Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey 07458 All rights reserved. Health Information Technology and Management Richard.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

David Assee BBA, MCSE Florida International University
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Security Training 2005
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Are you ready for HIPPO??? Welcome to HIPAA
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Privacy, Security, Confidentiality, and Legal Issues
Health information security & compliance
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
The Health Insurance Portability and Accountability Act 
Paul T. Smith Davis Wright Tremaine LLP
HIPAA.
Health Insurance Portability and Accountability Act
Move this to online module slides 11-56
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Final HIPAA Security Rule
Health Insurance Portability and Accountability Act
Thursday, June 5 10: :45 AM Session 1.01 Tom Walsh, CISSP
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Accreditation, Regulation, and HIPAA
HIPAA Security Standards Final Rule
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Presentation transcript:

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee CHAPTER Health Information Technology and Management HIPAA 3

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Pretest (True/False) The acronym EPHI stands for protected health information in an electronic format. In general, a medical office must track the disclosure of PHI for purposes other than treatment, payment, or office operations and keep the records for at least six years.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Pretest (True/False) (continued) In general, a medical office must track the disclosure of PHI for purposes other than treatment, payment, or office operations and keep the records for at least six years. Providing a patient with a copy of the privacy policy implies authorization for the practice to use PHI for almost anything.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIPAA Privacy Rule Protects patient’s protected health information (PHI) from unauthorized disclosure or use in any form Creates foundation of federal protections for privacy of PHI while not replacing more stringent state or federal privacy regulations

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIPAA Permits Use of PHI for TPO Healthcare entity may use/disclose PHI for treatment, payment, healthcare operations Healthcare provider may disclose PHI about individual as part of payment claim

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIPAA Permits Use of PHI for TPO (continued) Healthcare provider may disclose PHI related to treatment or payment activities of any healthcare provider –Including providers not covered by Privacy Rule

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Other Uses of PHI Clinical staff may use related to patient care Nonclinical staff may use related to billing, claims, records-related activities, office or facility operations activities

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Safeguards to Protect Patient Confidentiality Speaking quietly when discussing patient’s condition with family members in public area Avoiding use of patients’ names in public areas Posting signs to remind employees to protect patient confidentiality

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Safeguards to Protect Patient Confidentiality (continued) Isolating or locking file cabinets or records rooms Providing additional security, such as passwords

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Medical Office HIPAA Compliance Providing copy of office privacy policy to patients Asking patient to acknowledge receiving copy of policy and/or signing consent form Obtaining signed authorization forms Tracking PHI disclosures when unrelated to treatment, billing, payment purposes

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Medical Office HIPAA Compliance (continued) Adopting clear privacy procedures Training employees to understand privacy procedures Designating individual responsible for seeing that privacy procedures are adopted and followed Securing patient records containing

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIPAA Authorization Versus Consent Authorization requires a form signed by patients or their representatives for each type of PHI disclosure Consent is inferred from patient’s receipt of a copy of the Privacy Policy and allows provider to share PHI for: –Patient treatment –Obtaining payment –Operation of medical practice or facility

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Authorization Form Must Include: –Date signed –Expiration date –To whom information may be disclosed –What is permitted to be disclosed –For what purpose the information may be used

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Figure 3-4 Sample Authorization Form with elements required by HIPAA.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Patients’ Rights Individuals have right to request and receive report of all disclosures made for purposes other than treatment, payment, operation of healthcare facility –Report must include date, whom information was provided to, description of information, purpose

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Patients’ Rights (continued) Individuals may see and obtain copies of their medical records and request corrections if necessary –Facilities must provide access within 30 days of patient’s request, but may charge patients for copying/mailing costs

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIM Responsibilities Ensuring appropriate consent or authorization forms on file Ensuring requests for release of information occur within time frame of authorization Ensuring minimum necessary portion of chart sent to patient, disclosure tracked

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIM Responsibilities (continued) Providing patients with copies of records, disclosure reports (within office setting)

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIPAA Security Standards Administrative safeguards –Administrative functions implemented to meet security standards, including assignment or delegation of security responsibility to individual, security training requirements

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIPAA Security Standards (continued) Physical safeguards –Mechanisms required to protect electronic systems, equipment, data from threats, environmental hazards, unauthorized intrusion –Include restricting access to EPHI, retaining off-site computer backups

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee HIPAA Security Standards (continued) Technical safeguards: –Primarily automated processes used to protect data, control access to data –Include using authentication controls to verify authorization to use computer, encrypting and decrypting data as it is stored and/or transmitted

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Security Management Process Risk Analysis: Identify potential security risks, likelihood, seriousness Risk Management: Decisions about how to address security risks, vulnerabilities and develop strategy to protect confidentiality, integrity, availability of EPHI

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Security Management Process (continued) Sanction Policy: Define consequences of failing to comply with security policies, procedures Information System Activity Review: Regularly review records to determine if any EPHI has been used, disclosed in inappropriate manner

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Workforce Security Implementation Specifications: Authorization and/or Supervision Workforce Clearance Procedure Termination Procedures

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Information Access Management Implementation Specifications: Access Authorization: Organization identifies who has authority to grant access and the process for doing so Access Establishment and Modification: How access is established and modified Isolating Healthcare Clearinghouse Functions: Isolation of clearinghouse computers from other systems in organization

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Security Awareness and Training Implementation Specifications: Security Reminders Protection from Malicious Software Log-in Monitoring Password Management

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Other Security Standard Safeguards Include: Security incident procedures to identify and report security incidents Contingency plan for recovering access to EPHI Physical safeguards to protect electronic information systems and related buildings, equipment

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard Gartee Other Security Standard Safeguards Include: (continued) Technical safeguards to protect electronic PHI and control access to it

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.