Hurdles Human Resources Inconsistent Processes Hardware Integration
Looking Back What’s different about our organization today? What did we do to help staff accept the change? What did we do to help physicians accept the change? What challenged us as leaders? What was the best part of the experience?
Law passed by Congress in 1996 –Major rules affecting hospitals Transactions, Code Sets, and Identifiers Privacy Rule – Sets standards for the protection of patient information (oral, written, electronic) Security Rule – Sets standards for protected health information in an electronic format Health Insurance Portability and Accountability Act
HIPAA Compliance Enforcement Privacy Rule – Office for Civil Rights (OCR) Security Rule – Centers for Medicare/Medicaid Services (CMS) Criminal Matters – Department of Justice (DOJ)
What is Protected Health Information (PHI)? Name Address/Dates Telephone/fax #s Social Security #s Medical Record #s Patient Account #s Insurance Plan #s Vehicle Info. Certificate/License #s Medical Equipment #s Photographs Fingerprints Email/Internet address Web URLs Any other unique code, or identifier
Most Frequent Privacy Complaints Impermissible use and disclosure of PHI Lack of adequate safe guards to protect PHI Refusal or failure to provide an individual with access to his/her health records Disclosure of more information than is necessary to satisfy a request for information Failure to provide the Notice of Privacy Practices
Most Frequent Security Complaints Information access management Security awareness and training Access control Workstation use Device and media control
Hot Topics Permitted Uses and Disclosures Authorization Forms Minimum Necessary Facility Directory E-mail Access EPHI Disposal of PHI Audits
Breaches/Violations Inadvertent: accidental, often due to lack of education or awareness Intentional: accessing PHI with not legitimate business purpose for doing so Intentional with malice: accessing PHI with the intent to use for personal gain or to harm someone.
Sanctions Consistent throughout organization Fits the crime
Compliance Tips Update policies and procedures regularly. Conduct ongoing training for staff. Discuss patient information in private areas. Keep voices down. Place computers, printers, fax machines in secure areas. Direct monitors away from view of visitors. Access only the information you need to perform your job. Retrieve documents from printers and fax machines immediately. Dispose of PHI properly. Assist visitors promptly to ensure they do not access staff areas. Report and address issues immediately. Audit compliance with polices and procedures. Enforce compliance with polices and procedures.
Questions and Answers Danielle P. Berthelot, RHIA Director, Health Information Management and Cancer Registry Privacy Officer Woman’s Hospital Email: email@example.com