Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELECTRONIC HEALTH RECORD PRIVACY TRAINING

Published byProsper Houston Modified over 6 years ago

Similar presentations

Presentation on theme: "ELECTRONIC HEALTH RECORD PRIVACY TRAINING"— Presentation transcript:

1 ELECTRONIC HEALTH RECORD PRIVACY TRAINING

2 Purpose of this training
This training addresses the essential elements of maintaining the privacy and security of consumer protected health information (PHI). During this course you will learn/review: The basics of the privacy requirements The minimum necessary standard for the job related and assigned responsibilities of employee access to the systems and the risk associated with this access. Enforcement actions relative to inappropriate, impermissible access and disclosures; and Expected behaviors related to access to information (for KCMHSAS consumers and others whose information is in the system but who are not consumers in your program)

3 HIPAA Privacy & Security Rules
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law designed to protect consumer PHI. Mental Health Code Confidentiality – general requirements and considerations Information in the record of a recipient shall be kept confidential. Information may be disclosed outside of the holder of the record only with customer authorization and/or under specific circumstances.

4 Privacy Rule The Privacy Regulations went into effect April 14, 2003
Privacy refers to the protection of an individual’s health care data. Defines how participant information is used and disclosed. Gives individuals privacy rights and greater control over their own health information. Outlines ways to safeguard Protected Health Information (PHI).

5 Protected Health Information
Protected Health Information (PHI) – Any individually identifiable health or financial information, whether verbal, written, electronic, or otherwise recorded in any form or medium that is: 1. created or received by KCMHSAS or one of its participating providers or one of their employees, agents or contracted service providers. 2. related to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present, or future payment for the provision of health care to an individual. Protected Health and Billing Information (PHI) may not be released without a complete and valid written consent or authorization signed by the participant or legally authorized representative unless a release of the PHI is specifically allowed by State and Federal law without valid authorization.

6 Electronic mail addresses; Social security numbers;
The Federal Privacy Regulations specify the following 18 pieces of “Individually Identifiable Information” that, when linked with health or medical information, constitutes PHI (45 CFR ): Names of the individual, and relatives, employees or household members of the individual; Geographic identifiers of the individual, including subdivisions smaller than a street, street addresses, city, county and precinct; Zip code at any level less than the initial three digits; except if the initial three digits cover a geographical area of 20,000 or less people, then zip code is considered an identifier; All elements of dates, except year, or dates directly related to an individual including birth date, admission date, discharge date, date of death and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; Telephone numbers; Fax numbers; Electronic mail addresses; Social security numbers;

7 Web Universal Resource Locators (URLs);
The Federal Privacy Regulations specify the following 18 pieces of “Individually Identifiable Information” that, when linked with health or medical information, constitutes PHI (45 CFR ): (Cont) Medical record numbers; Health plan beneficiary numbers; Account numbers; Certificate/license numbers; Vehicle identifiers and serial numbers, including license plate numbers; Device identifiers and serial numbers; Web Universal Resource Locators (URLs); Internet Protocol (IP) address numbers; Biometric identifiers, including finger and voice prints; Full-face photographic images and any comparable images; and Any other unique identifying number, characteristic, or code

8 PHI In All Media The HIPAA Regulations require we protect our consumers’ PHI in all media including, but not limited to, PHI created, stored or transmitted in/on the following media: Verbal discussions (i.e. in person, on the phone, etc.) Written on paper (i.e. referral form, explanation of benefits, prescreen assessments, etc.) In computer applications/systems (i.e. KCMHSAS Office, Streamline SmartCare, Provider Access, and Care Management etc.) In/on computer hardware/equipment (i.e. PCs, laptops, PDAs, fax machines/servers, cell/multifunctional phones, etc.)

9 Minimum Necessary What does releasing the “minimum necessary” PHI mean? To use or disclose/release only the information minimally necessary to accomplish the intended purposes of the use, disclosure, or request. Requests from employees within KCMHSAS: Identify each workforce member who needs to access to consumer PHI. Limit the PHI provided to a “need to know” basis. Requests from individuals not employed at KCMHSAS: Limit the PHI provided to what is minimally necessary to accomplish the purpose for which the request was made.

