Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA PRIVACY AND SECURITY CONFIDENTIALITY. Before we begin… Have the printed Power Point Notes pages in front of you on the left Have attachments 1 and.

Published byTracy Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "HIPAA PRIVACY AND SECURITY CONFIDENTIALITY. Before we begin… Have the printed Power Point Notes pages in front of you on the left Have attachments 1 and."— Presentation transcript:

1 HIPAA PRIVACY AND SECURITY CONFIDENTIALITY

2 Before we begin… Have the printed Power Point Notes pages in front of you on the left Have attachments 1 and 2 in front of you on the right Attachment 1 = Related Policies and Procedures Attachment 2 = Quiz/Acknowledgement

3 HIPAA - A Brief Refresher Health Insurance Portability and Accountability Act of 1996 What it does: Protects the privacy and security of health information (confidentiality) Improves the way health information is transferred Gives new rights to Clients, which give them greater access and control of their health information

4 The Big Privacy Rule Messages remain the same: Client information Keep it confidential! Before Using or Disclosing Information Use the “Need to Know” Rule When in Doubt…ASK!

5 Why are We Here Today? (Agenda) Review some Basic Information about the HIPAA Privacy Rule Protected Health Information (PHI) Client Rights under HIPAA Using and Disclosing PHI Complaint and Grievance Process Define Roles and Responsibilities

6 Why are We Here Today? (Agenda) -2 Review some Basic Information about the HIPAA Security Rule Password Protection Workstation Use

7 Participants will know that there is a federal law that pertains to permitted and required uses and disclosures of protected health information; what protected health information is what confidentiality means what rights patients have to their information what the ramifications of violations are to each member of the work force and the organization where to obtain policies and procedures on privacy and security the importance of reporting--without fear of retaliation-- any suspected breaches of confidentiality

8 And… Understand HIPAA Sanctions and Penalties Review New Policies and Procedures Test your knowledge Practice Session

9 How Will HIPAA Affect You Policies, procedures and practices The Facility Use and Disclosure, Access and Sanctions Policies, among others, have been updated to include HIPAA requirements Our Actions and Decisions Must be more conscious of privacy and security all the time and in every interaction Be aware of the rules and stick to them

10 What is Protected Health Information (PHI)? PHI is all health information about clients including: Their medical or mental health condition Any treatment they’ve had or will have Clinical, billing and financial information CONFIDENTIAL ALL of this information is protected and therefore CONFIDENTIAL

11 PHI Can be written, oral, automated, electronic or manual, email or a fax. Is individually identifiable Some examples include: Name, address, birth date, social security number

12 HIPAA Makes us aware of using Information Example: I stop to speak with a peer in the hall about one of the clients. Who’s around me? I could be breaching confidentiality Example I get up and walk away from my workstation I don’t log off because my screensaver will come up in 5 minutes I could be breaching confidentiality

13 Notice of Privacy Practices Clients have a right to know how we will use and disclose their PHI The Notice of Privacy Practices Explains the client’s rights under HIPAA Tells them how to file a complaint/grievance The Notice must be posted where clients can see it.

14 Notice Of Privacy Practices: Rights Under HIPAA Clients also have the right to Inspect and Copy records Amend records under certain circumstances Request an accounting of disclosures of PHI Confidential Communications Request Restrictions on uses and disclosures of PHI The Facility has the right to refuse the requested restriction If the client is conserved, access privileges will be processed through the conservator, public guardian, etc. and per facility policy. ALL requests for access should be reported to the Administrator and process through Medical Records

15 The Facility May Use or Disclose PHI To provide services to Clients For the normal operations of the Facility If it is required by law (subpoena, etc.) To our Business Associates in the course of providing services

16 Business Associates The Business Associate Signs an agreement with the facility to provide services that include using, creating, and maintaining PHI for Clients of the Facility Ensures the facility that they are HIPAA compliant Must fulfill the roles and responsibilities stipulated in the Business Associate Agreement

17 Safeguarding Privacy & Security Disclose only the amount of PHI necessary to accomplish the intended purpose Staff access to PHI both written and electronic information is delineated by the Facility and is limited to only what is needed to perform job duties

18 Safeguarding Privacy & Security -2 You may inadvertently disclose information electronically by… Using Public Internet Installing shareware or freeware Using Instant Messaging Improperly disposing of media (CD’s, etc) or computers, hard drives, paper Sending PHI over email that is unencrypted

19 Safeguarding Privacy & Security -3 The Facility Sanctions Policy for Privacy and Security Violations may have levels of violations Level one violations Less severe infractions – sharing password, for example Level two violations Disciplinary actions up to and including termination Must mitigate any harmful effects caused by privacy or security violations

20 The Bottom Line… BE CAREFUL WITH PHI There are serious consequences to misuse and improper disclosure In addition to facility Sanctions there are possible Civil Penalties

