And the finer details of patient privacy TCH Confidential Understanding HIPAA.

Slides:

Advertisements

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Advertisements

WRSU Customer Service The Beauty of Change. Privacy and Confidentiality.

Patient Rights and Confidentiality. Inform Patient of their Rights  Upon admissions  Written information available in English and Spanish  Non-English.

Privacy and Information Security Training ( ) VUMC Privacy Website

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Confidentiality and HIPAA

HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The HIPAA Privacy Training Video for EMS Field Providers

HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.

NAU HIPAA Awareness Training

HIPAA Health Insurance Portability and Accountability Act 1.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

Queensland University of Technology CRICOS No J Ethical Use of Confidential Student Information Student Success Program Training.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

The University of Kansas Medical Center Shadow Experience Training.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

HIPAA OBJECTIVES  Define HIPAA  Define PHI  Use of PHI  Your rights  Your responsibilities.

Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.

Self Directed Module 3 Patients’ Right to Object to Disclosures (“Opt Out”) START Click to begin… H I P A A T R A I N I N G.

Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.

Mrs. Marion Kreisel MSN, RN Adult Nursing 130.  A medical student took home copies of patients' psychiatric records to work on a research project. When.

Privacy & Confidentiality

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.

Aged and Disabled Waiver (ADW) Health Insurance Portability and Accountability Act (HIPAA) Training 2015 October 2015.

HIPAA for Students Health Insurance Portability and Accountability Act.

HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept.

HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.

HIPAA Privacy What Every Staff Member Needs to Know.

Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.

HIPAA Privacy and Security

WHAT IS HIPAA AND HOW TO COMPLY WITH IT?

HIPAA Privacy & Security

And the finer details of patient privacy

Use of BMC Patient Information Privacy & Security

HIPAA Online Student Orientation

HIPAA Basic Training for Privacy and Information Security

WHAT IS HIPAA AND HOW TO COMPLY WITH IT?

Move this to online module slides 11-56

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

D3 Confidentiality.

HIPAA Privacy & Security

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

The Health Insurance Portability and Accountability Act

Lesson 1: Introduction to HIPAA

ETHICAL PRINCIPLES IN RECORD KEEPING

HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;

Presentation transcript:

And the finer details of patient privacy TCH Confidential Understanding HIPAA

Agenda High-level HIPAA Review  Privacy Rule Challenges  Security Rule “The Golden Rule”

Agenda Examples of Inappropriate Access Hypothetical Case Studies CHCO HIPAA P&P and Conduct Review

HIPAA Privacy Rule Protected health information (PHI) can be accessed for purposes of:  Treatment  Payment  Healthcare operations  Research approved by COMIRB

HIPAA Privacy Rule Challenges Accessing PHI for Training, education, and quality improvement are permitted by HIPAA Challenge is granular definition of appropriate access Anyone at any time can claim: “I was accessing record for education or QI”, even if access was not appropriate CHCO provides guidance in the “Accessing PHI for Training, Education, and Quality improvement” policy and procedure.

HIPAA Security Rule Individually identifiable logins for every person that access electronic patient information or systems that handle patient information No login/password sharing Secure or logoff workstations and applications when leaving them unattended

HIPAA Security Rule It is not okay to walk away from a computer workstation that is logged into Epic and leave it unattended  Examples: going to lunch going to care for a patient in another room or area being away long enough for someone else to access patient information with your ID

“The Golden Rule” If you do not need to access a patient record specifically to do your job, don’t access the record.

Examples of Inappropriate Access Outside of Treatment, Payment, or Operations: Accessing celebrity information Accessing friend or relative information Accessing information for other companies/providers who want the information for marketing purposes

Examples of Inappropriate Access Outside of Treatment, Payment, or Operations: Accessing information for personal reasons Accessing co-workers’ patient information Accessing your own information Accessing your child’s records Just Being Curious or Concerned

Case Studies

Case Study UCLA Health System Staff Member: Job termination and 4 months in prison with $2000 fine for HIPAA violation 12

Hypothetical Case Studies A tragic auto accident involving a family with two children happened on Colfax right in front of the hospital entrance and you are part of the care team.

