Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developed for Ridgeview Institute 2015 Hospital Wide Orientation

Published byKerrie Horton Modified over 6 years ago

Similar presentations

Presentation on theme: "Developed for Ridgeview Institute 2015 Hospital Wide Orientation"— Presentation transcript:

1 Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA Training Developed for Ridgeview Institute 2015 Hospital Wide Orientation

2 Introduction The purpose of HIPAA training is to uphold the confidentiality of medical record information and protect the patient’s right to privacy in the collection and disclosure of patient information. HIPAA regulations require organizations, such as Ridgeview Institute, to provide HIPAA training to its workforce members.

3 What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) is a federal law to provide privacy standards to protect patient’s medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. These standards provide patients with access to their medical records and more control over how their protected health information is used and disclosed.

4 Patient Rights Patients have the right:
To receive a copy of Ridgeview Institutes Notice of Privacy Practices To request restrictions on disclosures of Protected Health Information To receive an accounting of disclosures To request an alternate means of communication, such as sending mail to a P.O. Box versus home address. To request an amendment to their protected health information. To complain if they feel their privacy rights have been violated.

5 Right to Complain Patients have the right to complain if they feel their privacy rights have been violated. Refer patients with complaints about privacy violations to Ridgeview Institute’s Privacy Officer. Anita Thomas ext. 2801

6 Protecting Patient Confidentiality
As a healthcare worker, you must do your best to keep patient information confidential, regardless of whether you know the patient. Discussing PHI with individuals not involved in the patient’s care is a violation of the patient’s rights! Each Ridgeview work force member is responsible for maintaining and protecting the privacy and confidentiality of patients, family members, visitors, and co-workers. CONFIDENTIAL

7 Protected Health Information
What is PHI? All protected health information (PHI) is subject to federal HIPAA regulation, which refers to any information that identifies a patient and relates to at least one of the following: The individual's past, present, or future physical or mental health The provision of health care to the individual Past, present, or future payment for health care Information that can identify an individual includes either the individual's name or any other information that could enable someone to determine the individual's identity. Protected Health Information Paper Documents ePHI (electronic data) Faxes Oral Communication

8 Types of Identifying Health Information
PHI & ePHI Types of Identifying Health Information Name Address All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89) Telephone numbers FAX number address Social Security number Medical record number Health plan beneficiary number Account number Certificate/license number Any vehicle or other device serial number Device identifiers or serial numbers Web URL IP address Finger or voice prints Photographic images Any other characteristic that could uniquely identify the individual Definitions Protected Health Information (PHI) is all individually identifiable health information held or transmitted by Ridgeview in any form or media whether electronic, paper records, fax documents or oral communications. ePHI is all individually identifiable health information that Ridgeview creates, receives, maintains or transmits in electronic form.

9 Physical Safeguards Ridgeview Institute takes measures to provide physical safeguards by limiting physical access to facilities where PHI is stored and requiring employees to wear authorized ID badges at all times while on campus. Additional required steps include: Never leave your PC unattended while you are logged in. Never share your log in password with anyone. It is a violation of Ridgeview Policy to share your password or log-in credentials. Keep your computer monitor positioned out of public view. Hold your conversations with patient/family in areas where PHI is not easily overheard. Secure areas where protected health information is located.

10 Inappropriate access to PHI
It is a blatant violation of patient privacy to view someone’s record for reasons outside of your role at Ridgeview Institute. Those authorized to view a patient’s record are allowed to do so only as needed to perform their job. This limited access includes restrictions to accessing Hard Copies (Paper Records) and Electronic Data Records.

11 HIPAA–Minimum Necessary Requirement
HIPAA calls on health care workers to use the minimum amount of patient information they need to do their jobs efficiently and effectively. Ask yourself: Do I need this information to do my job and provide good patient care? What is the least amount of information I need to do my job? What is the minimum amount I need to share with other to provide quality patient care?

12 Disclosure of PHI HIPAA requires an authorization signed by the patient or the patients’ legal guardian before any PHI may be communicated verbally or in writing to another party. Federal regulations require documentation of what information was released, the date released, and who released the information, be recorded in the medical record. This may be documented at the bottom of the Authorization To Release Information Form.

13 Exceptions to Disclosure
Medical Emergencies Reporting of Suspected Abuse (child or elder) Reporting of Communicable Diseases Court Order Investigations by Department of Health and Human Services for HIPAA compliance.

14 Disposal of PHI HIPAA requires Protected Health Information (PHI) to be kept confidential even when it’s being thrown away. It is the responsibility of ALL Ridgeview work force members to dispose of anything with PHI in a locked trash bin designated for disposal of confidential information.

15 Misdirected Faxes with PHI
Misdirected faxes are not uncommon in the daily operations of a healthcare facility. A Ridgeview employee who unintentionally sends a fax with PHI to the wrong party should report the incident to their supervisor or Ridgeview’s HIPAA Privacy Officer immediately at x2801 or In addition, all print jobs should be picked up IMMEDIATELY from the printer and should never be left unattended. Ridgeview’s HIPAA Privacy Officer Anita Thomas

16 Health Information Technology for Economic and Clinical Health (HITECH) Act
The HITECH Act (law) strengthens HIPAA enforcement. It includes provisions that call for increased monetary penalties for violation of HIPAA privacy and security regulations, new patient information breach notification requirements, and increased privacy rights for patients. HITECH established four tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical nature during a calendar year. Depending on the circumstances, federal or state law may permit civil or criminal litigation and/or restitution, fines, and/or penalties (including jail time) for actions violating HIPAA. Ridgeview Sanction Policy which could include termination of employment depending on the severity of the violation. A recent example in the news, a hospital in Massachusetts agreed to pay a $1 million dollar fine as a result of an incident involving the loss and disclosure of PHI of 192 patients.

17 Breach Notification (HITECH)
If it is determined there is a breach of PHI, certain entities must be notified: Individual whose privacy has been violated Office of Civil Rights under the DHHS Media (over 500 individuals) Business Associates must report violations to the Covered Entity

18 Business Associates (BAs)
HIPAA governs Business Associates who contract with Ridgeview Institute and use or have access to protected health information (PHI). Penalties and sanctions are applied directly to BAs violating Privacy and Security regulations.

19 RVI Intranet: HIPAA Related SPPs
1.2 Business Associates 1.6 Confidentiality 7.1 Personnel Security 7.2 Workstation Use 7.3 , Internet, & Intranet Use 14.24 Faxing Employee Healthcare Info. 15.2 Release of Protected Health Information

20 HIPAA Related SPPs (continued)
15.3 Completion of Medical Record 15.4 Faxing Patient Information 15.5 Amendment to Protected Health Information 15.6 Right to Request Privacy Protection 15.7 Sanctions for Non-Compliance with HIPAA 15.8 Privacy Complaints 15.9 Notices of Privacy Practices of PHI 15.13 Request for Accounting of Disclosures 15.10 Patient Access to Medical Records

Download ppt "Developed for Ridgeview Institute 2015 Hospital Wide Orientation"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.

The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.

HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Similar presentations

Ads by Google