Presentation is loading. Please wait.

Presentation is loading. Please wait.

Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

Published byJessie Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations."— Presentation transcript:

1 Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

2 Final HIPAA Rule On September 23 rd, we must comply with the HITECH Final Rule that modifies HIPAA. It raises the requirements for patient privacy, and increases the penalties for non-compliance. The UNC Health Care System takes this change very seriously and we want our staff members to understand their responsibilities before the new rule takes effect.

3 UNC Health Care System (UNC HCS) This training is intended for the all of UNC HCS including Rex, UNC Physicians Network, Chatham Hospital, High Point Regional, Caldwell, Pardee, UNC Hospitals, and the UNC School of Medicine/Faculty Physicians. All physicians, contractors, volunteers, or other individuals that use or have access to UNC HCS patient information should also be aware of the changes.

4 What has changed? The three areas of the Final Rule that all staff members should know are: 1.Some privacy issues that we could address internally under the old rules will now have to be reported to the Department of Health and Human Services (DHHS). 2.If DHHS determines the UNC Health Care System was negligent we could face significant penalties. 3.HIPAA Rules now directly apply to our Business Associates, but we can be held responsible for their actions.

5 Final Rule According to the Final Rule, most unauthorized uses or disclosures of protected health information (PHI) will likely be considered breaches. It is now more important than ever that each staff member remembers: what is expected of them each day to protect patient information and minimize unauthorized uses and disclosures of PHI and how to report their concerns if they suspect PHI has been disclosed, exposed, or misused in ANY way.

6 Protect Each of us has a responsibility to PROTECT PHI. – Continue to make the protection of patient information the highest of priorities. – Do not share PHI with anyone who is not authorized to have it. – Do not access PHI unless you have a work-related reason to view it or an authorization form on file signed by the patient granting you permission. – Only access the minimum amount of information necessary to do your job or fill an authorized request. – If you’re not sure call your entity’s Privacy Office before you access or provide PHI to someone else!

7 Report If you believe or suspect that PHI may have been put at risk you have a responsibility to REPORT those concerns to your entity’s Privacy or Compliance Office immediately. – The new rule shortens the timeframe in which we must investigate and report any findings. – The minute you believe there is a problem, we need to know. – The sooner we know the better chance we have to limit the damage to the individuals involved.

8 Mobile Devices & Storage Media Do not store PHI on Mobile Devices or External Storage Media unless it is absolutely necessary. If it is necessary then the device MUST be encrypted and password protected where technically feasible. If not technically feasible, then other alternate safeguards such as increased physical security must be applied. Mobile Devices – Laptops – Smart Phones/Tablets – Cameras Storage Media – CD’s/DVD’s – USB Drives – Memory Cards, Disks, etc. Staff members who use mobile devices or storage media take on additional responsibilities to protect the information they place on these devices.

9 Lost or Stolen Devices If any Mobile Device or Storage Media is lost or stolen you must report it to your entity’s Help Desk, Privacy Office, or Compliance Office immediately. If you use your personal cell phone for work- related reasons it must also be encrypted and if it is lost or stolen you must report it, as well.

10 Why Protect & Report? We are required by law to report breaches to HHS When we report a breach, we are essentially reporting a violation of the Privacy Rule (HIPAA) If HHS suspects that the breach or violation resulted from “willful neglect,” they will conduct a compliance review We can be fined as much as $50,000 per violation of each provision of HIPAA.

11 Breach Response Two things can increase the amount of the fines: Willful neglect – This means acting in a manner that shows conscious, intentional failure or reckless indifference towards our obligation to comply with the HIPAA rules Failure to correct the violation quickly – Do not delay reporting to your Privacy Officer any incident that you know or think might be a HIPAA violation!

12 Unauthorized Uses and Disclosures Here are some types of unauthorized uses and disclosures to be particularly alert to avoiding: Fax sent to the wrong number Patient statements or discharge papers given to the wrong patient Envelopes not sealed Unencrypted mobile devices or storage media Unauthorized patient pictures or information posted on social media websites Accessing patient information that is not job-related Disposing of patient information incorrectly

13 Your Responsibilities We must act honestly, diligently, and quickly to prevent and address incidents related to PHI. Therefore, your responsibilities are to be diligent in your protection of PHI and if you ever feel PHI has been compromised in any way, contact your entity’s Privacy or Compliance Office and report it immediately.

14 Business Associates Another area that the Final Rule has strengthened is how our Business Associates must comply with HIPAA Laws. Almost any vendor who has access to our PHI is a business associate, and we can be held responsible if they are not compliant with these laws.

15 Business Associates If you work with any vendor who has access to our PHI you must verify they have completed the appropriate paperwork with your entity’s Purchasing Department. If you are unsure, ask and verify. Do not sign any documents that a vendor asks you to sign without first reviewing those documents with the Purchasing Department.

16 Question Under what conditions can I save PHI to a USB flash drive? A.If the flash drive is encrypted. B.If the file is encrypted with an approved encryption product. C.A or B D.None of the above.

17 Question What is your responsibility to the New Rule? A.Nothing is different B.Protect PHI C.Do not disclose PHI unless an authorization is on file. D.Report any inappropriate use or disclosure of PHI. E.B & D

Download ppt "Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations."

Similar presentations

A Guide to Compliant Data Management

A Guide to Compliant Data Management
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Basics November 1, 2014.

HIPAA Basics November 1, 2014.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.

HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Similar presentations

Ads by Google