NAU HIPAA Awareness Training

Slides:



Advertisements
Similar presentations
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Advertisements

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Corporate Compliance Program STANDARDS OF CONDUCT HIPAA PRIVACY & SECURITY Temple University Health System Maribel Valentin, Esquire Associate Counsel.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
The University of Kansas Medical Center Shadow Experience Training.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
HIPAA OBJECTIVES  Define HIPAA  Define PHI  Use of PHI  Your rights  Your responsibilities.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
1 Copyright © 2011, 2007, 2003, 1999 by Saunders, an imprint of Elsevier Inc. All rights reserved. Privacy in the Physician’s Office Chapter 17.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
Privacy & Confidentiality
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
HIPAA Health Insurance Portability and Accountability Act of 1996.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Privacy What Every Staff Member Needs to Know.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
HIPAA Privacy Rule Training
Health Insurance Portability and Accountability Act of 1996
HIPAA PRIVACY & SECURITY TRAINING
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act
Presentation transcript:

NAU HIPAA Awareness Training Welcome! Hello, my name is ________________________ and I will be talking to you today about protecting patient’s privacy--how it is everyone’s responsibility. Today more than ever patients and consumers are both concerned and aware that their private information can be used or releases without their knowledge. Recently there was new federal law that protects a patient’s private medical information and also gives patients new rights in managing their health information. In this sessions, we will talk about patient concerns, the new patient rights, and your responsibilities in Protecting patient privacy. (Information Only: References to complete this presentation include: HIPAA 101 and 102: Allen Hospital System Health Information Management, An Applied Technology. AHIMA, Merida Johns www.healthprivacy.org and www.medicalert.org Oregon Dept. of Human Services NAU HIPAA Awareness Training

Health Insurance Portability and Accountability Act of 1996 What is HIPAA? A federal law dealing with the privacy and security of health information HIPAA stands for Health Insurance Portability and Accountability Act of 1996 A Gallup survey commissioned by MedicAlert in November 2000 on just how important and concerned patients are about their privacy showed: 77% of Americans feel that privacy about their personal health information is important; 84% said they were very/somewhat concerned that personal health information might be made available to others without their consent; Only 7% said they are willing to store or transmit personal health information on the Internet and 8% felt a website could be trusted with such information IF PATIENTS ARE CONCERNED THAT THEIR HEALTHCARE INFORMATION ISN’T KEPT CONFIDENTIAL, QUALITY OF CARE IS COMPROMISED. CONDITIONS MAY BE LEFT UNTREATED AND THE PATIENTS MEDICAL RECORD IS INCOMPLETE OR INACCURATE HIPAA IS THE REGULATION THAT PROMOTES PRIVACY AND SECURITY

How HIPAA applies to Health Care Systems: HIPAA applies to all management, employees, volunteers, temporary employees, students, residents, and trainees—the workforce—employed in health care systems NAU is committed to provide students seeking careers in health occupations with HIPAA awareness training Complying with HIPAA is MANDATORY! Federal Privacy Regulations (April 2001) This new federal regulation establishes standards for most health care providers and payers in the protection of health information as well as established new patient rights related to the accessing their health information. Although HIPAA was officially passed by Congress in 1996, the privacy rules became effective in April 2001 and healthcare providers implemented these new rules in April 2003. Since April 2001, healthcare providers have been busy reviewing the HIPAA regulations, assessing and writing privacy and security standards in their facilities, and training employees on the regulations. Today, we will provide you with an overview of the HIPAA regulations that relate to privacy and security issues. We want to be clear up front that we are not going to be training you line for line on the new HIPAA regulations. We also won’t be specifically telling you how an office/clinic/hospital will be implementing the new law. Each facility will handle HIPAA differently. What you are going to be receiving today is a foundation to familiarize yourself with HIPAA.

