HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

Privacy and Information Security Training ( ) VUMC Privacy Website
System Security & Patient Confidentiality General Lesson 1.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Privacy, Security, Confidentiality, and Legal Issues
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
1 Copyright © 2011, 2007, 2003, 1999 by Saunders, an imprint of Elsevier Inc. All rights reserved. Privacy in the Physician’s Office Chapter 17.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.
HIPAA Privacy Rule Training
Privacy & Information Security Basics
HIPAA Privacy & Security
HIPAA CONFIDENTIALITY
Privacy & Confidentiality
HIPAA Online Student Orientation
HIPAA.
Health Insurance Portability and Accountability Act
Move this to online module slides 11-56
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Health Insurance Portability and Accountability Act
County HIPAA Review All Rights Reserved 2002.
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
Lesson 1  7 Basic Components of an Effective Compliance Plan
HIPAA Privacy & Security
The Health Insurance Portability and Accountability Act
Lesson 1: Introduction to HIPAA
HIPAA Compliance and Privacy in Insurance Billing
Move this to online module slides 11-56
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Presentation transcript:

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

The Security Rule Three Safeguards (security measures encompassing an information system) Administrative Protect through administrative actions Technical Protect and control access to information on computer systems Physical Prevent unauthorized use or disclosure due to physical events The Security Rule addresses only ePHI, due to technology standards. However, the guidelines should be applied to all PHI. Administrative, Technical, and Physical safeguards are all part of the Security Rule Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

ePHI – What does that mean? Electronically protected health information Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Why should I care about ePHI and the Security Rule? If you work in a medical facility, confidentiality and security must be followed at all times to prevent unauthorized disclosure of ePHI. Do you remember ? What is ePHI ? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Administrative Safeguards Prevents unauthorized use or disclosure of PHI through administrative actions. Examples: Employee physical access to PHI. Management of computer passwords. Limited access to employees on a need to know basis. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Pair and Share- Review Discuss with your partner the following questions: 1- What are the 3 safeguards for the security rule ? 2- Why are administrative safeguards important ? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Internal Audits To review who has access to PHI, and ensure that there are no inappropriate or accidental access to patient records. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Risk Analysis Each organization must evaluate their vulnerable areas associated with security and privacy. Reasonable safeguards must be implemented to protect against known risks. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Employee Confidentiality Statement Upon employment in a medical facility, employees will need to sign a statement they will comply with all HIPAA regulations (including the security rule), and keep all patient information confidential. REMEMBER, OUR LIPS ARE SEALED ! Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Employee Confidentiality Statement Form Fig. 2-5, p. 33. In most healthcare facilities, employees will need to sign a confidentiality statement as part of the hiring process. Don’t discuss a patient with acquaintances. Don’t leave confidential information exposed. Don’t leave confidential information visible on a computer screen. Properly dispose of notes/paper/memos by shredding. Be careful to remove original documents from the photocopier. Use common sense and follow confidentiality guidelines. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Technical Safeguards Technological controls in place to protect and control access to information on computers in the health care industry. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Examples of Technical Safeguards for ePHI Limited access to patient PHI on a need to know basis. Audit controls- Changing passwords, deleting user accounts. Automatic logoffs – Prevents unauthorized users from accessing patient information. Unique identifier or “username” and an unshared password to log in. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Pair and Share- Review Lets discuss some safeguards you use now to protect your information ? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Physical Safeguards Media and equipment controls- Covers how the facility handles retention, removal, and disposal of paper records. This includes recycling of computers and software programs containing PHI. Limited access to unauthorized areas where equipment and medical charts are stored. Examples of information to be shredded ? Who should have the key? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Physical Safeguards, cont. Secure workstations to minimize unauthorized viewing of PHI. Password protected screen savers are in use when computers are left unattended. Don’t let others know your passwords ! Protect those files ! Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Privacy Rule Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Responsibilities of Protecting Patient Rights Privacy Rules: Patients’ Rights Under HIPAA Right to Notice of Privacy Practices (NPP) Right to request restrictions on certain uses and disclosures of PHI Right to request confidential communications Right to access (inspect and obtain a copy) PHI Right to request an amendment of PHI Right to receive an accounting of disclosures of PHI Never discuss patient information with anyone other than the physician, insurance company, and authorized individual. An NPP is tailored to each organization and every patient must have access to it. Refer to the Policy and Procedures manual for clarification when disclosures are permissible. (See Box 2.5, p. 35, for more information.) What information do patients NOT have access to? (Psychotherapy notes, information for legal proceedings, information exempted from disclosure under CLIA) Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

The Privacy Rule –What is it ? Confidential Information Employees are responsible for maintaining the confidentiality of patients’ protected health information (PHI) Certain information or communications are excepted from the HIPAA rule- Covered in HIPAA lesson. Breach of confidential communication Considered a HIPAA violation See Box 2.2 (p. 31) for PHI examples. Confidentiality is automatically waived in some circumstances. See p. 32 in the textbook. Explain why the breach of confidential communication is considered a HIPAA violation. (HIPAA requires that PHI be kept confidential, so unauthorized release of PHI is considered a violation.) Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

The Privacy Rule (cont’d.) Privileged Information Relates to the patient’s treatment and progress Patient must sign an authorization to release this information Nonprivileged Information Ordinary facts unrelated to the patient’s treatment Example: Name, address, insurance information, etc Patient’s authorization is not needed for most information Information is disclosed on a legitimate need-to- know basis Privileged information is related to treatment of the patient, and nonpriviledged information is unrelated to treatment of the patient. Nonprivileged information does not need an authorization form, but is released only on a need-to-know basis. Explain what the patient must do in order to authorize the release of privileged information. (sign an authorization to release the information or selected facts from the medical record) Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Pair and Share - Review Discuss with your partner the following: 1- Name 3 patient rights under HIPAA. 2- What is breach of confidential communication mean ? 3- Name one example of privileged information, and one example of non- privileged information. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Compliance Program –Why should there be one ? Compliance Plan Internal monitoring and auditing Implementing compliance and practice standards Designate a compliance officer-All facilities should have one. Training and education-Ongoing Responding to offenses and developing corrective action. Open lines of communication Enforcing disciplinary standards A P&P will set out a compliance plan that complies with HIPAA standards. Reasonable safeguards should be outlined in the P&P and permissible incidental uses and disclosures should be identified as the plan is put into action. A well-designed compliance plan will improve efficiency, minimize mistakes, and reduce the likelihood of an OIG audit. Mitigating risk is the most important result of a good compliance plan. Always have a contact for the compliance plan. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.