National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

Online Course Module 5 Patients Right to Accounting of Disclosures START Click to begin…
Online Course Module 3 Patients Right to Object to Disclosures (Opt Out) START Click to begin…
Online Course Privacy Contacting Patients and Verification START Click to begin…
Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA (health insurance portability and accountability act)
Self Directed Module 3 Patients’ Right to Object to Disclosures (“Opt Out”) START Click to begin… H I P A A T R A I N I N G.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Aged and Disabled Waiver (ADW) Health Insurance Portability and Accountability Act (HIPAA) Training 2015 October 2015.
HIPAA TRIVIA QUEST December Edition. I’ll ask the questions - and you’ll give the answers.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Privacy & Information Security Basics
HIPAA Privacy & Security
Paul T. Smith Davis Wright Tremaine LLP
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Lesson 1  7 Basic Components of an Effective Compliance Plan
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
Presentation transcript:

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule

HIPAA Privacy and Security HIPAA Privacy Rule Final implementation April 14, 2003 Today: Monitor compliance, continue training and improve systems HIPAA Security Rule Final implementation April 21, 2005 Today: Perform risk assessment and develop plan for final implementation

Highlights of Privacy and Security Rule Privacy Rule –New Individual Rights Notice of Privacy Practices Amend PHI Receive Accounting of Disclosures Request a Restriction Confidential Communication File a Complaint –Use and Disclosure of Protected Health Information –Minimum Necessary –Policies, Procedures and Documentation

Highlights of Privacy and Security Rule Security Rule –Administrative safeguards –Physical Safeguards –Technical Safeguards –Organizational Requirements –Policies, Procedures and Documentation

The Value of HIM Professionals Health information management professionals are protecting privacy and work to keep confidential information secure.

Disclosure to Family and Friends Mrs. Jones was seeking treatment in a hospital. Her daughter frequently visits and speaks with physicians and nurses about her care. Can information be disclosed without Mrs. Jones consent?

Disclosure to Family and Friends Yes! The privacy rule allows organizations to disclose confidential information to family and friends who are involved in care without obtaining a consent or authorization. Professionals can use their discretion if the individual is not present or competent to agree.

Directory Information Mrs. Jones grandson heard that his grandmother was in the hospital. He called the hospital operator to find out her condition. Can her condition be disclosed?

Directory Information Yes! Directory information may be disclosed when the individual is asked for by name. You can disclose the location (such as room number) and condition in general terms such as good, fair, serious, or critical.

Minimum Necessary and Security Audit Controls Mrs. Jones neighbor, who is an employee in the facility’s billing office, wanted to know more about her condition. She has been an acquaintance for 20 years. Mrs. Jones son ran into her at work and told the employee she had been admitted. Can the employee obtain more information on Mrs. Jones?

Minimum Necessary and Security Audit Controls No! Not unless she has a need to know to do her job – the minimum necessary standard applies. The security rule requires organizations to have technical safeguards such as access controls and audit controls.

Disclosure To Other Treatment Providers Mrs. Jones physician has requested a consultation with a specialist. He contacts the specialist to discuss the case. The specialist’s office requests records from the facility prior to Mrs. Jones office visit. Can they be disclosed without an authorization?

Disclosure To Other Treatment Providers Yes! Information may be disclosed to another treatment provider without an authorization. The minimum necessary standard does not apply to disclosures for treatment purposes.

Fax and Mrs. Jones’ physician and the specialist discuss the case via . The specialist’s office requests the records to be faxed to assure receipt before the office visit. Is this allowed?

Fax and Yes! Neither the privacy or security rule prohibit use of or fax to transmit protected health information (PHI). The security rule requires a covered entity to put in place appropriate safeguards (administrative, technical, physical) for ePHI that it creates, receives or transmits.

Alternate Communication and Reminders Mrs. Jones would like appointment reminders to be called to her daughter’s house. The specialist’s clinic leaves a message on her daughters voic . Is this allowed?

Alternate Communication and Reminders Yes! Mrs. Jones has many rights under The privacy rule – one is the right to request communication by an alternate means. The privacy rule does not prohibit leaving a message on an answering machine but care should be taken on how much detailed information is disclosed.

Security Controls Mrs. Jones son, who is a lab technician, was visiting his mother and noticed the hospital had an electronic health record system. He recognized the software program, heard it was good and wanted to see how it worked. He sat down at an open PC to look at the program. Should he be able to do this?

Security Controls No! A covered entity must have various security measures in place including: Technical controls on who has access into the computer system Physical security for the workstations Administrative safeguards such as policies and procedures to protect ePHI

Contingency Planning Unfortunately, the hospital had not started planning for the HIPAA security rule and had not assessed its system vulnerabilities. Mrs. Jones’ son crashed the system causing it to be down for 48 hours and lose information entered since the previous back up. Could this have been prevented?

Contingency Planning Yes! The security rule requires HIPAA covered entities to analyze their risks and vulnerabilities. One of the areas that must be addressed is contingency planning – how to restore lost data and operate in an emergency or disaster.

Complaint Investigation Mrs. Jones filed a privacy complaint because her acquaintance (an employee of the hospital) told all of their neighbors why Mrs. Jones was being treated. An ensuing investigation showed through audit controls that the employee accessed Mrs. Jones confidential information. Did the employee (Mrs. Jones’ acquaintance) have a right to do that?

Complaint Investigation No! It was determined that the employee did not have a need to know. Individuals have the right to file a complaint with the covered entity and the Office of Civil Rights. Organizations must document the complaint and resolution and have a process to investigate.

Workforce Training To address Mrs. Jones complaint, the facility agreed to retrain their workforce on privacy and security. The employee was sanctioned in accordance with facility policy. Was this the appropriate way to handle the complaint?

Workforce Training Yes! Both the privacy and security rule require the work force to be trained as appropriate for their job. Both rules also require organizations to have and enforce sanction policies.

Authorization Mrs. Jones’ daughter is assisting her mother in maintaining a personal health record. She asks the HIM department for copies of important documents from her mother’s medical records. Is the hospital allowed to release this information to Mrs. Jones’ daughter?

Authorization Yes, but only after Mrs. Jones signs an authorization allowing disclosure of her medical records to her daughter.

For more information on Privacy and Security visit the following online resources: Healthcare and HIM professionals visit Patients and the Public visit

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.