How HIPAA applies to Health Care Systems cont’d: There are fines and even criminal penalties if we do not take reasonable steps to comply. Every member of an organization has a role to play—even students! It is important to know that penalties for failing to meet the requirements of the privacy regulations or inappropriately disclosing or receiving confidential health information. Penalties can be either criminal or civil. An example of criminal would be the use of a person’s health information for malicious harm. An example of a civil case would be an inadvertent disposal of a PC with patient information stored on the hard drive. Monetary penalties can range from $100 to $100,00 depending on the severity of the violation. Penalty can also include imprisonment up to 10 years depending on the severity of the incident. Penalties will be more severe when information is obtained under false pretences or information is obtained with the intent to sell or transfer, use for commercial gain, use for personal gain, or use for malicious harm. Both the institution and individuals can be held liable for breaches in privacy--the penalties do not just apply to the organization.

What is Privacy? Privacy refers to your duty to prevent others from seeing or using protected health information (PHI) about patients. Under HIPAA, a facility can only use and disclose PHI for certain permitted purposes. You SHOULD NOT see or obtain PHI unless you need it do your job. You SHOULD NOT disclose PHI to others unless that is part of your job. PHI Means protected health information under HIPAA. It is an important HIPAA term. Privacy is a concern to patients and breaches of patient privacy has outcomes. There have been cases when persons have lost jobs when bosses learn that employees sought treatment for drinking problems. In North Carolina, a woman was fired from her job after being diagnosed with a genetic disorder that required expensive treatment. Three weeks prior she had received an positive evaluation and a raise. A drug store made prescription records available to a marketing firm that sells pharmaceuticals. Thousands of patient records have been found in unlocked dumpsters and on the Web. Optional dialogue 90% trusted their doctors to keep their information private and secure 66% said they would trust a hospital 42% said they would trust an insurance company 35% said they would trust a managed care company

How Privacy Works Patients rely on their healthcare providers to keep their information private Because health care systems promise patient privacy, patients are willing to provide the personal details of their health to provide to help them diagnosis and treat them If patients are not willing to provide information because of privacy concerns, care is compromised.

What is Protected Health Information? Any information about past, present or future physical or mental health healthcare or payment for healthcare that identifies a patient. Example: name, address, date of birth, date of death, date of admission, date of discharge, telephone number, email address, social security number, health record number, account number, and facial photographs.

What forms of records are covered? All protected health information (PHI) about patients: Written Video Electronic Oral In HIPAA privacy provisions, any individually identifiable information that is transmitted by electronic media, maintained in either paper or electronic form, or is transmitted or maintained in any other form is considered PHI. If you think about this, any information that can identify a patient can cause a possible breach of HIPAA violations.

What is Security? Security refers to our duty to keep health information secure and available Facility privacy practices prohibit member of the workforce from obtaining PHI unless they need it to do their job Security safeguards limit access to PHI Privacy and security go hand-in-hand In other words, Privacy determines who gets what information and when do they get it. Security will state who has access to information.

How HIPAA affects a health care facility HIPAA regulates how health care providers use and disclose protected health information Health care providers are committed to complying with HIPAA regulations Health care providers have developed compliance plans

What is a compliance plan? Policy explaining privacy rules Identifies risks, adopts safeguards to protect PHI Classifies all members of the workforce Trains all members of the workforce Establishes Privacy officer Person identifies in a facility as the contact with any questions, concerns, or complaints Compliance Plans assist in the developing of internal controls that promote adherence to applicable federal and state guidelines. Facilities must be able to prove they are in compliance with regulations. Requiring employees to HIPAA orientation training is one example of maintaining compliance.

What is a compliance plan contd. Mandatory Reporting If you have first-hand knowledge of a breach of privacy policies or improper use or disclosure of protected health information you report to your supervisor and/or the Compliance (Privacy) Officer. Patients are given information on admission on how to report privacy rights violations to the identified Compliance (Privacy) officer within the organization Patients can also file a complaint with the Secretary of the Department of Health and Human Services Persons reporting to Compliance officers are protected from retaliation All health care facilities that are covered under HIPAA are expected to develop a compliance plan for reporting of violations. Guidelines generally identify a reporting hierarchy within an organization for employees and patients. A feature of the compliance plan is PERMISSIVE reporting. All health care facilities need to know if our compliance efforts are effective. By addressing concerns a facility can determine how its compliance plan is working. Compliance plans do provide protection for reporting and compliance activities. Policies will include protection from retaliation because you file a mandatory or permissive report or participate in good faith in compliance activities, such as a government investigation. Most compliance plans require discipline if you do not comply with mandatory reporting and if you are responsible for a security breach. All facilities must have a written procedure in place that allows individuals to file a complaint concerning its privacy and information security policy and procedures.

