1. Professional Nursing Services

2.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws and Professional Nursing Services policies and procedures that protect the privacy and security of confidential data.  How these affect your job  How you can protect confidential and sensitive information  Your responsibilities for good computer and communication skills  How to report privacy breaches and security incidents.

3.  The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that specifies administrative simplification provisions that:  Protect the privacy of patient information  Provide electronic and physical security of patient health information (PHI)  Require “minimum necessary use and disclosure”  Specify patient rights to approve the access and use of their medical information

4.  This is an update to HIPAA. As part of the American Recovery and reinvestment Act of 2009, the Health Information Technology of Economic and Clinical Health (HITECH) updated federal privacy and security standards. The updates include:  Breach notification requirements  Fine and Penalty increases for Privacy Violations  Right to request copies of the electronic health care record in electronic format  Mandates Business Associates are civilly and criminally liable for privacy and security violations.

5.  Privacy violations may carry penalties under federal, state privacy laws and PNS policies:  HIPAA Criminal Penalties : $50,000-$1,500,000 fines, imprisonment up to 10 years  HIPAA Civil Penalties: $100-$25,000 /year fines, more fines if multiple year violations  State- States Attorney may bring legal action to collect attorney fees and damages for the individual.  How to report Privacy Breaches and Security Issues Professional Nursing Services 10615 York Rd, Cockeysville, MD 21030 Ann O’Shea @ 410-683-9770 DHHS Office for Civil Rights 150 S. Independence Mall West – Suite 372 Philadelphia, PA 19106-3499 215-861-4441 OHCG Spring Field Hospital Center Bland Bryant Bldg. 55 Wade Ave, Catonsville, MD 21228 1800-492-6005

6.  HIPAA requires that PNS train all of its workforce members about PNS’s HIPAA policies and specific procedures which may affect the work you do. These rules apply to you when you look at, use, or share Protected Health Information.  What information must be protected?  You must protect an individual’s PHI (Protected Health Information which is collected or created as a consequence of health care operations.  What is PHI?  Is information related to a patient’s past, present or future physical and or mental health condition.  Can be in any form:  Written, spoken, or electronic including video, photographs and x-rays  Includes at least one of the 18 personal identifiers in Association THESE RULES APPLY TO YOU WHEN YOU USE, VIEW, OR SHARE PROTECTED HEALTH INFORMATION

7. 1. Name 2. Postal Address 3. Dates (excluding year) 4. Telephone numbers 5. Fax numbers 6. E-mail addresses 7. URL addresses 8. Social Security numbers 9. Account numbers 10. License numbers 11. IP addresses 12. Health plan beneficiary numbers 13. Device identifiers and their serial numbers 14. Vehicle identifiers and serial numbers 15. Biometrics (fingerprints, voice prints) 16. Medical record numbers 17. Full face photos and other comparable images 18. Any unique number, code, or characteristic

8.  The Notice of Privacy Practices (NOPP) allows PHI to be used and disclosed for purposes of TPO  TREATMENT (T), PAYMENT (P), OPERATIONS (O)  The TPO includes health care professionals directly involved in the team providing services to the client. I.e.. Case managers, equipment vendors, nurses, physicians, emergency personnel.  For patient care and treatment, HIPAA does not impose restrictions on use and disclosure of PHI by health care providers.  EXCEPTIONS:  PSYCHOTHERAPY INFORMATION  HIV TEST RESULTS  SUBSTANCE ABUSE INFORMATION  For anything else HIPAA requires users to access the minimum amount of information necessary to perform their duties. i.e. Billing clerk lab test performed but not the results.

9. Do’s  Communicate to medical personnel directly involved in the care of a client i.e. Case managers, Doctors, Nurses.  Utilize caution when speaking in areas where information may be overheard by personnel not directly involved in the care of the client.  Regards to computer use- utilize your password when accessing information.  Protect client’s privacy disclosing the minimum necessary information when appropriate.  Email communications should include a test email to confirm the correct email address is provided.  Report all breaches immediately or within 5 days of the breach to PNS security officer/ Ann O’Shea @ 410-683- 9770/1-888-329-0887. Don’ts  Do not discuss clients to individuals not directly involved in the treatment payment or operations of the client.  Do not discuss client information or any of the PHI information to anyone not involved in the care of the client.  Do not discuss any patient information with anyone unless required for your job.

10. Once you have finished reviewing the previous information, please complete the HIPAA Training Acknowledgement form