The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Slides:



Advertisements
Similar presentations
Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.
Advertisements

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
The Health Insurance Portability and Accountability Act - HIPAA
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The HIPAA Privacy Training Video for EMS Field Providers
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
The University of Kansas Medical Center Shadow Experience Training.
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Health Insurance Portability and Accountability Act (HIPAA)
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA (health insurance portability and accountability act)
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Chapter 7—Privacy Law and HIPAA
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
HIPAA for Students Health Insurance Portability and Accountability Act.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
HIPAA Privacy What Every Staff Member Needs to Know.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
HIPAA Privacy Rule Training
HIPAA Privacy and Security
HIPAA THE PRIVACY RULE Reviewed December 2012.
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Privacy & Confidentiality
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy & Security
The Health Insurance Portability and Accountability Act
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Presentation transcript:

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information security and privacy standards to support the increased use of electronic patient information. (Public Law )Signed August 21, 1996 WHAT IS HIPAA?

Who must comply with HIPAA? All health plans, all health care clearing houses, and health care providers that transmit standard transactions in electronic formats. These organizations are known as ‘covered entities’. (Standard transactions are: health care claim; health care eligibility/benefit inquiry; health care eligibility/benefit information; health care services review information; health claim status inquiry; health claim status response; benefit enrollment and maintenance; claim payment and remittance advice; premium payments; first report of injury; health claim attachments)

Is SHFC a Covered Entity? Does Shepherd’s Hand bill or receive payment for health care? NO Shepherd’s Hand is not a Covered entity. YES If YES the provider is considered a covered entity. Are any covered transactions sent electronically?

Legal Requirements for SHFC Although Shepherd’s Hand is under no legal requirement to be HIPAA compliant out of respect for our patients privacy and an obligation to secure patients health information all volunteers and staff will be responsible for knowing and understanding the Privacy and Security Policies of the clinic as guided by the HIPAA Privacy and Security Rule. Although Shepherd’s Hand is under no legal requirement to be HIPAA compliant out of respect for our patients privacy and an obligation to secure patients health information all volunteers and staff will be responsible for knowing and understanding the Privacy and Security Policies of the clinic as guided by the HIPAA Privacy and Security Rule. All volunteers will be required to sign a confidentiality agreement and an agreement to comply with SHFC policies. All volunteers will be required to sign a confidentiality agreement and an agreement to comply with SHFC policies.

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. The HIPAA Privacy Rule

Protected Health Information (PHI) The privacy rule protects health information that is individually identifiable to an individual (i.e. name; address; phone numbers; SSN; DOB; etc) The privacy rule protects health information that is individually identifiable to an individual (i.e. name; address; phone numbers; SSN; DOB; etc) PHI is health information that relates to past, present, or future physical or mental health condition. PHI is health information that relates to past, present, or future physical or mental health condition.

SHFC Privacy Policy SHFC volunteers will operate under the ‘minimum necessary standard’ which expects people to use only the information they need to perform their role at the clinic. This includes face to face interaction as well as information contained in the individual’s medical record. SHFC volunteers will operate under the ‘minimum necessary standard’ which expects people to use only the information they need to perform their role at the clinic. This includes face to face interaction as well as information contained in the individual’s medical record. All face to face conversation with an individual that addresses PHI needs to happen in a private area. All face to face conversation with an individual that addresses PHI needs to happen in a private area. The hallway outside of the exam rooms and the area around the pharmacist and coordinator need to be clear of people waiting. The hallway outside of the exam rooms and the area around the pharmacist and coordinator need to be clear of people waiting.

SHFC Privacy Policy cont. Medical records need to be protected in the public clinic area by being placed face down – other people should never have access to someone’s medical record or our nightly logs. Medical records need to be protected in the public clinic area by being placed face down – other people should never have access to someone’s medical record or our nightly logs. All medical records will be stored in a locked area. All medical records will be stored in a locked area. All garbage with PHI will be shredded. All garbage with PHI will be shredded. PHI should not be disclosed over the phone unless talking to the individual or with permission to leave a message documented in the medical record. PHI should not be disclosed over the phone unless talking to the individual or with permission to leave a message documented in the medical record.

When can SHFC disclose PHI SHFC may use PHI for the purposes of treatment and health care operations. SHFC may use PHI for the purposes of treatment and health care operations. Treatment means the provision, coordination, or management of health care by one or more health care providers, including consultation between providers and patient referrals. Treatment means the provision, coordination, or management of health care by one or more health care providers, including consultation between providers and patient referrals. Health Care Operations are administrative, financial, legal and quality improvement activities Health Care Operations are administrative, financial, legal and quality improvement activities

When does SHFC need authorization from the patient? An authorization is a detailed document that gives SHFC permission to use PHI for specified purposes which are general other than treatment or health care operations or to disclose PHI to a third party specified by the individual. An authorization is a detailed document that gives SHFC permission to use PHI for specified purposes which are general other than treatment or health care operations or to disclose PHI to a third party specified by the individual.

What about friends and family? SHFC will release PHI to friends and family members only with the individuals verbal permission if asking the individual in person or in writing if the individual is not present. SHFC will release PHI to friends and family members only with the individuals verbal permission if asking the individual in person or in writing if the individual is not present. Any release of PHI to friends and family should be documented in the individuals health record. Any release of PHI to friends and family should be documented in the individuals health record.

Notice of Privacy Practices SHFC is not required by law to provide every patient with a notice of our privacy practices. SHFC is not required by law to provide every patient with a notice of our privacy practices. If a patient requests a copy of our privacy policy this should be provided. If a patient requests a copy of our privacy policy this should be provided.

The HIPAA Security Rule The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

SHFC Security Policy For SHFC the only electronic PHI is in the form of faxes, and links to hospitals electronic records accessed for laboratory and radiology results. For SHFC the only electronic PHI is in the form of faxes, and links to hospitals electronic records accessed for laboratory and radiology results. Only authorized people with personal passwords will be allowed to log on to North Valley Hospital and Kalispell Regional Medical Center sites to retrieve results Only authorized people with personal passwords will be allowed to log on to North Valley Hospital and Kalispell Regional Medical Center sites to retrieve results

SHFC Security Policy cont. All PHI information that is transmitted by FAX will include a cover sheet with the following statement: This transmission contains confidential information belonging to the sender that is legally privileged and confidential. This information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the documents is strictly prohibited. If you received this transmission in error please notify the sender immediately. All PHI information that is transmitted by FAX will include a cover sheet with the following statement: This transmission contains confidential information belonging to the sender that is legally privileged and confidential. This information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of the documents is strictly prohibited. If you received this transmission in error please notify the sender immediately. Received FAXs will be removed in a prompt manner and placed in a secure area. Received FAXs will be removed in a prompt manner and placed in a secure area.

CONFIDENTIALITY As a volunteer of SHFC you will be expected to sign a confidentiality agreement and that you understand and agree to comply with our Security and Privacy Policies. The agreement is available for you to print out on the volunteer page of the website or you can get a copy at the clinic. We ask that you turn in your signed agreement so that we can keep it on file. This will be an annual process. Please contact Meg with questions or concerns.