Notice of Privacy Practice Notice of Privacy Practices HIPAA privacy standard that requires an individual's right to receive a notice that outlines how medical information is used and disclosed by an organization How to access and obtain copy of their medical records A summary of patient rights under HIPAA How to file a complaint and contact information By this time, many of you may have received a Notice of Privacy Practice from a covered entity. This may have been at the physician’s office, a hospital, rehab center, or even the dentist. The Notice if very important because it tells the individual of his/her rights with PHI and states how the record may be used in a HC facility. (Such as fundraising/research and for treatment, payment, and operation) Usually the Notice of Privacy Practice is given at the first point of contact: admissions and/or reception desk. It is also posted in a prominent place in the facility. Usually, the notice is given once. Health care facilities will make every effort to obtain a person’s written acknowledgement that the notice was rec’d.

Disclosure of Protected Health Information Authority—Patient Every use and disclosure of protected health information must be authorized by the patient or by State or federal laws Examples: Patients can authorize release of information to a third party State laws require reporting of child abuse We cannot assume every use or disclosure is okay Facilities have developed policies and assigned procedures to dealt with this

Sharing of PHI You may share protected health information ONLY if you need it to do your job Nurse to nurse communication related to assigned clients Health staff to physician in charge of patient care Allied health professional (respiratory, therapists, etc) to those in charge of patient care Chart reviewers for in-house projects NEVER access patient information that is not needed in the performance of your job

Incidental Disclosures are a reality An unintended or unavoidable disclosure of protected health information that occurs as part of a permitted disclosure Example: Quality review committee forgets to delete patient name from quarterly hospital infection report Nurse speaking to patient on phone is heard by another person walking by the nurses station Two patients in the same room Must make reasonable safeguards to protect privacy Incidental disclosures are permitted under HIPAA. Some disclosure is unavoidable such as being heard when someone is walking by the nurses station. However, HIPAA does require a facility to make reasonable safeguards. For example, in a room occupied by two patients, the curtain should be drawn and voices lowered to protect the confidentiality of the patient. If the patient has visitors, always ask the patient’s permission regarding visitor’s hearing the information prior to discussing his/her medical condition.

Safeguards for PHI All covered entities must have in place reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability to prevent unauthorized or inappropriate access, use or disclosure of PHI It’s the law!

Doing your part Only access confidential information (PHI) if you have a need to know to do your job Take reasonable steps to verify the identify of persons to whom you disclose PHI (if someone asks for PHI and you don’t know if they have a right to information, you can ask for identification) Use or disclose PHI only in the performance of one’s responsibilities and duties (you cannot access patient information that is not a component of assigned work duty) Understand the law and the organization’s policy Attend training and education programs Treat patient information the way you would want your personal information treated Also, when working on the floor, don’t leave patient records unattended. At the nurse’s station, close patient records if you need to leave the area. OPTIONAL SECTION (May not pertain to all students) At NAU, some courses require the use of medical records. These records are de-identified. Deidentification is the process of eliminating all data that could identify the patient. This can include information such as name, birthdate, address, phone number, next of kin, religion, race, SSN, and employer.

Use Technology Wisely ONLY access patient information if you have a need to know it to do your job Protect your password--never share it with anyone Log off the computer when you leave the area Make sure computer screens are not visible to the public Take steps to ensure the privacy of faxed PHI Audit trails-facilities can monitor where you have been and what you have looked at! Technology will play a role in the work setting. Use precautions and protect access to electronically stored PHI. Many facilities can perform random audit trails to an employee’s log in history and what they may have accessed. Protect yourself by only accessing what you need to know.

Protect Confidential Information Providing patients with quality healthcare includes protecting their information Everyone is required to do their part! Oct 2011 Rev