Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.

Published byGervase Spencer Modified over 7 years ago

Similar presentations

Presentation on theme: "Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP."— Presentation transcript:

1 Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP Myrna Cuevas R.N., Esq - Compliance Officer

2 Objectives Know difference between Privacy and Security Understand your role in protecting PHI Know how to report an HIPAA concern

3 Health Insurance Portability and Accountability Act (HIPAA ) HIPAA Privacy Security

4 HIPAA- Federal Law New York Privacy Protection Law- NY State Law Purpose: –To ensure the privacy and confidentiality of patient health information (PHI) –To protect the security of PHI –To establish uniform standards for electronic transactions Compliance is Mandatory Observers, Volunteers, Medical Students must comply with HIPAA regulations

5 HIPAA Privacy Basics HIPAA PHI is any information relating to a person’s health status, treatment or payment for health services that is created or received by the Hospital and that may identify the individual. Includes: Oral, written and electronic records and communications. Privacy Basics

6 Permitted Disclosures for the Hospital’s Routine Purposes The Hospital may use and disclose PHI for its Treatment, Payment and Health Care Operations purposes without obtaining a written authorization from the patient. Do Not Forget: You still need to get all of the same consents, signatures, etc. that you are currently getting.

7 HIPAA Privacy Rule: Individual Rights Notice: Right to receive a notice of privacy practices of PHI Restriction: Right to request a restriction on uses and disclosures of PHI Confidential Communication: Right to request confidential communications of PHI (i.e.- contact on cell phone only) Access: Right to access and copy PHI (signed authorization form required) Amendment: Right to amend PHI Accounting: Right to receive an accounting of disclosures of PHI Complaints- Office of Civil Rights

8 Minimum Necessary Rule You must limit the patient information which you use or disclose to the minimum necessary to accomplish your job responsibilities

9 How Do You Limit Access? Do not look at a patient’s medical information unless specifically requested. Do not “look up” a patient’s information in the Hospital’s computer system unless it is necessary to do your job (role) (e.g., if a family member in the Hospital, you cannot look in the computer to see now she is doing). Do not ask your fellow employees about patients they have encountered.

10 How Do You Limit Access? Do not look at a patient’s medical information unless specifically requested. Do not “look up” a patient’s information in the Hospital’s computer system unless it is necessary to do your job (role) (e.g., if a family member in the Hospital, you cannot look in the computer to see now she is doing). Do not ask your fellow employees about patients they have encountered. 10

11 Prohibited Disclosure You may not share patient information with anyone except as required by your job. This means: –You may not discuss patients with your fellow employees except as necessary for your job. –You may not carry patient information (written, electronic or oral) out of a facility unless specifically authorized to do so by the Hospital. –You may not discuss patient information with your family and friends. –Take care when discarding patient information. 11

12 Examples of Prohibited Disclosures You may not talk about interesting patients, even if you see the patient’s story on the news. You may not comment about Hospital patients on social media websites, even if a patient discloses health information on his/her own site. You may not tell co-workers, friends or family about patients they may know. You may not gossip about or discuss celebrities or other famous people who are patients of the Hospital. 12

13 Compliance Tips Protection of patient information is everyone’s responsibility. Here is a review of a few things which were discussed in this presentation: –Do not discuss patient information in public areas. –Do not discuss patient information outside of the Hospital. –Do not share your password. –Do not leave patient information unattended (e.g., information on laptops or PDAs). –Do not access patient information unless required for your job. –Do not send patient information by Internet unless authorized. –Do inform your supervisor or the privacy officer of HIPAA concerns. 13

14 SECURITY REQUIREMENTS 14

15 Do Not Share Your Computer Password if You Have One! 15

16 Protect Your Work Area Be aware of who can look over your shoulder and view patient information in your possession, on the counter or on the computer screen. Do not leave patient information unattended. Turn computer screens away from public view. Do not post your password on the side of your computer or anywhere in your work area. 16

17 Faxing Use a confidential fax cover sheet when faxing out. Keep fax machine in non public area. Take care when faxing out to verify phone number. Take care when replacing and discarding fax carbon. 17

18 E-Mailing Patient information can be sent by e- mail, but if the information is not encrypted, it is susceptible to unauthorized access that may result in a security breach and required notification to patients. You should only e-mail patient information if authorized. 18

19 Social Media 1. Nothing is secure on social media sites. 2. Anything you post on a social media site, might be seen by ANYONE Therefore, keep #1 and #2 in mind when posting anything! You are not permitted to post any patient information that you learn at the Hospital on a social media website (even if other people are posting information or the patient himself/herself posts information). 19

20 Portable Devices Use of personal portable devices to create, receive maintain or transmit PHI is prohibited. For portable devices distributed by the Hospital- special measures are needed. –Safety measures related to Hospital issued portable device: Do not leave device unattended Keep device secure- trunk, lockable attaches, lock boxes or other secure containers 20

21 Sanctions The Hospital will take disciplinary action if it is determined that an employee failed to comply with the Hospital’s or the facility’s HIPAA policies. An employee who violates the Hospital’s or the facility’s HIPAA policies may be subject to various sanctions including written censure, suspension or termination. 21

22 Federal Sanctions Under HIPAA, violations may result in civil monetary penalties and criminal actions, depending on the nature and extent of the HIPAA violation. Recent changes to HIPAA under the HITECH Act have significantly increased the monetary penalties. 22

23 Beware of Viruses and Malicious Software Viruses and other malicious software are a serious threat to the integrity of patient information and the operations of the facility and the Hospital. To protect against viruses: –Do not bring in information from outside of the Hospital or the facility on floppy discs. –Do not download information from the Internet without the express authorization of the Privacy Officer. –Do not open e-mails from unknown senders. 23

24 Civil Monetary Penalties (Fines) Lack of knowledge is not a defense Violation CategoryEach ViolationAll Identical Violations in a Calendar Year Willful Neglect- not corrected 50K1.5 million Willful Neglect- corrected $10K – 50K1.5 million Reasonable Cause 1K – 50K1.5 million Did not know$100- 50K1.5 million 24

25 What’s all the fuss? HIPAA is entirely different “animal” today than when the rule was initially passed Much stiffer penalties and improved enforcement Patient’s have growing expectation that their privacy will be protected by healthcare entities Protecting privacy is good business 25

26 HIPAA compliance starts with you To report a HIPAA concern: –Contact either Privacy Officer- Dr. Michael Palumbo or Compliance Officer- Myrna Cuevas or HIPAA Security Officer- Elizabeth King –Call the Compliance Hotline: 914- 681-2196 26

Download ppt "Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HIPAA Training: Health Insurance Portability and Accountability Act.

HIPAA Training: Health Insurance Portability and Accountability Act.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.

HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google