21 The Use and Disclosure Policy Outlines how the Facility may Use and Disclose PHI including staff access privileges Assures that all Staff will maintain privacy in accordance with HIPAA Delineates the requirements and procedures for the Facility’s Notice of Privacy Practices

22 Contact the Privacy Officer/Administrator/Medical Records When… You have questions about whether or not something is PHI You receive an authorization to release information A Client Asks to see or copy records Wants to amend, correct records Wants to restrict disclosure of PHI Requests an alternate method of communicating PHI

23 Authorizations Required for release of protected health information Must be HIPAA compliant authorization Forward any requests to the Administrator and/or Medical Records

24 Receiving an Authorization Another organization or person may request an client’s records by using their own authorization (Signed by the client) Refer these requests to Medical Records to ensure appropriate processing according to HIPAA Rules

25 Verification of Authority Verify authority to request PHI regarding enrollment or other PHI maintained or created by you Physical ID check, i.e. Driver’s License, Medicare Card, etc Phone call to an office to verify authenticity of the requestor Any doubts…refer to the Administrator or Privacy Officer

26 Client Access to Records Refer requests to the Administrator and Medical Records A written request is required If the person is conserved, that request must come through the conservator, public guardian, etc. The Physician should also be contacted to make sure that reviewing the record would not cause harm to the client If the request made involves a large volume of records and is very time consuming there may be a nominal charge to the client

27 Access to or Inspection of Records Access or Inspection of records must be done through the Administrator/Medical Records The Administrator/Medical Records may deny access when PHI makes reference to another person PHI is not created by the Facility And will Notify the client/conservator of the denial in writing

28 Request for Copies of PHI A written request is required The Facility may charge for copies of records Refer all requests to the Administrator/Medical Records

29 Confidential Communications Provide confidential communications to the client to the extent possible Fax Email Mail to an alternate address Must be done through the Admissions Office

30 Requesting Restrictions on Release of PHI Technically a right of the client Facility only releases To the client, as permitted By authorization of the client As permitted or required by HIPAA or required by law As part of Treatment, payment or healthcare operations

31 Privacy Violation Complaint and Grievance Procedure The Facility must have a Complaint and Grievance Procedure for Privacy & Security Complaints The client may complain to the Privacy Officer or Privacy Contact Person If unsatisfied, the client may complain to the Secretary of DHHS, which is listed on the Notice of Privacy Practices

32 Reporting breaches The staff must be able to report--without fear of retaliation--any suspected breaches of confidentiality Reports may be made to your Privacy or Security Officer Or directly to the Secretary of the Dept. of Human Services as listed on the posted Notice of Privacy Practice

33 Passwords The risk of breach is ranked high because password cracking is still a very common form of hacking. Passwords should Not be written down in a place where they could be accessed Be required to be changed frequently Have a combination of characters and letters and cases Not be words found in a dictionary (English or Foreign) Never be shared

34 Workstation use The risk is ranked medium for desktop workstations, and high for portable workstations due to their greater potential for loss or theft and generally weaker controls, including the human factor. Do desktop workstations contain data inappropriately stored on the hard drive? Private Programs, downloaded freeware, shareware Have any of the workstation’s security configurations have been changed? (Security settings changes, for example)

35 Workstation use-2 Could “shoulder surfers” and other social engineers determine if passwords or other security-related information could be obtained from users of workstations? Workstations, including printers, copiers, and faxes automatically connected to workstations, should also be safeguarded.

36 Key Positions Privacy Officer Overall responsibility for all Privacy Functions for the Facility Responds to Clients privacy questions complaints Facility Contact Person First Line of Defense for Privacy Questions and Issues Security Officer Overall responsibility for all Security Functions for the Facility Responds to Facility IT Security questions Problems, reports of possible breaches

37 Test Your Knowledge See Attachment 2 – Quiz/Acknowledgement 1. The client has the right to access all protected health information held by the Facility. True or False? 2. A person’s address may be considered PHI? True or False?

38 Test Your Knowledge 3. You may release PHI as long as there is a written request for you to do so? True or False?

39 Test Your Knowledge 4. Privacy or Security Violations may result in termination of employment. True or False 5. Sharing passwords is permissible as long as it is someone you work closely with. True or False

40 Acknowledgment of Advanced HIPAA Training Documentation of additional specialized HIPAA Training Please Sign the Form provided by the DSD

Download ppt "HIPAA PRIVACY AND SECURITY CONFIDENTIALITY. Before we begin… Have the printed Power Point Notes pages in front of you on the left Have attachments 1 and."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
LMC 2005 1 WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
The HIPAA Privacy Training Video for EMS Field Providers

The HIPAA Privacy Training Video for EMS Field Providers
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Similar presentations

Ads by Google