Welcome to UF We’re from the Privacy Office and we’re here to help you… HIPAA Orientation College of Nursing– Fall 2014 Cheryl Webber, MS, RHIA University of Florida Privacy Manager Jacksonville Campus

Learning Objectives Learning Objectives HIPAA Training RequirementsPractical Tips for ComplianceBreach Notification

What do Patients Value?

Trust Patients must trust their care givers enough to share personal and often sensitive information needed for care. If trust is broken, the health of the patient suffers first, and the reputation of the institution may follow.

HIPAA Training Orientation and Annual Training are different! You must complete the appropriate online module Electronically sign the Confidentiality Agreement Additional training modules for Shands and VA may be required!

HIPAA Training Complete: General Awareness Training – if you will not be involved in any research OR HIPAA for Researchers – if you will be involved in human subject research. NOTE: If you completed the official training between December 1 and today, you’re good to go – until next January.

Training and Re-training…. Failure to complete the training on time is a Level II HIPAA violation and will result in disciplinary action. Be sure you are included in your college or department’s list – ◦If so, you will also be on the All-HSC list.

Privacy Sanctions Sanctions for HIPAA violations are serious: Fines Jail-time UF Sanctions Loss of student privileges, computer access Verbal counseling up to termination Suspension or expulsion Reporting to professional licensing or credentialing boards

New Penalties So, a breach involving PHI for 10 individuals could cost anywhere from $100 to $50,000 per disclosure TiersDescription Minimum per Violation Max per Year (for identical violations) Tier ADid not know $100 - $50,000 $1,500,000 Tier B Reasonable cause – not willful neglect $1,000 - $50,000 $1,500,000 Tier C Willful neglect – corrected w/in 30 days $10, ,000 $1,500,000 Tier D Willful neglect – uncorrected $50,000$1,500,000

Common HIPAA Violations Unauthorized disclosures: Be aware of your surroundings when discussing patients Use extra caution with privileged information Improper use of portable devices: laptops, PDAs, camera phones, etc. Recording (and sharing) unauthorized pix and videos Failure to use encryption Losing or misplacing equipment Removal of PHI or health records from UF premises.

Practical Tips for Compliance Share PHI only with those who have a professional need to know. Use strong passwords consistent with UF policies. Properly destroy PHI. Do not disable virus protection applications.

Practical Tips for Compliance You are responsible for activity originating from your account. Do not access your own record or that of a family member’s PHI when necessary-within the UF domain Encrypt external s containing PHI-avoid AOL, Yahoo, Gmail.

Breach Notification HITECH Act and Florida law requires covered entities to report breaches to the patient when: – Unencrypted PHI is disclosed – An individual’s SSN is inappropriately disclosed

Examples of a Breach A breach is any unauthorized disclosure: Stolen laptop/tablet Accidental disclosure- sharing PHI with someone over the phone or in person you thought was the patient ing/faxing patient information to an unauthorized third party

Reporting a Breach To your supervisor UF Privacy Hotline: (866) Online at If you know about a Privacy or Security incident, it is your responsibility to report it!

Primary Take-Aways Only access the PHI you need. Complete HIPAA training Report a breach

Questions? UF Privacy Office ◦(352) Cheryl Webber, MS, RHIA ◦(904)