Health Insurance Portability and Accountability Act HIPAA Highlights Health Insurance Portability and Accountability Act
Target Audience: Students Contacts: Privacy Office, privacy1@fairview Target Audience: Students Contacts: Privacy Office, privacy1@fairview.org or 612-672-5647 Estimated Duration and Viewing Instructions The expected time to complete this learning activity is 5 minutes.
On completion of this lesson, learners should be able to: Take reasonable steps to protect patient confidentiality when communicating with patient, family members, other caregivers, physicians and others, both face-to-face and electronically.
Lesson Includes: Minimum Necessary Log off / Secure PHI Communication Telephone Messages Faxes Email Texting Sharing Information Awareness Safeguarding Information Checking names Multi-tasking Click here at any time to return to this slide.
HIPAA (Health Insurance Portability and Accountability Act) HIPAA is a federal regulation requiring us to protect the privacy of patient information. Any health and billing information that is connected with an identifier is considered “protected health information” (PHI) and must be protected.
Do you receive more patient information than you need to do your job?
Do you receive more patient information than you need to do your job? If you answered YES, then we are potentially in violation of HIPAA’s “Minimum Necessary” requirement.
MINIMUM NECESSARY Analyze what you send and receive to do your work. 1 Analyze what you send and receive to do your work. This may involve a discussion with those you communicate with so both the sender and receiver understand what information is required to get the job done. Just because it is easier to send it than remove the unnecessary information does not make it OK to send. We put patient confidentiality at risk to do our jobs, but we can minimize this risk by scrutinizing and limiting the information we send and receive.
MINIMUM NECESSARY Analyze what you send and receive to do your work. 1 Analyze what you send and receive to do your work. This may involve a discussion with those you communicate with so both the sender and receiver understand what information is required to get the job done. Minimum Necessary also must be followed when giving information to our Business Associates (BA). BAs are vendors who need to use PHI when performing services on behalf of Fairview like an external law firm or consulting company. All BAs must have a business associate agreement on file in iManage.
MINIMUM NECESSARY 1 Just because it is easier to send it than remove the unnecessary information does not make it OK to send. We put patient confidentiality at risk to do our jobs, but we can minimize this risk by scrutinizing and limiting the information we send and receive.
LOG OFF / SECURE PHI 2 You are responsible for all accesses that are done under your user ID. Be sure to log off applications when you step away. Do not risk having someone look at records that will be traced back to you for an explanation.
LOG OFF / SECURE PHI 2 Do not take PHI out of Fairview – there are very few employees that are required to transport patient information in order to do their job. If you must transport patient information, your manager needs to approve this practice first.
COMMUNICATION 3 Telephone Messages Obtain patient consent before leaving detailed information on their voicemail. If you do not have verbal or written consent, only leave minimal information such as, “This message is for John Smith. This is Jane from Eden Prairie Clinic. Please return my call at 952-###-#### at your earliest convenience.”
COMMUNICATION 3 Faxes Enter fax numbers very carefully and always use a fax coversheet so recipients will know who to contact with questions or to report faxes that are sent to the wrong location.
COMMUNICATION 3 Email Type the word “SECURE” in an email subject line to securely email confidential information outside of fairview.org. Recipients will receive a link to a secure server where they will log in to retrieve the message.
COMMUNICATION 3 Texting Limit text messages that include patient information to communications necessary for current patient care, and DO NOT include direct identifiers. Fairview only allows indirect identifiers in the message such as room number, patient initials and age. DO NOT include name, date of birth or other identifiers. *Exception: When needed, direct identifiers such as patient name may be sent to dedicated pagers as long as the message is deleted promptly.
COMMUNICATION CORRECT INCORRECT 3 Texting To: --- From: --- Sending 24 yo M in for urgent appy To: --- From: --- Sending Jon Doe 2/15/64 in for urgent appy CORRECT INCORRECT
Delete message promptly COMMUNICATION 3 Pager Jon Doe urgent appy ALLOWED IF NEEDED Delete message promptly
COMMUNICATION 3 Sharing Information with Family Ask for the patient’s permission before sharing information with family/others or in the presence of family/others. Unless a patient is not able to consent, we must allow the patient to agree or object to sharing details other than their general condition.
AWARENESS 4 Safeguarding Patient Information Be aware of your surroundings. Take reasonable steps to prevent unauthorized individuals from seeing, hearing or accessing confidential information (speak softly, lock/secure, destroy in confidential manner, log out of applications).
AWARENESS 4 Checking Names Be sure to page through copies and check the names before mailing or handing documents to patients. A common, but preventable, HIPAA violation at Fairview is when a patient is handed their own documents and are also given the records of another patient who may have been printed next (e.g. After Visit Summary, labs).
AWARENESS 4 Multi-tasking Be mindful of multitasking and validate which patient’s information you are working with to prevent mishandling. We are all busy and juggle multiple tasks. This, however, can lead to mix-ups causing privacy issues.