Presentation is loading. Please wait.

Presentation is loading. Please wait.

Your Role in Corporate Compliance and HIPAA Confidentiality

Published byElisa Hankinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Your Role in Corporate Compliance and HIPAA Confidentiality"— Presentation transcript:

1 Your Role in Corporate Compliance and HIPAA Confidentiality

2 Part I: Understanding Your Role in Corporate Compliance

3 What is Compliance? The term compliance has different meanings. In terms of the healthcare industry, compliance means adhering to the requirements stated under the Medicare and Medicaid laws contained within the Social Security Act and the regulations from CMS (Centers for Medicare and Medicaid Services) and other respective federal and state agencies. Our employees’ behavior is a direct reflection on OSF Healthcare. We want to be known as the region’s best health-care system with employees who consistently display high standards of integrity, conduct and ethical behavior.

4 What Does Compliance Mean to You as an OSF Employee?
The Vision of OSF Healthcare is that recognizing God’s great gift of life, we will be a community of caregivers pursuing perfection in healthcare quality, safety, service and financial integrity. Our Corporate Compliance Plan is located online at the following address, Our employees’ behavior is a direct reflection on OSF Healthcare. We want to be known as the region’s best health-care system with employees who consistently display high standards of integrity, conduct and ethical behavior..

5 Who is Big Brother? CMS (Centers for Medicare and Medicaid Services) works with the OIG (Office of the Inspector General) to investigate possible fraud and abuse cases. If CMS believes the hospital has participated in fraudulent activities either knowingly or unknowingly, the OIG investigate. The FBI is the organization that investigates and enforces healthcare compliance. The Department of Justice prosecutes healthcare organizations for healthcare fraud and abuse.

6 What is a Breach of Compliance?
Understanding how these regulations apply in our daily lives can be difficult. An example of fraud is billing for services not provided. Even mistakenly violating these laws could be abuse and may also result in fines. Examples of possible abuse are repeatedly using the wrong billing codes or making the same error when filing claims.

7 What is in OSF’s Compliance Plan?
Standard of Conduct: Each new employee signs a form located in the HR handbook that is given to them during orientation. The statement reads: Any OSF Healthcare employee who has knowledge of any activity or behavior which is unethical, immoral or illegal must report this activity or observed behavior to his/her immediate supervisor or to the Director of Human Resources. Identification of High Risk Areas: These are areas that are identified as a higher risk for potential fraud and abuse therefore require more frequent monitoring by the compliance department.

8 What is in the Compliance Plan?
Disciplinary Guidelines: The Corporate Compliance Plan identifies employee obligations to government investigations, compliance chain of command and compliance plan discipline.

9 The OSF Healthcare System Corporate Compliance Program promotes:
The requirement of a facility compliance officer The identification of a facility compliance officer The identification of chain of command The identification of Integrity Hotline The provision of education to staff regarding compliance The identification of Standards of Conduct

10 In Summary..... Compliance means adhering to the requirements stated under the Medicare and Medicaid laws contained within the Social Security Act and the regulations from CMS (Centers for Medicare and Medicaid Services) and other respective federal and state agencies. Doing the right thing, the right way, the first time, all the time! Non-compliance means fraud and/or abuse, penalties, disciplinary action, and public distrust.

11 Part II: HIPAA Awareness Training Privacy and Security Rules
OSF Healthcare System HIPAA Awareness Training – explaining the Privacy and Security Rules.

12 What is HIPAA? HIPAA stands for: Insurance Portability and
Health Insurance Portability and Accountability Act of 1996 HIPAA stands for Health Insurance Portability and Accountability Act of No, it’s not short for hippopotamus.

13 What is HIPAA? HIPAA is a federal regulation that OSF Healthcare System has to comply with that protects the privacy, security and confidentiality of a patient’s health information. So because of these reasons, a federal regulation that OSF Healthcare System has to comply with that protects the privacy, security and confidentiality of a patient’s health information.

