Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy & Security

Published byShinta Lesmono Modified over 5 years ago

Similar presentations

Presentation on theme: "HIPAA Privacy & Security"— Presentation transcript:

1 HIPAA Privacy & Security
Education for Health Care Professionals

2 The HIPAA Privacy Rule The HIPAA Privacy Rule sets the standards for how covered entities and business associates are to maintain the privacy of Protected Health Information (PHI) HIPAA is the most comprehensive healthcare reform in the history of the USA and HIPAA is mandatory

3 HIPAA Protects the privacy and security of a patient’s health information Provides for electronic and physical security of a patient's health information Prevents health care fraud and abuse Simplifies billing and other transactions, reducing health care administrative costs

4 What is a Business Associate?
A person or entity which performs certain functions, activities, or services for or to patients involving the use and /or disclosure of PHI, but the person or entity is not part of MCH or MMH or its workforce. Ex. Transcription services, temporary staffing services, record copying company

5 Protected Health Information (PHI)
Relates to past, present, or future physical or mental condition of an individual Provisions of healthcare to an individual For payment of care provided to an individual It is transmitted or maintained in any form (electronic, paper, or oral) and can be used to identify the individual

6 Uses and Disclosures of PHI
At MCH and MMH you must get signed authorization from the patient to disclose PHI The authorization must: Describe the PHI to be used or released Identify who may use or release the PHI Identify who may receive the PHI Describe the purpose of the use or disclosure Identify when the authorization expires Be signed by the patient or someone making health care decisions (personal representative) for the patient

7 Notice of Privacy Practices
At MCH and MMH you must give each patient a notice of privacy practices that describes how: 1. MCH and MMH can use and share his or her PHI 2. Their patient privacy rights and request that every patient sign a written acknowledgement that he/she has received the Notice of Privacy Practices

8 Patient Rights The right to request restriction of PHI uses & disclosures The right to request alternative forms of communications The right to access and copy patient’s PHI The right to an accounting of the disclosures of PHI The right to request amendments to information

9 What does this Affect You?
At all times protect a patients information as if it were your own Look at a patient's PHI only if you need it to perform your job Give a patient’s PHI to others only when it’s necessary for them to perform their job, and do it discreetly

10 Discussing PHI Refrain from discussing PHI in public areas, such as elevators and reception areas Medical and support staff should take care of sharing PHI with family members, relatives or personal representatives or patients Information cannot be disclosed unless the patient has had the opportunity to agree with or object to the disclosure

11 HIPAA and Research The IRB (Institutional Review Board) may not authorize the use or disclosure of PHI for research purposes except: For reviews preparatory to research For research on the protected health information of a decedent If the information is completely “de-identified” If the information is partially de-identified into a “limited data set” and the recipient of the information signs a data use agreement to protect the privacy of such information If MCH has obtained a valid authorization from the individual subject of the information If the IRB approves a waiver of the individual authorization requirement

12 HIPAA and Breach of Confidentiality
Anyone who knows or has reason to believe that another person has violated this policy should report the matter promptly to his or her supervisor or the Compliance Officer. Gingie Sredanovich is the Compliance Officer at MCH (Ext. 1106) Michelle Pendergrass is the Compliance Officer at MMH (Ext. 1585)

13 Internal Disciplinary Action
Individuals who breach the policies will be subject to appropriate discipline They can also be subject to civil penalties Employees can lose their job and face monetary penalties from $100 to $250,000 and/or 10 years in prison

14 Security e-PHI is computer based patient health information that is used, created, stored, received, or transmitted by using any type of electronic information resource Ensure the confidentiality, integrity, and availability of information through information security safeguards

15 Confidentiality, Integrity, & Availability
Confidentiality- Ensure information will not be disclosed to unauthorized individuals or processes Integrity- Ensure that the condition of information has not been altered or destroyed in an unauthorized manner, & data is accurately transferred from one system to another Availability- Ensure that information is accessible an usable upon demand by an authorized person

16 User ID Users are assigned a unique “User ID” for log-in purposes, which limits access to the minimum information needed to do the job. Never use anyone else’s ID to log to a computer or use a computer that has someone logged on already Use of information systems is audited for inappropriate access or use Access is cancelled for terminated employees

17 Passwords All passwords are to be changed at least once every 6 months, or immediately if a breach of a password is suspected Passwords will not be inserted into messages or others forms of electronic communication Personal computers and other portable devices such as laptops, iPhones, iPads, etc.. Must be used as an information portal only. No sensitive or ePHI data will be stored on a portable device.

18

19

20

21

22 In Summary What is HIPAA? The Health Insurance Portability and Accountability Act. It is a federal law that protects the privacy of patients’ health information. How does HIPAA Affect Me? MCH requires all workforce members to sign a Confidentiality Agreement and to work together to protect the confidentiality and security of patients, proprietary, and MCH sensitive information.

23 Points to Remember Only access/use patient information when needed to perform your job and always go through the proper procedures Log off you computer or “lock” your workstation when you will be away from your work area so that PHI cannot be viewed or accesses in your absence Never share your password with anyone or leave it where someone might see it Never use the logon credentials of another user Use private areas to discuss patient information if possible Keep the volume of your voice lowered when having conversations concerning patients in open areas When papers containing patient information are no longer needed or required, either shred them or place them in a secure shredding bin. DO NOT dispose of paper with PHI in a waste basket. Before talking with patient's family members or friends about a patient's condition, check with the patient first

24 More Points to Remember…
Check the patient directory before releasing any information, including the patient's room number, to see if patient opted out of directory Be careful not to leave patient information at copy machines, faxes, or printers or in conference rooms When faxing information internally or externally, use and “official” MCH coversheet and confirm the recipient’s fax number before faxing. Do not remove health information

Download ppt "HIPAA Privacy & Security"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.

Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA P RIVACY & S ECURITY Education for Health Care Professionals.

HIPAA P RIVACY & S ECURITY Education for Health Care Professionals.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA

Similar presentations

Ads by Google