HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training ( ) VUMC Privacy Website
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA & Security Awareness Training Annual Mandatory Education.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
V OLUNTEER P RIVACY AND INFORMATION SECURITY T RAINING VA San Diego Healthcare System.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
HIPAA (health insurance portability and accountability act)
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Privacy What Every Staff Member Needs to Know.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Health Insurance Portability and Accountability Act
HIPAA Privacy and Security
Health Insurance Portability and Accountability Act of 1996
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Privacy & Confidentiality
HIPAA Administrative Simplification
Health Insurance Portability and Accountability Act
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
HIPAA & PHI TRAINING & AWARENESS
Health Insurance Portability and Accountability Act
Presentation transcript:

HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services; Corporate Compliance Officer; Privacy Officer; Information Security Officer, The Center for Health Care Services psisler@chcsbc.org 210-731-1300 ext. 203

HIPAA Background Insurance Portability Administrative Simplification 1. Standard Codes and Transactions 2. Information Security 3. Privacy of Protected Health Information 4. Identifiers

HIPAA Privacy The Privacy Rules grant patients a series of Rights to control use and disclosure of their own Protected Health Information (PHI): To review their own records To amend and/or append their own records To direct future non-disclosures To complaint against improper disclosures

HIPAA Privacy PHI can be exchanged between covered entities with the patient’s authorization. PHI can be exchanged between covered entities without the patient’s authorization under the following circumstances: For health care treatment For health care payment For health care operations

HIPAA Privacy Other exceptions to disclosing PHI without the patient’s authorization: For public health activities To address a serious threat to health or safety For law enforcement purposes For judicial and administrative proceedings For national security and intelligence activities To Advocacy, Inc. to investigate complaints To TFPS, if its an alleged case of abuse/neglect/exploitation For governmental programs providing public benefit

HIPAA Privacy Obtaining written authorizations prior to any PHI exchange is always good practice Obtaining written authorizations is required for any reason beyond treatment, payment, or health care operations

HIPAA Privacy The Minimum Necessary Rule Notice of Privacy Practices Designation of staff processing PHI exchanges Reporting possible breaches/violations

HIPAA Privacy Key rulemaking comment and interpretation: “The privacy rules, along with the other administrative rules relating to HIPAA, are intended to improve health care efficiency and effectiveness. They are not intended to be an impediment to proper health care treatment and operations”.

Privacy Compliance Issues CHCS reviews and monitors all programs and program locations for consumer privacy compliance on an ongoing basis. Recent areas of concern (reported by Privacy Officer): Leaving sensitive consumer documents with PHI on desks and/or work space Offices often unattended/unlocked with non-secured PHI Computers left unattended while logged in to system Not disposing of documents in secure shredder containers Leaving sensitive documents in copier rooms, on copiers, on or adjacent to fax machines in un-secure locations. Faxed consumer items should be sent only to secure fax machines located in medical records areas. NEED UPDATED INFO FROM PAUL

Reasonable Safeguards Speak quietly when discussing a consumer’s condition with family members in waiting rooms or other public areas Avoid using consumer names in elevators and hallways Secure documents in locked offices and cabinets Use Fax Coversheets with CHCS confidentiality statement at all times Some examples of Reasonable Safeguards include: (a) speaking quietly when discussing a consumer’s condition with family members in a waiting room or other public area (b) avoid using consumer names in hallways, elevators unless really necessary (c) posting signs to remind employees to protect consumer privacy (d) securing documents in locked offices or file cabinets using passwords and other securing measures on computers Each office will be developing reasonable safeguards – specific to their tasks and set-up. Please talk with your supervisor about the reasonable safeguards that will be followed in your work area. Use passwords and other security measures on computers.

Safeguard Standard For internal communications when dealing with management issues or complaints, any time PHI of a current or former consumer is present in the subject documentation, such as a complaint letter or email, that PHI will be removed/redacted (edited) by the first recipient prior to re-distributing or forwarding the communication. Ex: a multi-subject email or memo full of management and staff complaints, and a consumer happens to be identified in that email because it is a mixed-subject communication. Any recipient of that email would need to redact (or erase) the PHI information before sending it on or responding to any other person. In such instances, the Privacy Officer should be consulted for appropriate and accurate actions. Is this covered in IS orientation???

Paul Sisler, CHCS Privacy Officer and Director of Information Services Privacy Violations All possible violations of protected health information (disclosing private information about a consumer to someone who does not have the authorization or need to know) should be reported to the CHCS Privacy Officer: Paul Sisler, CHCS Privacy Officer and Director of Information Services 210-731-1300 ext. 203 psisler@chcsbc.org Check job title

HIPAA Privacy Questions and Answers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.