10 Employee Access Employee Access to Consumer PHI is permitted on an as needed basis for the required performance of employee job related and assigned responsibilities and does not allow access to any information that is not part of the specific job duties and responsibilities. (i.e., it is never acceptable for an employee to look at PHI “just out of curiosity,” even if no harm is intended.) Any information acquired or accessed during the performance of work assigned duties will be kept confidential.

11 Searching & Selecting Consumer Records
When your job related duty requires you to search for a consumer record in KCMHSAS Care Management, Provider Access or Smartcare systems, only open the record when you are reasonably assured that it is the correct consumer. Search with more than just the consumer’s name, i.e. search with the dob.

12 Accidental Violations
Mistakes happen. If you mistakenly view or disclose PHI or provide confidential information to an unauthorized person or if you breach the security of confidential data: Acknowledge the mistake and notify your supervisor and/or the Breach Response Team immediately. If the report is made to a supervisor, the supervisor is required to then report to the Breach Response Team immediately. Learn from the error and help revise procedures (when necessary) to prevent it from happening again. Assist in correcting the error only as requested by your manager or the Privacy Officer. Don’t cover up or try to make it “right” by yourself. ***Accidental disclosures are Privacy Incidents and must be reported to the Privacy Officer immediately. We are required to document this type of disclosure.***

13 Misuse of PHI and Impermissible Disclosures
Unauthorized Access to… Using… Taking… Possession of… Release of… Edit of… Destruction of… Consumer PHI without authorization.

14 Breach An acquisition, access, use, or disclosure of protected health information in a manner not permitted under the Privacy Rule is presumed to be a breach unless the Covered Entity demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment. A breach may occur when information that must be protected is: Lost, stolen or improperly disposed of; Reviewed by individuals who are not authorized to have access, or Sent or communicated to others who are not authorized to receive it.

15 Disciplinary Action We must be committed to protecting our consumers’ privacy. KCMHSAS is placing trust in you to follow the privacy policies. This is not an option, it is required. Unauthorized or improper release of PHI by an employee may result in disciplinary action up to and including termination of employment, civil fines and/or penalties, and/or criminal sanctions, lawsuits and judgments against the employee and/or KCMHSAS for civil and/or criminal damages (see 45 CFR (e)(1)&(2)).

16 Employees Must Report Employees who believe they have observed a violation of this policy should report it to their immediate supervisor and/or the Privacy Officer. An employee may also report a violation anonymously or confidentially to the KCMHSAS Compliance hotline. Calls received on this line will be investigated consistent with applicable KCMHSAS compliance policies. There will be no retaliation taken against any employee for making such a report in good faith.

17 Monitoring Employee access and use of KCMHSAS Care Management, Provider Access and Smartcare systems will be monitored by the Privacy & Compliance Officers. Based on access monitoring activities, you may be asked questions regarding your apparent access to consumer records and information. You will be expected to provide an acceptable rationale for access to all consumer information based upon your job related responsibilities.

18 Questions Any reports of suspected compliance violations, questions or possible concerns may be directed to the Privacy Officer via telephone, verbally or in writing to: Karyn Bouma Ellie DeLeon KCMHSAS Health Information Officer KCMHSAS Compliance Officer 615 E Crosstown Parkway or to Portage St Kalamazoo, MI Kalamazoo, MI 49001   Phone: Phone: Hotline: Please sign and keep the Electronic Health Record Training Attestation form as part of your agency training records.

Download ppt "ELECTRONIC HEALTH RECORD PRIVACY TRAINING"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Confidentiality and HIPAA

Confidentiality and HIPAA
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.

The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Informed Consent.

Informed Consent.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A

Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Health information security & compliance

Health information security & compliance
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Similar presentations

Ads by Google