14 HIPAA Privacy Rule The HIPAA Privacy Rule
Standards to protect the privacy of medical records and other patient specific information. Making sure protected health information (PHI) is properly handled by the facility. So – then read slide.

15 HIPAA Privacy What is protected health information? - Information that could be used to identify an individual - Examples would be: name, social security number, (demographic information) - Transmitted or maintained in any form such as oral, written, or electronic information Protected health information, known as PHI, is defined as individually identifiable health information. Individually identifiable health information identifies the individual where there is a reasonable basis to believe that the information can be used to identify the individual. Some examples of individually identifiable health information include: name, address, social security number, drivers license number, etc. The HIPAA Privacy Rule is to protect information in any format – whether it be oral, written or electronic.

16 Corporate Compliance/Privacy Officer
HIPAA HIPAA requires that all health care organizations have a Privacy Officer. Corporate Compliance/Privacy Officer John Evancho Each OSF entity has their own Privacy Officer. OSFSFMC – Dan Blunier ( ) Read Slide

17 Privacy Officers Responsibilities include:
Overseeing the privacy functions at the facility. Serve as a resource for questions and concerns. Handle any privacy related complaints. Develop privacy policies and procedures. Provide training to staff. Read slide.

18 HIPAA – Why is training necessary?
Confidentiality is so important, that OSF requires that: All employees and workforce members be informed of their responsibility to protect confidentiality. Proven violation of the confidentiality of patient information shall include immediate disciplinary action up to and including termination. Confidentiality is so important that OSF requires that all employees and workforce members, which includes not only employees, but also volunteers, consultants, students, and business partners, be informed of their responsibility to protect patient confidentiality. A proven violation of the confidentiality of patient information shall include immediate disciplinary action up to and including termination as described in our Positive Discipline Policy.

19 HIPAA – Policy Our policy states that patient protected health information (PHI) will be kept private and confidential Our policy also guides us on who should have access to patient information Direct access to patient information shall only be permitted to those employees who have a “need to know” to perform their job functions. Minimum necessary information to perform their jobs. So what is OSF Healthcare system’s policy regarding confidentiality and our patient’s protected health information? Our policy states that patient protected health information (PHI) will be kept private and confidential. Our policy also guides us on who should have access to patient information: Direct access to patient information shall only be permitted to those employees who have a “Need to know” to perform their job functions. This means that if you don’t need a patients PHI to perform your job –you will not have access to it – nor should you ask for it.

20 HIPAA - Policy What patient information does OSF require me to keep confidential? Demographic information Examples: Name, social security number, date of birth, address, etc. Information about injury, illness or condition – including symptoms, diagnosis or treatment Conversations between the patient and health care workers What patient information does OSF require me to keep confidential? We ask you to keep a patients demographic information confidential – that includes their name, address, date of birth, etc. We also request that you keep confidential any information about an injury, illness or any condition – and that includes symptoms, diagnosis or treatment. Also, conversations between the patient and health care workers must also be kept confidential.

21 What information can I provide to persons seeking information about a patient?
Facility Directory information: 1. The patient’s location with the facility; 2. The patient’s condition stated in general terms (i.e. good, fair, poor); 3. The patient’s religious affiliation (available only to clergy). If someone asks for information about a patient – what information can I provide? According to the Privacy Rule, you can provide information that is included in the facility directory. That includes the patient’s location in the facility, and the patient’s conditions stated in general terms – such as good, fair, poor, critical. A patients religious affiliation is also available to the clergy .

22 HIPAA - Policy Our Confidentiality Policy also guides us on when and where we can discuss patient information. Discuss patient information privately; never in elevators, lobbies, cafeterias, or corridors Make sure requisitions, forms, and computer screens with patient names and information are not easily viewed by others Dispose of unnecessary patient information in proper receptacles for shredding, not ordinary trash bins Read slide.