Hypothetical Case Studies I decide to “Friend” the families and post updates to let the very upset families know how their injured children are doing.

Hypothetical Case Studies I decide to “Friend” the families and post updates to let the very upset families know how their injured children are doing. This is not appropriate.

Hypothetical Case Studies Alternative: I will let the families know that I understand their concern but to respect my professional boundaries and privacy of the patients, I cannot communicate over social media. I will be happy to communicate in person, over the phone or MyChart.

Hypothetical Case Studies Alternative II: I will let the families know that I understand their concern. We can discuss whether they want to sign an authorization to allow us to communicate their children’s progress over .

Hypothetical Case Studies A supervisor approaches me and asks me to look at their child’s diagnosis and bill for a visit.

Hypothetical Case Studies A supervisor approaches me and asks me to look at their child’s diagnosis and bill for a visit. This is not appropriate.

Hypothetical Case Studies Alternative: Tell supervisor that they need to contact their child’s physician for diagnosis information and Patient Financial Services for billing information.

Hypothetical Case Studies The daughter of a neighbor, a close friend, will be having surgery soon and I want to look in the EMR to find when the surgery is scheduled so I can lend support.

Hypothetical Case Studies The daughter of a neighbor, a close friend, will be having surgery soon and I want to look in the EMR to find when the surgery is scheduled so I can lend support. This is not appropriate.

Hypothetical Case Studies Alternative: I will ask my friend when the surgery is and let her know I would like to meet her in the surgical waiting area to lend support.

Hypothetical Case Studies My sister is concerned about her young daughter’s experience at a CHCO clinic and wants help.

Hypothetical Case Studies Can I look in the EMR to provide documentation to support her conversation with customer service?

Hypothetical Case Studies Can I look in the EMR to provide documentation to support her conversation with customer service? This is not appropriate.

Hypothetical Case Studies Alternative: Provide customer service contact info. It is okay to act as an advocate as long as you separate that role from your position at CHCO.

Hypothetical Case Studies A patient with a very unique case was seen in our clinic this morning. I’d like to access the medical record to learn how the physician treated the patient.

Hypothetical Case Studies A patient with a very unique case was seen in our clinic this morning. I’d like to access the medical record to learn how the physician treated the patient. It is inappropriate for a care provider to directly access a patient medical record of a patient they did not treat for educational purposes outside of formal case review, M & M review, or sanctioned quality improvement initiatives.

Break the Glass in Epic We have “Break the Glass” to protect sensitive patient info, but just because you don’t see a break the glass warning doesn’t mean access is appropriate.

P&Ps and Code of Conduct Confidentiality Information Security Code of Conduct HIPAA - Uses and Disclosures of PHI

Confidentiality

From POLICY CHCO is committed to respecting the privacy of patients and staff by safeguarding the confidentiality of information/PHI entrusted to them. CHCO will abide by state, federal and international regulations concerning privacy and confidentiality. Access to information will be based on a need to know in order to perform one’s job duties.

Information Security From POLICY Users are expected to take adequate steps to secure confidential or sensitive information assets:  lock file cabinets,  offices doors  and other premises housing valuable information resources Users must log off after using a workstation.

Code of Conduct

From Code of Conduct “Staff must not abuse their access to confidential information or even worse, abuse their position to discover confidential information that their job does not require them to know.”

HIPAA – Uses and Disclosures of PHI From POLICY General Releases - Uses and disclosures of PHI are permitted only with a valid authorization signed by the patient or his/her personal representative.

HIPAA – Uses and Disclosures of PHI Exceptions to this rule (i.e., no authorization is needed) are as follows: …the PHI is being used or disclosed for the purpose of treatment, payment, or internal CHCO healthcare operations.