HIPAA Online Student Orientation Health Insurance Portability Accountability Act

HIPAA Standards at Presence Health Protect patient rights by giving access to their confidential Health information and control over how this information is used. Protect the physical security of resident and patient, confidential health information.

Who is Included in HIPAA Standards? Everyone! Any one who has the potential to come in contact with confidential health information.

Objectives Review HIPAA Privacy & Security Standards Review what you need to do to maintain these standards.

Privacy and Security Standards Privacy Standards ensure that patients have access and control over how their health information is utilized. These standards deal with patient expectations of how we use that information.

Privacy and Security Standards Security Standards ensure that we keep patient health information, safe and secure. This includes all health information that is stored physically and electronically.

“I cannot tell you what is going on with your loved one due to HIPAA” What HIPAA is Not HIPAA is not a reason to withhold or discuss a patient’s condition with a family member. “I cannot tell you what is going on with your loved one due to HIPAA” What should be done is to verify the identity of the caller or visitor and ask verbal permission to share information with the family member.

Infractions Failure to comply with HIPAA Regulations can subject Presence to severe penalties. Individual Presence employees/students may also face criminal penalties. Wrongful disclosure of information: $50,000 and/or one year in prison. Obtaining information under false pretenses: $100,000 and/or prison for up to five years. Intent to sell: $250,000 and up to ten years in prison.

What happens when patients don’t trust us? HIPAA Privacy Breaches in Confidentiality 1 out of every 5 Americans believe that their health information has been used inappropriately. 1 in 6 Americans report that they have provided inaccurate information to a health provider because they feel it would not be kept confidential. What happens when patients don’t trust us?

Protected Health Information (PHI) Name, address, city, county, zip code, fingerprints, names of relatives, name of employer, date of birth, telephone number, social security number, fax number, photos, medical record or account numbers, and license number. Any information that can be used to identify an individual. Shared in any form, verbal, written, or electronic.

Do I need this information to do my job? Protection of PHI We must take reasonable steps to supply the information that is MINIMALLY necessary to achieve the intended purpose of the disclosure. Access is given on a Need to Know Basis: Do I need this information to do my job?

Vital Behaviors to Protect PHI Only share information on a need to know basis and accessing and disclosing information as specifically required by your duties. When engaging in verbal conversation, keep your voice down, close doors or curtains. Never discuss patient information in elevators or other public places( ex. Cafeteria) Patient’s charts are stored out of public view. Reduce all patient information that could be visible to the general public.

Vital Behaviors to Protect PHI cont. When announcing a patient overhead, use of name is OK, however the patient/resident or family member should be referred to a reception desk or other non-specific location. When leaving information on answering machines limit information to: Name of the facility or physician Time of appointment If necessary to discuss treatment or procedures, leave a call back number

PHI – Access & Control Notice of Privacy Practices It is not the intent of HIPAA to stand in the way of using health information for normal operation: Treatment, Payment or other Health Care Related Operations. This document informs our patients how we use and disclose their protected health information.

Authorization Form HIPAA Standards state that Patients have a right to view or obtain a copy of their medical record. This is done through the Authorization form. The Authorization form also allows patients and residents to consent to the disclosure of their PHI to third parties.

Presence Health Authorization Form One needs to be printed and signed for HIPAA by students for clinical rotations

Sharing is NOT caring Willful or intentional HIPAA violations will result in immediate dismissal and loss of Presence St. Mary’s Hospital as a clinical rotation site for that student

HIPAA Security Standards Not only are we responsible for access, control and confidential handling of patient information, we are also responsible for the physical security of that information.

Presence Health Security Measures Presence Health takes a 3-pronged approach to protect confidential health information: Administrative Safeguards – specific policies and procedures that ensure HIPAA Security is a priority. Physical Safeguards – protective software, firewalls and controls. Technical Safeguards – encryption, password protection.

Workstation Management Workstations are available for authorized use only. Unauthorized activities include: Any activity that violates the privacy of residents, patients or employees. Unauthorized copying, or use, of PHI, Presence Health property, and/or copyrighted material. Activities that violate harassment policies. Circumventing workstation security. Any commercial activity other than expressly permitted.

Workstation Management All devices have password protection You are responsible for your password and must never share it with anyone – for any reason. Password development: Make your password at least 6 characters long. Include numbers and special characters. Use upper and lower case characters.

Workstation Management Logging in and out: Log out to lock your computer every time you leave your workstation. Never leave a computer unattended, logged in under your personal password. Never log in for anyone else. Use CTRL + ALT + Delete to lock your computer.

Workstation Management Virus Control All computers have anti-virus software, HOWEVER, new viruses appear everyday. Never open unexpected documents from unknown sources!

Electronic Applications E-Mail Proper use of e-mail within Presence Health is your professional responsibility. Each and every e-mail you send represents Presence Health. E-Mail Expectations: Do not type in ALL CAPS. Check your email and mailbox in a timely manner Do not forward any joke, “chain letter” or non-business related emails. Never send PHI, without confirming the party received this information. Use the SEND SECURE feature in Outlook.

Electronic Applications Sending PHI Electronically: Before you send PHI, you must get your immediate supervisors approval, approval from the patient and password protect all documents.

Electronic Applications Internet Application: All use of the internet is for business purposes only. Inappropriate use of the Internet includes: Any adult explicit materials Hate speech of any kind. Sites that support criminal skills Audio/Video streaming movies MP3 or other Audio files.

Electronic Applications Faxes: Fax from a machine in a secured area. Include a cover sheet with the confidentiality statement. Double check the phone number: - Before entering on the key pad -After entering on the key pad Pick up documents after sending. Retrieve confirmation sheet after sending. Call and make sure another qualified person is there to retrieve the fax.