Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;

Published byΣωφρόνιος Δημητρίου Modified over 5 years ago

Similar presentations

Presentation on theme: "HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;"— Presentation transcript:

1 HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services; Corporate Compliance Officer; Privacy Officer; Information Security Officer, The Center for Health Care Services ext. 203

2 HIPAA Background Insurance Portability Administrative Simplification
1. Standard Codes and Transactions 2. Information Security 3. Privacy of Protected Health Information 4. Identifiers

3 HIPAA Privacy The Privacy Rules grant patients a series of Rights to control use and disclosure of their own Protected Health Information (PHI): To review their own records To amend and/or append their own records To direct future non-disclosures To complaint against improper disclosures

4 HIPAA Privacy PHI can be exchanged between covered entities with the patient’s authorization. PHI can be exchanged between covered entities without the patient’s authorization under the following circumstances: For health care treatment For health care payment For health care operations

5 HIPAA Privacy Other exceptions to disclosing PHI without the patient’s authorization: For public health activities To address a serious threat to health or safety For law enforcement purposes For judicial and administrative proceedings For national security and intelligence activities To Advocacy, Inc. to investigate complaints To TFPS, if its an alleged case of abuse/neglect/exploitation For governmental programs providing public benefit

6 HIPAA Privacy Obtaining written authorizations prior to any PHI exchange is always good practice Obtaining written authorizations is required for any reason beyond treatment, payment, or health care operations

7 HIPAA Privacy The Minimum Necessary Rule Notice of Privacy Practices
Designation of staff processing PHI exchanges Reporting possible breaches/violations

8 HIPAA Privacy Key rulemaking comment and interpretation:
“The privacy rules, along with the other administrative rules relating to HIPAA, are intended to improve health care efficiency and effectiveness. They are not intended to be an impediment to proper health care treatment and operations”.

9 Privacy Compliance Issues
CHCS reviews and monitors all programs and program locations for consumer privacy compliance on an ongoing basis. Recent areas of concern (reported by Privacy Officer): Leaving sensitive consumer documents with PHI on desks and/or work space Offices often unattended/unlocked with non-secured PHI Computers left unattended while logged in to system Not disposing of documents in secure shredder containers Leaving sensitive documents in copier rooms, on copiers, on or adjacent to fax machines in un-secure locations. Faxed consumer items should be sent only to secure fax machines located in medical records areas. NEED UPDATED INFO FROM PAUL

10 Reasonable Safeguards
Speak quietly when discussing a consumer’s condition with family members in waiting rooms or other public areas Avoid using consumer names in elevators and hallways Secure documents in locked offices and cabinets Use Fax Coversheets with CHCS confidentiality statement at all times Some examples of Reasonable Safeguards include: (a) speaking quietly when discussing a consumer’s condition with family members in a waiting room or other public area (b) avoid using consumer names in hallways, elevators unless really necessary (c) posting signs to remind employees to protect consumer privacy (d) securing documents in locked offices or file cabinets using passwords and other securing measures on computers Each office will be developing reasonable safeguards – specific to their tasks and set-up. Please talk with your supervisor about the reasonable safeguards that will be followed in your work area. Use passwords and other security measures on computers.

11 Safeguard Standard For internal communications when dealing with management issues or complaints, any time PHI of a current or former consumer is present in the subject documentation, such as a complaint letter or , that PHI will be removed/redacted (edited) by the first recipient prior to re-distributing or forwarding the communication. Ex: a multi-subject or memo full of management and staff complaints, and a consumer happens to be identified in that because it is a mixed-subject communication. Any recipient of that would need to redact (or erase) the PHI information before sending it on or responding to any other person. In such instances, the Privacy Officer should be consulted for appropriate and accurate actions. Is this covered in IS orientation???

12 Paul Sisler, CHCS Privacy Officer and Director of Information Services
Privacy Violations All possible violations of protected health information (disclosing private information about a consumer to someone who does not have the authorization or need to know) should be reported to the CHCS Privacy Officer: Paul Sisler, CHCS Privacy Officer and Director of Information Services ext. 203 Check job title

13 HIPAA Privacy Questions and Answers

Download ppt "HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;"

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.

Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA & Security Awareness Training Annual Mandatory Education.

HIPAA & Security Awareness Training Annual Mandatory Education.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A

Protecting Client Data HIPAA, HITECH and PIPA Part 1A

Similar presentations

Ads by Google