23 HOW do I protect the privacy of my co-workers?
Take special care to respect the privacy of co-workers and colleagues who are patients. Do NOT discuss the health care services of your co-workers with anyone who is not directly involved in their care. - Do NOT access their private health information unless it is for patient care purposes So, how do you protect the privacy of a co-worker? Remember to take special care to respect the privacy of co-workers and colleagues who are patients. Do not discuss the health care services of your co-workers with anyone who is not directly involved in their care. Do not ask co-workers why they are a patient, or their reasons for being in the hospital or clinic. Do not access their private health information ( look at their chart) unless it is for patient care purposes.

24 HIPAA – How do our patient’s know their Privacy Rights?
We are required to provide a Notice of Privacy Practices to all patients that describes their rights over their PHI Patients will sign an acknowledgement form stating that they received a copy of the Privacy Notice The HIPAA privacy rules tells us how we must protect a patients health information. How do our patients know how we protect their health information? We are required to provide a Notice of Privacy Practices to all patients that describes their rights over their protected health information. Patients will sign an acknowledgement form stating that they have received a copy of the Privacy Notice.

25 Reporting Possible Violations
Can employees report possible violations of the privacy rule? Employees are encouraged to report possible violations of the privacy rule to us. Employees should feel comfortable to know that we will not take any retaliatory action when employees file complaints Submit complaints to your immediate supervisor, Privacy Officer or the Integrity Line at – 547 – 2822. Read slide.

26 Why Comply With the HIPAA Rule?
Ethics – it’s the right thing to do Civil Penalties – fines of $100 for every accidental violation Criminal Penalties – up to $250,000 for violations committed knowingly/purposefully and up to 10 years in federal prison Besides the government telling us we have to comply with the HIPAA rules, OSF wants to comply because it is the right thing to do. HIPAA is serious about patient privacy. Failure to comply can results in civil penalties with fines of $100 for every accidental violation not to exceed $25,000 during a calendar year. For criminal penalties, the fines go up to $250,000 for violations committed knowingly and purposefully and up to 10 years in a federal prison.

27 HIPAA Security Rule The Privacy Rules identifies what information is
protected, whether it be in electronic, oral or paper form, and who may have access to that information (PHI). The Security Rules identifies steps for ensuring that only those who should have access to electronic PHI (ePHI) will actually have access. Read Slide

28 Administrative Safeguards
The Administrative Safeguards require that facilities develop processes, policies and procedures to prevent, detect, contain, and correct security violations. Read slide.

29 Physical Safeguards The purpose of physical safeguards is to help protect the physical computer systems and related buildings and equipment from: - Fire - Other natural and environmental hazards - Unauthorized access. Read Slide. Among the physical safeguards that we need to address to comply with the security rules are: Facility access controls – policies and procedures relating to the physical security of the facility Workstation use and security – practices that protect work areas and computer systems from unauthorized use Device and media controls – procedures to handle computers and other items that contain electronic PHI, such as CD-ROMs and floppy diskettes.

30 Technical Safeguards Some of the processes used to promote compliance with the Technical Safeguard rule include: Computer system access, such as passwords Assigning security levels based on user identify or job responsibility Proper identification of individuals requesting access to ePHI Audit trails that record system activity as it occurs Read slide

31 Security Safeguards Passwords - don’t share and don’t post .
Workstations - secure your workstation, use screen savers, lock your computer if unattended, log off when not in use, log off at night. - avoid sending sensitive/confidential patient information. Removable media (disks, CDs,) - lock up and store, dispose/destroy properly. Internet - firewalls, monitor and audit usage, utilize virus protection. Here are some examples of security safeguards. Read slide.

32 Remember Patient confidentiality is:
Everybody’s job Read slide.

Download ppt "Your Role in Corporate Compliance and HIPAA Confidentiality"

Similar presentations

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
Hipaa privacy and Security

Hipaa privacy and Security
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.

WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Similar presentations

Ads by Google