 Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….

Slides:



Advertisements
Similar presentations
Shelby County Health Department
Advertisements

CONFIDENTIALITY / PRIVACY. Federal Laws Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Privacy and Information Security Training ( ) VUMC Privacy Website
HIPAA Training: Health Insurance Portability and Accountability Act.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Copyright 2003 Page, Wolfberg, & Wirth, LLC. All Rights Reserved.
NAU HIPAA Awareness Training
HIPAA P RIVACY & S ECURITY Education for Health Care Professionals.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Health Insurance Portability and Accountability Act (HIPAA)
Florida Information Protection Act of 2014 (FIPA).
Privacy and Information Management ICT Guidelines.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
HIPAA (health insurance portability and accountability act)
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Chapter 7—Privacy Law and HIPAA
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA Health Insurance Portability and Accountability Act of 1996.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
HIPAA Privacy What Every Staff Member Needs to Know.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA Privacy and Security
Protecting PHI & PII 12/30/2017 6:45 AM
HIPAA PRIVACY & SECURITY TRAINING
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Privacy & Confidentiality
HIPAA Online Student Orientation
Florida Information Protection Act of 2014 (FIPA)
Florida Information Protection Act of 2014 (FIPA)
Disability Services Agencies Briefing On HIPAA
Employee Privacy and Privacy of Employee Information
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
HIPAA & PHI TRAINING & AWARENESS
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
The Health Insurance Portability and Accountability Act
Presentation transcript:

 Privacy Act of 1974 PII (Personally Identifiable Information)….Protection of social security numbers……….

 HIPAA – Health Insurance Portability and Accountability Act A federal law that mandates standards that must be followed when healthcare information is used, disclosed, or transmitted for treatment, payment or health care operations purposes. The rules affect all persons who have access to Protected Health Information (PHI)

 Governor’s Privacy Team  Executive Order 6-06  New Policies and Procedures

 Accountability  Notice  Minimum Necessary/Limited Use  Consent  Individual Rights  Security Safeguards

 Personally Identifiable Information (PII) PII includes all protected and non-protected information that identifies, or can be used to identify, locate, or contact an individual. (social security numbers are considered PII)

 Sensitive PII (SPII) Those elements of PII that must receive heightened protection due to legal or policy requirements include, but are not limited to: Social Security numbers Credit card numbers Health and Medical data Driver license numbers Individual financial account numbers

 Protected Health Information (PHI) Individually identifiable health information (IIHI) held by any physician, health care provider, or payer that is transmitted or maintained in any medium (including oral transmission). The information covered includes any record or information relating to the past, present, or future health, condition, care, or payment of a individual, and extends to PHI that may be contained in paper records, electronic databases, or records and any other individual-specific data in a physician’s office

 Use - The sharing, analysis, application, utilization, examination or employment of such information within any entity that maintains such information.  Disclosure - The release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the information.

 Incidental Disclosure - In the course of routine communication, confidential information or PII may sometimes be inadvertently disclosed to someone who is not authorized to receive that information.

 Computer screens  Sign in sheets  Bulletin boards  Calendars with names in plain view

 Situations where unauthorized individuals may overhear information. speaking on the telephone; collecting information from individuals; communicating information to the individual or to the individual's family or representative; communicating individual information to other staff involved in the individual's case; and dictating.

 Users of Laptops and PDAs are responsible for assuring that the PHI/PII on the Laptops/PDAs is kept secure and private.  Any loss or theft of a Laptop/PDA is to be reported immediately to the Agency Privacy Officer who will report the loss or theft to the Cabinet Privacy and Security Officers.  Both the Laptop and the file containing PHI/PII are to be password protected.

 Individuals whom we serve  Employees  Referral Sources  Other

 PII – address; telephone  SPII – SSNs; Credit card numbers; bank account numbers; health and medical information

 HR information  SPII on application and on employee performance evaluations  Ex: Employee has an illness or is in the hospital. Do not share health information or address with other staff without that individual’s permission

 Bulletin Boards  Bulletin boards may not contain any documents with PHI/PII of clients, unless the client has authorized the display.

 Cleaning Personnel  Cleaning personnel do not need PHI/PII to accomplish their work. Whenever reasonably possible, PHI/PII will be placed in locked containers, cabinets, or rooms before cleaning personnel enter an area.  When it is not reasonably possible to lock up PHI/PII, it must be removed from sight before cleaning personnel enter an area.

 Computer Screens  Computer screens at each workstation must be positioned so that only authorized users at that workstation can read the display. When screens cannot be relocated, filters, hoods, or other devices may be employed.  Computer displays will be configured to go blank, or to display a screen saver when left unattended for more than a brief period of time. Wherever practicable, reverting from the screen saver to the display of data will require a password.  Computer screens left unattended for longer periods of time will log off the user.

 Conversations  Conversations concerning PHI/PII must be conducted in a way that reduces the likelihood of being overheard by others.  Wherever reasonably possible, noise inhibitors may be used to reduce the opportunity for conversations to be overheard.

 Copying other PHI/PII When PHI/PII is copied, only the information that is necessary to accomplish the purpose for which the copy is being made, may be copied. This may require that part of a page be masked or that information be redacted.

 Desks and Countertops  Records and other documents that contain PHI/PII must be placed face down on counters, desks, and other public places where third parties can see them.  Case records and other documents containing PHI/PII will not be left on desks and countertops after business hours or for extended periods of time unsupervised. Supervisors will take reasonable steps to provide all work areas where PHI/PII is used in paper form with lockable storage bins, lockable desk drawers, or other means to secure PHI/PII during periods when the area is left unattended.

 Desks and Countertops (cont.)  In areas where locked storage after hours cannot reasonably be accomplished, PHI/PII must be kept out of sight. A staff member must be present whenever someone who is not authorized to have access to that data is in the area.

 Disposal of paper with PHI/PII Paper documents containing PHI/PII must be shredded when no longer needed. If retained for a commercial shredder, they must be kept in a locked bin.

 Information carried from one building to another When a member of the workforce is transporting PHI/PII from one building to another via vehicle, it may not be left unattended unless it is in a locked vehicle with case record or PHI/PII with identifying information out of site. Locking the vehicle alone is not sufficient.

 Printers and Fax Machines Printers and fax machines must be located in secure areas, where only authorized members of the workforce can have access to documents being printed and faxed.

 Record Storage  Areas where records and other documents that contain PHI/PII are stored must be secure. Wherever reasonably possible, the PHI/PII will be stored in locked cabinets or a records room.  Where locked cabinets are not available, the storage area must be locked when no member of the workforce is present to observe who enters and leaves, and no unauthorized personnel may be left alone in such areas without supervision.

 Transcription  Dictation tapes must be numbered, and workforce members must account for each tape they receive and return by number.  Dictation tapes must be completely erased before being reused.  Tapes and transcribed hard copy will be subject to the same policies that apply to the safeguarding of paper documents and electronic files that contain PHI/PII, such as case records and copies of medical records.

 Workforce Vigilance  All members of the workforce have a responsibility to watch for unauthorized use or disclosure of PHI/PII, to act to prevent the action, and to report suspected breaches of privacy  This responsibility will be included in staff training.  This responsibility will become a part of all work staff job descriptions.

 Visitors A staff member must accompany all visitors to any area where PHI/PII is stored or in use.

Take every reasonable caution to protect confidential information!

Library Commission Privacy Officer Denise Seabolt Library Commission Security Officer Harlan White Education & the Arts Privacy Officer Brenda Bates Education & the Arts Security Officer Tiffany Redman