Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy, Security & NYS Confidentiality Laws

Published byMadison Warner Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy, Security & NYS Confidentiality Laws"— Presentation transcript:

1 Privacy, Security & NYS Confidentiality Laws
HIPAA & HITECH Privacy, Security & NYS Confidentiality Laws Student Orientation Office of compliance & Audit Services & Information Security Stephanie Musso, SBUH HIPAA Privacy Officer & Director Information Security

2 HIPAA H = Health I = Insurance P = Portability – NOT PRIVACY
Office of compliance & Audit Services & Information Security H = Health I = Insurance P = Portability – NOT PRIVACY Created to ensure access to health coverage Allows for continuity in health coverage Prevents denial due to a pre-existing condition(s) A = Accountability Healthcare fraud is a federal crime Fines and/or jail time may apply Individuals Organizations could face sanctions A = Act Privacy and Security Rules added following extensive lobbying by Privacy Advocates HIPAA

3 Office of compliance & Audit Services & Information Security
What is PHI ? Any form of information that can identify, relate or be associated with an individual obtaining health care services What is IIHI? Individually Identifiable Health Information are data elements that make up PHI such as…… Name, Address, SSN, Phone Number, Medical Record Number, Diagnosis, Test Results, Photographs, Doctors notes, Health Plan Information, etc. HIPAA Privacy Rule

4 Why is there a need for this added protection ?
Office of compliance & Audit Services & Information Security With advances in technology come the potential for misuse and abuse. Electronic storage of data World Wide Web All easily allow information to travel outside the organization. Why is there a need for this added protection ?

5 All manners of communication containing PHI including:
Office of compliance & Audit Services & Information Security All manners of communication containing PHI including: At all times Spoken Written Electronic What is Protected?

6 When are we permitted to share PHI?
Office of compliance & Audit Services & Information Security To Provide Care: Healthcare providers/practitioners can share PHI for continuity of care. Obtain payment: Billing a medical insurance company for service rendered or providing the patient’s name & address to a collection agency Health Care Operations: Quality Improvement, teaching & education, legal proceedings, certification or accreditation processes, etc. When are we permitted to share PHI?

7 What are our Privacy Goals ?
Office of compliance & Audit Services & Information Security 1) Maintain our patient’s trust Improve patient safety & patient satisfaction 2) Safeguard our patient’s PHI Required by the HIPAA Security Rule Educate our patients as to their rights. Required by the HIPAA Privacy Rule What are our Privacy Goals ?

8 Stony Brook Organized Health Care Arrangement (SBOHCA) a.k.a
Office of compliance & Audit Services & Information Security Stony Brook Organized Health Care Arrangement (SBOHCA) a.k.a JOINT NOTICE OF PRIVACY PRACTICES Is the document SBUH uses to notify patient’s of their privacy rights… Notice of Privacy Practices

9 request restricted use and disclosure of PHI*
Office of compliance & Audit Services & Information Security request restricted use and disclosure of PHI* request to receive communications via alternate mechanism inspect and copy their health information* request to amend their medical record request an accounting of disclosures* file a complaint* PATIENT’S RIGHTS

10 Office of compliance & Audit Services & Information Security
Information Security is the process of protecting data from accidental or intentional misuse by persons inside or outside of the Hospital Information Security

11 Office of compliance & Audit Services & Information Security
Set standards to ensure only those who should have access to PHI contained in the electronic systems actually have access and ensure the integrity of our PHI in the electronic systems is maintained Protected Health Information contained in our electronic systems is better known as e-PHI. HIPAA Security Rule

12 HIPAA Information Security Requirements
Office of compliance & Audit Services & Information Security Administrative Safeguard (policies, training, audits, etc.) Physical Safeguards (locks, privacy screens, etc.) Technical Controls (firewalls, encryption, virus protection, etc.) Note: The Federal HIPAA Security Regulation requirements are in alignment with the NYS Cyber & Information Security Law, TJC standards & the NYS DOH Regulations HIPAA Information Security Requirements

13 Health Information Technology Economic & Clinical Health
On February 17, 2009 the Federal Stimulus Bill or American Recovery and Reinvestment Act (ARRA) was signed into law and included provisions to address Health Information Technology For Economic and Clinical Health Act (HITECH). Purpose is to create a national health information infrastructure and widespread adoption of electronic health records through monetary incentives. Provide enhanced Privacy & Security Protections under HIPAA including increased legal liability for non-compliance and greater enforcement actions. Office of compliance & Audit Services & Information Security Health Information Technology Economic & Clinical Health

14 What changes should we expect?
Office of compliance & Audit Services & Information Security Breach Notification (PHI sent/given to the incorrect recipient) Patients can request an Electronic Copy of their medical Info. Individually Directed Privacy Restrictions Restrictions on Marketing, Fundraising and the sale of PHI Preference for Limited Data Sets and De-Identification Extension of Minimum Necessary Rule (use & access) Vendors/Business Associates (subject to the same penalties) Accounting for Disclosures (access lists) Increased Enforcement and New Penalties - Individual’s & Organizations are subject to the criminal provisions; State AG’s can bring civil suit in Federal Courts on behalf of state residents; harmed individuals can receive a % of CMP’s or settlement What changes should we expect?

15 NYS Confidentiality Laws
Office of compliance & Audit Services & Information Security Stricter State Laws that surpass HIPAA: Article 27-F NYS PHL Confidentiality of HIV – related information NYS MHL Confidentiality of mental health information applicable to OMH certified providers & locations Genetic Information Non-Disclosure Act (Fed & NYS Law basically the same) protects potentially harmful disclosures of genetic information NYS Confidentiality Laws

16 As an employee what is expected of me ?
Office of compliance & Audit Services & Information Security Use, Access and Disclose the minimum necessary to perform your assigned responsibilities (provide treatment to a patient; obtain payment for the services rendered; or perform a healthcare related function or operation as assigned (QA/QI, audit, care management/ utilization review, teaching, etc. definitions can be found Admin P&P LD: 0075) Do Not Snoop even if they beg (neighbors, friends, relatives, immediate family members, colleagues) Dispose of PHI properly and ensure PHI that is sent electronically is sent to the proper recipient When in doubt ask the HIPAA Privacy Officer phone or “HIPAA” As an employee what is expected of me ?

17 Log-Off before walking away from a workstation
Office of compliance & Audit Services & Information Security Remember your username and password are your signature: Do Not Share usernames/passwords; Do Not use a generic sign-on Log-Off before walking away from a workstation Do not place patient information on mobile devices Do not post patient information on Social Network sites Do Not take pictures of patients with non approved devices and without patient consent Do not install/download on a SBUH computer without IT approval When sending patient information via use only SBUH Outlook and send only to another SBUH Outlook user only. Remember send the minimum necessary amount of information needed, ensure you have the correct recipient and when in doubt contact Information Security phone or “Information Security” As an employee what is expected of me when using electronic information?

Download ppt "Privacy, Security & NYS Confidentiality Laws"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Similar presentations

Ads by Google