1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Slides:

Advertisements

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

Advertisements

Minimum Necessary Standard Version 1.0

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

Confidentiality and HIPAA

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Understanding HIPAA Privacy Regulations

NAU HIPAA Awareness Training

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

HIPAA PRIVACY AND SECURITY AWARENESS.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.

Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

Eliza de Guzman HTM 520 Health Information Exchange.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA Training Workshop #1 Council of Community Clinics – San Diego February 7, 2003 by Kaye L. Rankin Rankin Healthcare Consultants, Inc.

HIPAA Privacy Rule Implementation Status Report Richard M. Campanelli, J.D. Director, Office for Civil Rights Before the The Tenth National HIPAA Summit.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

The Medical College of Georgia HIPAA Privacy Rule Orientation.

What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.

The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.

Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

HIPAA PRIVACY & SECURITY TRAINING

HIPAA CONFIDENTIALITY

Privacy & Confidentiality

HIPAA Administrative Simplification

Privacy Notice - Requirements

Paul T. Smith Davis Wright Tremaine LLP

Health Insurance Portability and Accountability Act

Move this to online module slides 11-56

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

HIPAA Pros - Minimum Necessary

Health Insurance Portability and Accountability Act

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

HIPAA Policy & Procedure Strategies

The Health Insurance Portability and Accountability Act

HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;

Presentation transcript:

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved

2 Team Assignments  Assign security responsibilities to one or more individuals.  Record the names and/or job titles of the people who are responsible for addressing requests to view or amend protected health information.

3 Team Assignments  Record the names and/or job titles of the people who are responsible for processing requests for an “accounting of disclosures”.

4 Team Assignments  Designate a privacy official who is responsible for development and implementation of privacy policies and procedures.  Designate a contact person responsible for receiving complaints.

5  Create an inventory of PHI and note the processes in place for handling it.  Determine how PHI is used.  Determine how PHI is disclosed. Establish Procedures for Handling, Processing and Storing Protected Health Information (PHI)

6  Determine the kinds of information to which each staff member should have access.  Update your employee manual to include sanctions for any employees who leave a secure area unlocked, or who fail to follow established privacy and security procedures.

7  Prepare a list of all routine and non-routine uses and disclosures.  Establish minimum necessary access policies and procedures for staff. Establish Procedures for Handling, Processing and Storing Protected Health Information (PHI)

8 Ensure Adequate Physical Security to Safeguard PHI  Keep track of who has keys to the office itself and to the secure areas inside.  Place door locks on storage rooms where archives are stored.  Develop strategies to handle PHI trash disposal.  Put locks on chart filing cabinets located in public areas.

9  Keep computer servers that contain PHI in rooms that are open only to essential personnel.  Position workstations so that the screens are not easily viewable by passersby. Ensure Adequate Physical Security to Safeguard PHI

10 Ensure Adequate Physical Security to Safeguard PHI  Develop policies and procedures for backups of data.  Document procedures for bringing hardware and software into and out of the facility.

11 Establish Clear Rules to Ensure Client Privacy  Establish personnel clearance procedures.  Establish personnel termination procedures.  Give each employee a written copy of the client privacy rules for your office.

12 Establish Clear Rules to Ensure Client Privacy  Make sure each employee understands that they are permitted to use or disclose only the minimum amount of PHI necessary to accomplish the intended purpose.

13 Establish Client Amendment Procedures LOCATION OF PHITIME LIMIT PHI that is maintained in the office.Provide approval and access or notice of denial within 30 days of the request. PHI that is maintained outside the office (i.e., a storage facility). Provide approval and access or notice of denial within 60 days. Time Limits in Which You Must Respond to Requests for PHI

14 Establish Client Amendment Procedures  Obtain one 30-day extension.  Will only be granted if you give the client written notice explaining the delay, including a date when the request will be completed.

15 Establish Client Amendment Procedures  A written record of all client requests for PHI.  Identify two “reviewing individuals” who are licensed health care professionals to help address client appeals.

16 Establish Client Amendment Procedures  Establish a process for approvals and denials.  Establish a reasonable fee for copying PHI.

17 Establish Client Amendment Procedures  Incorporate HIPAA compliance into your clinical research consent forms.  Keep psychotherapy “process” notes separate from the rest of the medical record.

18 Establish a Formal Complaint Procedure  Incorporate complaint procedure into your notice of privacy practices.  Develop a system to keep detailed records of all complaints, and document how and when these complaints were addressed.

19 Establish a Formal Complaint Procedure  Make sure that staff understands that they are not allowed to pressure any client to waive their right to file a complaint.  Create a logbook to document all complains.

20 Establish a Formal Complaint Procedure  Be certain that no staff intimidate or retaliate against any individual who files a complaint or exercises any other right guaranteed under HIPAA regulations.

21 Publish a Notice of Privacy Practices and Adhere To It  Write and publish a notice of privacy practices.  Keep copies of past notices of privacy practices.  Create a written acknowledgement of receipt of the notice of privacy practices.

22 Publish a Notice of Privacy Practices and Adhere To It  Obtain authorization for uses and disclosures associated with purposes other than treatment, payment, or health care operations.  Retain all acknowledgement forms and authorization forms.

23 Vendor Relationships  Establish a chain of trust agreement with each organization with which you exchange PHI electronically.

24 Vendor Relationships  Establish a business associate agreement with any organization that provides a service that involves the use or disclosure of PHI.  Take steps to cure any known breach of the business associate agreement.

25 Train the Workforce  Make sure all staff receive privacy and security training.  Develop security awareness in the workforce.  Teach physical security habits.

26 Train the Workforce  Ensure that everyone understands policies and procedures.  Use periodic security reminders.