Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Are you ready for HIPPO??? Welcome to HIPAA
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
HIPAA Health Insurance Portability and Accountability Act of 1996.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
HIPAA Privacy What Every Staff Member Needs to Know.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA Privacy Rule Training
HIPAA PRIVACY & SECURITY TRAINING
Privacy & Information Security Basics
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Privacy & Confidentiality
Move this to online module slides 11-56
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act
Presentation transcript:

Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel Corporate Compliance and Privacy Officer

The TUHS Corporate Compliance Program is composed of five elements:  Standards of Conduct  Corporate Compliance and Privacy Officer (CCO)  Compliance Hotline ( )  Compliance Infrastructure  Continued Compliance

Corporate Compliance Program STANDARDS OF CONDUCT 1.Following the rules TUHS employees will carry out their duties in a manner that is compliant with all relevant laws and regulations, and consistent with best practices adopted by TUHS

Corporate Compliance Program STANDARDS OF CONDUCT 2.Reporting violations: Each employee has an individual responsibility for reporting to an appropriate supervisor or senior management or the Compliance Officer any activity by any colleague, physician, subcontractor, vendor or any process that appears to violate applicable laws, rules, regulations, accreditation standards, standards of medical practice, federal healthcare conditions of participation, or this compliance program.

NO RETALIATION It is the stated policy of TUHS that no retaliation will be taken against any employee for reporting problems.  Reports may be made anonymously, through the Compliance Hotline, or  Directly to Maribel Valentin, Esq. Associate Counsel and CCO at (215)

Corporate Compliance Program STANDARDS OF CONDUCT 3.Medical Necessity: All treatment recommended and implemented at TUHS will be medically necessary; medical necessity is determined by the accepted professional standards of the relevant medical profession. Treatment decisions will not be affected by the patient’s type of insurance or the patient’s ability to pay for such services.

Corporate Compliance Program STANDARDS OF CONDUCT 4.No Referral Payments: TUHS will not pay any person or entity any form of remuneration for the referral of patients nor offer any financial inducement, gift or bribe to any prospective patients to encourage them to undergo treatment at TUHS.

Corporate Compliance Program STANDARDS OF CONDUCT 5.Accurate Records: All billing and patient records will be accurate, complete and as detailed as required by government and professional standards. Each step in the treatment process, from admission through discharge, shall be documented appropriately in the patient’s medical records. Furthermore, no service will be billed unless fully justified by the documentation of the medical staff as reflected in patient medical records.

Corporate Compliance Program STANDARDS OF CONDUCT 6.Full Implementation of the Standards of Conduct: The Standards of Conduct apply to all TUHS employees. To the extent feasible, TUHS will ensure that all pertinent provisions of the Standards of Conduct will be implemented fully for all TUHS- managed facilities, and bind any independent contractors, temporary or contract employees.

HIPAA Privacy & Security Regulations

HIPAA – It’s the Law  Federal requirement  Privacy- effective since April 14, 2003  Security- effective on April 21, 2005  HITECH- effective February 11, 2009  Requires healthcare organizations to maintain the privacy and security of Protected Health Information (PHI).

HIPAA vs State Law  When state law is more restrictive than the federal HIPAA Regulations, then state law prevails, for example:  Pennsylvania has set more restrictions on releasing certain types of records:  HIV/AIDS  Drug/Alcohol  Mental Health  Requires patient authorization prior to release.

Privacy Rule  Covers all Protected Health Information (PHI)

Understanding PHI  PHI is any and all information about a patient’s health that identifies the patient, or information that could identify the patient.  As a rule of thumb, any patient information that you see, hear or say must be kept confidential. see hear say

Understanding PHI cont’d  PHI is information that can individually identify a patient.  PHI can include :  Any type of information found in medical and billing records, for example:  Diagnoses, Test Results, Progress Notes, etc…  Name, Address, Phone, Social Security Number, Photographs, Date of Birth, medical record number, billing number, etc…

Preventing Unauthorized Disclosures  Do not:  Discuss patient information in public areas  Position computer screens or leave it unattended so unauthorized persons may view the private data  Leave medical records unattended

HIPAA Patient Privacy “Rights” The Privacy Regulations provide patients with the following Rights:  Right to Notice - Right to receive the TUHS Privacy Notice upon registration that describes how we use and disclose Protected Health Information and how to gain access to the information.  Right to Access - Right to inspect and/or receive copies of their medical record.  Right to Amend - Right to request a change in their medical information.  Right to an Accounting of Disclosures - Right to request a listing of certain disclosures made by the facility of their protected health information

HIPAA Patient Privacy Rights cont’d  Right to Request Restrictions - Right to request a limit on the medical information we use or disclose about the patient for treatment, payment or healthcare operations.  Right to Request Confidential Communications - Right to request that the hospital communicate with the patient in a certain manner or at a particular address.  Right to File a Complaint - Right to file a complaint with the hospital Privacy Officer or with the Secretary of Health and Human Services if they feel their privacy rights have been violated.  Right to Breach Notification- Right to receive notification of the unauthorized disclosure of Protected Health Information.

HIPAA and the Police  Limited exception to HIPAA  Under specific circumstances PHI can be given to police without authorization.  With a court order, warrant, subpoena or summons  If mandated by statute- gunshots, child abuse  To correctional facilities for continuity of care  If a crime is committed on TUHS premises  To locate a suspect or missing person or,  If the victim of the crime agrees or if unable to agree it is determined to be in the victim’s best interest.

How much PHI can we share?  All disclosures are subject to a determination that PHI disclosed is the MINIMUM NECESSARY for the lawful purpose.  The hospital must either know the official making the request or verify their identity and authority before disclosing PHI.

Security Rule  Focuses on Safeguarding electronic Protected Health Information (ePHI)

General Security Requirements  Ensure the confidentiality, integrity and availability of all electronic Protected Health Information (ePHI)  Confidentiality: that patient information is not made available or disclosed without proper authorization.  Integrity: that patient information has not been altered or destroyed.  Availability: that patient information is accessible and usable upon demand by an authorized person.

Security Safeguards Security Safeguards that must be met include:  Administrative - Developing information security programs designed to protect ePHI and to also manage the conduct of the workforce in the relation to the use of the protected information.  Physical - Ensuring the physical protection of information systems including the protection of related buildings and equipment from natural and environmental hazards and unauthorized intrusion.  Technical - Identifying technology to be utilized and ensuring procedures are in place to protect ePHI and to control access to it.

Computer Sign-on Access  PC users at work are not to:  Disclose, share or post sign-on codes  Use sign-on codes to obtain access to unauthorized information  Use someone else’s sign-on code

Information Management  PC users at work are not to:  Use, acquire, transmit, or duplicate unauthorized software.  Alter or copy for non-business purposes any Health System information.

Prevent Access to Unauthorized Information  Do not:  Leave a computer unlocked with logon  Leave data unattended or unlocked  confidential information unless encrypted & decrypted using a TUHS approved method  Remove information from the worksite via laptops, diskettes or printouts without prior approval from the owner of the information

Important Policies Information Management  DO NOT  Access or communicate any patient information electronically, physically, verbally or in writing without prior written approval by management.  Disclose any Health System business information or personnel information without prior official approval.

IMPORTANT!!  TUHS has the right to review all work activity to ensure that it is appropriate and being conducted in the interests of the Health System.  TUHS will operate in full compliance with HIPAA.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.