient statements or discharge papers given to the wrong patient Envelopes not sealed Unencrypted mobile devices or storage media Unauthorized patient pictures or information posted on social media websites Accessing patient information that is not job-related Disposing of patient information incorrectly

Your Responsibilities We must act honestly, diligently, and quickly to prevent and address incidents related to PHI. Therefore, your responsibilities are to be diligent in your protection of PHI and if you ever feel PHI has been compromised in any way, contact your entity’s Privacy or Compliance Office and report it immediately.

Business Associates Another area that the Final Rule has strengthened is how our Business Associates must comply with HIPAA Laws. Almost any vendor who has access to our PHI is a business associate, and we can be held responsible if they are not compliant with these laws.

Business Associates If you work with any vendor who has access to our PHI you must verify they have completed the appropriate paperwork with your entity’s Purchasing Department. If you are unsure, ask and verify. Do not sign any documents that a vendor asks you to sign without first reviewing those documents with the Purchasing Department.

Question Under what conditions can I save PHI to a USB flash drive? A.If the flash drive is encrypted. B.If the file is encrypted with an approved encryption product. C.A or B D.None of the above.

Question What is your responsibility to the New Rule? A.Nothing is different B.Protect PHI C.Do not disclose PHI unless an authorization is on file. D.Report any inappropriate use or disclosure of PHI. E.B & D