SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

Slides:



Advertisements
Similar presentations
Protect Our Students Protect Ourselves
Advertisements

HIPAA Health Insurance Portability and Accountability Act of 1996
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Training: Health Insurance Portability and Accountability Act.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability & Accountability Act.
HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
HIPAA Training. What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in It provides the ability to transfer.
HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Critical Data Management Indiana University HR Summit April 24, 2014.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
V OLUNTEER P RIVACY AND INFORMATION SECURITY T RAINING VA San Diego Healthcare System.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Protecting Sensitive Information PA Turnpike Commission.
HIPAA PRIVACY AND SECURITY AWARENESS.
ESCCO Data Security Training David Dixon September 2014.
UNIVERSITY OF ALABAMA V HIPAA Privacy and Security Training For Employees Compliance is Everyone’s Job 1 INTERNAL USE ONLY Abbreviated Training.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Privacy and Information Management ICT Guidelines.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Mrs. Marion Kreisel MSN, RN Adult Nursing 130.  A medical student took home copies of patients' psychiatric records to work on a research project. When.
Why Respect Privacy and Confidentiality? Access to Confidential Information (OP ) Protection and Security of Protected Health Information (OP.
HIPAA Pre-Clerkship Review Dr. Maryann Skrabal, Pharm.D., CDE.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.
Aged and Disabled Waiver (ADW) Health Insurance Portability and Accountability Act (HIPAA) Training 2015 October 2015.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Privacy What Every Staff Member Needs to Know.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
Protect Our Students Protect Ourselves
HIPAA Privacy and Security
Protecting PHI & PII 12/30/2017 6:45 AM
WHAT IS HIPAA AND HOW TO COMPLY WITH IT?
HIPAA Privacy & Security
Top 10 HIPAA Do’s and Don’ts
And the finer details of patient privacy
HIPAA Online Student Orientation
WHAT IS HIPAA AND HOW TO COMPLY WITH IT?
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Overview.
The Health Insurance Portability and Accountability Act
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Handling Information Securely
Presentation transcript:

SAFEGUARDING DHS CLIENT DATA PART 2

SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure in computer systems and other work areas; Limit accidental disclosures (such as client information being discussed in hallways); Include practices such as document shredding, locking doors, locking file storage areas, and use of password and codes for access DHS IT Security & Privacy Training 2

SAFEGUARDING PHI: DISCUSSING PHI You never know who may be listening when you are discussing a client. The client or coworker could be the client’s neighbor, best friend, snoopy coworker, etc… Remember to talk quietly. When possible, discuss PHI privately, such as behind a closed door. Avoid having discussions in client waiting rooms, elevators, cafeterias, etc DHS IT Security & Privacy Training 3

SAFEGUARDING: TALKING WITH FRIENDS ABOUT WORK Do not share with family, friends, or anyone else a client’s name or any other information that may identify him/her, for example: It would not be a good idea to tell your friend that someone you know came into the office to apply for Food Stamp benefits and Medicaid benefits. Do not inform anyone that you know that someone who is receiving aid, or their family members, were seen at DHS DHS IT Security & Privacy Training 4

SAFEGUARDING PHI: MEDIA What if your organization is contacted by the media? Should you release PHI to them? What if you are contacted by an individual who is offering to pay you money for PHI? Should you release it? 2014 DHS IT Security & Privacy Training 5

THE ANSWER TO BOTH IS NO!!! You may not release PHI under either of these circumstances. Both can be grounds for disciplinary action and criminal or civil monetary penalties DHS IT Security & Privacy Training 6

SAFEGUARDING PHI CONTINUED… What if you need to transport paper records which contain PHI to another department. Is it ok for you to do this? Yes, you can transport documents to another department, but here are some helpful tips: Carry them in a designated box, folder, or container. Ensure that there are no names visible. Remember: never leave PHI unattended. This means don’t leave it in your car or out in an open area where it may be viewed or taken DHS IT Security & Privacy Training 7

EXAMPLE SCENARIO You work with client records on a daily basis and receive a phone call from a client stating that she received another client’s application for Medicaid. The application has the person’s name, date of birth, home address, and SSN included in the form. Do you have to report this? 2014 DHS IT Security & Privacy Training 8

YES!! This should be reported immediately. A notice may have to be sent to the individual whose information has been compromised DHS IT Security & Privacy Training 9

SAFEGUARDING: FAXING DHS CLIENT DATA Fax sensitive information only when mail delivery is not fast enough to meet client needs. Ensure information is sent to the correct fax number by confirming that the number is the correct number and calling ahead to make sure someone will be there to receive the information. For more information on faxing sensitive information refer to DHS Policy DHS IT Security & Privacy Training 10

EXAMPL E SCENARIO You pass by the fax machine in your area and notice that several pages containing medical diagnosis codes and the name of the client have been left next to the fax machine. The date on the fax indicates it is has been there for days. What should you do? 2014 DHS IT Security & Privacy Training 11

REPORT IT! Be sure to give the documents to your supervisor and make sure the incident is reported immediately to the Security and Privacy tab on DHS Share: This will begin an investigation to determine how and why this record was subject to improper handling DHS IT Security & Privacy Training 12

SAFEGUARDING: When sending an , try not to include PHI or Sensitive Information such as Social Security Numbers unless you have to. Remember to avoid putting sensitive information in the subject line. For example, if you receive an from another party and the date of birth, SSN and the name of the client is in the subject line, delete it from the subject line. Encrypt your outside the arkansas.gov network by putting “sensitive” in the subject line. For more information, please refer to DHS Policy ing and Facsimile Use DHS IT Security & Privacy Training 13

EXAMPLE You have been swamped at work all day and the work day is about to end. You decide that you will forward your work to your personal address and just pick up where you left off at home. The information in the contains client sensitive data which includes SSN’s, dates of births, and names and addresses of the clients. Is this a privacy violation? 2014 DHS IT Security & Privacy Training 14

YES!!! DHS employees should never or cc themselves client data to their personal accounts. This must be reported immediately to the Security and Privacy reporting site: This is a violation of DHS Policy 4006 and is subject to disciplinary actions DHS IT Security & Privacy Training 15

EVEN WITH SAFEGUARDING, INCIDENTS HAPPEN. SOME EXAMPLES… Transposing an address and mis-mailing a client chart or application; Failure to validate the date of birth and address and sending out the wrong person’s PHI; Theft of non-encrypted laptops; Employees or contractors snooping in a client file that is not part of their job. Employees or contractors throw away PHI in trash and the trash is taken to the dumpster without being shredded DHS IT Security & Privacy Training 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.