Presentation is loading. Please wait.

Presentation is loading. Please wait.

And the finer details of patient privacy

Published byBarnard Allison Modified over 6 years ago

Similar presentations

Presentation on theme: "And the finer details of patient privacy"— Presentation transcript:

1 And the finer details of patient privacy
Understanding HIPAA And the finer details of patient privacy TCH Confidential IBM Confidential

2 Agenda High-level HIPAA Review “The Golden Rule” Privacy Rule
Challenges Security Rule “The Golden Rule”

3 Agenda Examples of Inappropriate Access Hypothetical Case Studies
CHCO HIPAA P&P and Conduct Review

4 HIPAA Privacy Rule Protected health information (PHI) can be accessed for purposes of: Treatment Payment Healthcare operations Research approved by COMIRB

5 HIPAA Privacy Rule Challenges
Accessing PHI for Training, education, and quality improvement are permitted by HIPAA Challenge is granular definition of appropriate access Anyone at any time can claim: “I was accessing record for education or QI”, even if access was not appropriate CHCO provides guidance in the “Accessing PHI for Training, Education, and Quality improvement” policy and procedure.

6 HIPAA Security Rule Individually identifiable logins for every person that access electronic patient information or systems that handle patient information No login/password sharing Secure or logoff workstations and applications when leaving them unattended

7 HIPAA Security Rule It is not okay to walk away from a computer workstation that is logged into Epic and leave it unattended Examples: going to lunch going to care for a patient in another room or area being away long enough for someone else to access patient information with your ID

8 “The Golden Rule” If you do not need to access a patient record specifically to do your job, don’t access the record.

9 Examples of Inappropriate Access
Outside of Treatment, Payment, or Operations: Accessing celebrity information Accessing friend or relative information Accessing information for other companies/providers who want the information for marketing purposes

10 Examples of Inappropriate Access
Outside of Treatment, Payment, or Operations: Accessing information for personal reasons Accessing co-workers’ patient information Accessing your own information Accessing your child’s records Just Being Curious or Concerned

11 Case Studies

12 Case Study UCLA Health System Staff Member: Job termination and 4 months in prison with $2000 fine for HIPAA violation

13 Hypothetical Case Studies
A tragic auto accident involving a family with two children happened on Colfax right in front of the hospital entrance and you are part of the care team.

14 Hypothetical Case Studies
I decide to “Friend” the families and post updates to let the very upset families know how their injured children are doing.

15 Hypothetical Case Studies
I decide to “Friend” the families and post updates to let the very upset families know how their injured children are doing. This is not appropriate.

16 Hypothetical Case Studies
Alternative: I will let the families know that I understand their concern but to respect my professional boundaries and privacy of the patients, I cannot communicate over social media. I will be happy to communicate in person, over the phone or MyChart.

17 Hypothetical Case Studies
Alternative II: I will let the families know that I understand their concern. We can discuss whether they want to sign an authorization to allow us to communicate their children’s progress over .

18 Hypothetical Case Studies
A supervisor approaches me and asks me to look at their child’s diagnosis and bill for a visit.

19 Hypothetical Case Studies
A supervisor approaches me and asks me to look at their child’s diagnosis and bill for a visit. This is not appropriate.

20 Hypothetical Case Studies
Alternative: Tell supervisor that they need to contact their child’s physician for diagnosis information and Patient Financial Services for billing information.

21 Hypothetical Case Studies
The daughter of a neighbor, a close friend, will be having surgery soon and I want to look in the EMR to find when the surgery is scheduled so I can lend support.

22 Hypothetical Case Studies
The daughter of a neighbor, a close friend, will be having surgery soon and I want to look in the EMR to find when the surgery is scheduled so I can lend support. This is not appropriate.

23 Hypothetical Case Studies
Alternative: I will ask my friend when the surgery is and let her know I would like to meet her in the surgical waiting area to lend support.

24 Hypothetical Case Studies
My sister is concerned about her young daughter’s experience at a CHCO clinic and wants help.

25 Hypothetical Case Studies
Can I look in the EMR to provide documentation to support her conversation with customer service?

26 Hypothetical Case Studies
Can I look in the EMR to provide documentation to support her conversation with customer service? This is not appropriate.

27 Hypothetical Case Studies
Alternative: Provide customer service contact info. It is okay to act as an advocate as long as you separate that role from your position at CHCO.

28 Hypothetical Case Studies
A patient with a very unique case was seen in our clinic this morning. I’d like to access the medical record to learn how the physician treated the patient.

29 Hypothetical Case Studies
A patient with a very unique case was seen in our clinic this morning. I’d like to access the medical record to learn how the physician treated the patient. It is inappropriate for a care provider to directly access a patient medical record of a patient they did not treat for educational purposes outside of formal case review, M & M review, or sanctioned quality improvement initiatives.

30 Break the Glass in Epic We have “Break the Glass” to protect sensitive patient info, but just because you don’t see a break the glass warning doesn’t mean access is appropriate.

31 P&Ps and Code of Conduct
Confidentiality Information Security Code of Conduct HIPAA - Uses and Disclosures of PHI

32 Confidentiality

33 Confidentiality From POLICY
CHCO is committed to respecting the privacy of patients and staff by safeguarding the confidentiality of information/PHI entrusted to them. CHCO will abide by state, federal and international regulations concerning privacy and confidentiality. Access to information will be based on a need to know in order to perform one’s job duties.

34 Information Security From POLICY
Users are expected to take adequate steps to secure confidential or sensitive information assets: lock file cabinets, offices doors and other premises housing valuable information resources Users must log off after using a workstation.

35 Code of Conduct

36 From Code of Conduct “Staff must not abuse their access to confidential information or even worse, abuse their position to discover confidential information that their job does not require them to know.”

37 HIPAA – Uses and Disclosures of PHI
From POLICY General Releases - Uses and disclosures of PHI are permitted only with a valid authorization signed by the patient or his/her personal representative.

38 HIPAA – Uses and Disclosures of PHI
Exceptions to this rule (i.e., no authorization is needed) are as follows: …the PHI is being used or disclosed for the purpose of treatment, payment, or internal CHCO healthcare operations.

Download ppt "And the finer details of patient privacy"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.

WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.

HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
The HIPAA Privacy Training Video for EMS Field Providers

The HIPAA Privacy Training Video for EMS Field Providers
HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.

HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.

Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA Health Insurance Portability and Accountability Act 1.

HIPAA Health Insurance Portability and Accountability Act 1.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/

Similar presentations

Ads by Google