Navy PAD Symposium Samuel P. Jenkins, CHE TMA Privacy Officer HEALTH AFFAIRS TRICARE Management Activity This document contains proprietary information.

Slides:



Advertisements
Similar presentations
HIPAA and Joint Commission Requirements Compared and Contrasted
Advertisements

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA)
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Who Must Comply? When is a patient authorization NOT required?  As needed for the protection of federal and state elective constitutional officers and.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Implementing and Enforcing the HIPAA Privacy Rule.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.
1 Disclosures © HIPAA Pros 2002 All rights reserved.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA (health insurance portability and accountability act)
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA/HITECH TRAINING. Why are we here?  HIPAA  HITECH  PHI  Minimum Necessary “Need to Know”  Breaches and Fines.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA THE PRIVACY RULE Reviewed December 2012.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA Administrative Simplification
HIPAA Pros - Disclosures
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
The Health Insurance Portability and Accountability Act
Presentation transcript:

Navy PAD Symposium Samuel P. Jenkins, CHE TMA Privacy Officer HEALTH AFFAIRS TRICARE Management Activity This document contains proprietary information and will be handled within Government regulations. It is intended solely for the use and information of the Military Health System.

2 Training Objectives At the completion of this brief you should be able to: –Understand Relationship between HIPAA Privacy/ Security and JCAHO –Explain the Requirement for the Notice of Privacy Practices –Understand the Security Concerns with Electronic Health Records –Provide an Overview of Allowable Disclosures –Implement Privacy/Security Requirements in Your Area of Responsibility –Understand the Challenges

3 HIPAA The Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law was designed to: –Improve portability and continuity of health insurance coverage –Improve access to long term care services and coverage –Simplify the administration of health care

4 COMPLIANCE The TRICARE Management Activity (TMA) Privacy Office published HIPAA Privacy policies in the Department of Defense (DoD) document titled “Health Information Privacy Regulation” and ”Security of Individually Identifiable Health Information” under the authority of the Assistant Secretary of Defense for Health Affairs (ASD/HA) who exercises oversight to ensure compliance of the HIPAA Privacy and Security rules in the DoD health care programs The TMA Privacy Office is now moving from the HIPAA planning and implementation phase to the compliance phase –Privacy Rule: April 2003 –Security Rule: April 2005

5 JCAHO - Patient Rights RI Standards 2.10, 2.20, 2.50, 2.120, and Respects the rights of patients including: –Information about their rights –Confidentiality, privacy, and security needs –Obtaining consent for non-healthcare related recording or filming –Resolution of complaints –During involvement in research, investigation and clinical trials Source: Joint Commission on Healthcare Accreditation Brief from April 2006 HIPAA Summit

6 Notice of Privacy Practices Explains: –MHS duty to protect health information –How the MHS may use and disclose PHI –Patients’ rights –Patient complaint procedures –Contact information

7 Acknowledging the Notice

8 JCAHO - Management of Information (1 of 2) IM Standards 1.10, 2.10, 2.20, 2.30, 3.10, 4.10, 6.10, 6.50 and 6.60 Maintain information privacy, security, confidentiality, integrity, availability and continuity Plan and design IM processes and systems that: –Meet internal and external information needs –Support decision making Source: Joint Commission on Healthcare Accreditation Brief from April 2006 HIPAA Summit

9 JCAHO - Management of Information (2 of 2) Manage clinical/service and non-clinical data and information including: –Capturing, reporting, processing, storing, retrieving, disseminating, and displaying Ensure medial records are: –Complete and accurate –Available on every patient assessed, cared for, treated or served –Available when needed Source: Joint Commission on Healthcare Accreditation Brief from April 2006 HIPAA Summit

10 Electronic Health Records PADs must increase awareness of HIPAA Security requirements, and increase collaboration with HIPAA Security / IT Security personnel Main EHR currently is AHLTA, which does execute much of the HIPAA Security Rule EHR/AHLTA introduces additional security considerations. CHDR is a module of AHLTA that permits electronic health information sharing between DoD and VA

11 Permitted Uses and Disclosures of PHI (1 of 2) Permitted Uses and Disclosures –For the permitted uses and disclosures listed below, a patient’s opportunity to agree or object is not required 1.As required by law 2.Avert serious threats to health or safety 3.Specialized government functions 4.Judicial and administrative proceedings 5.Medical facility patient directories 6.Cadaver organ, eye or tissue donation purposes 7.Victims of abuse, neglect or domestic violence 8.Inmates in correctional institutions or in custody 9.Workers’ compensation 10.Research purposes 11.Public health activities 12.Health oversight activities 13.About decedents 14.Law enforcement purposes

12 Disclosures should all be made from established points of disclosure within a facility The PAD is often the best office to service as the point of disclosure All uses and disclosures of information are limited by the ‘need-to-know’ standard except for uses and disclosures for treatment Only the amount of information reasonably necessary to achieve the purpose of the release is permitted Permitted Uses and Disclosures of PHI (2 of 2)

13 What is the PHIMT? The PHIMT is a web-based application that assists in complying with the HIPAA Privacy Disclosure Accounting Requirement It allows users to track disclosures, document requests for amendments and authorizations, document complaints and restrictions to Protected Health Information (PHI) –Commercial Off-The-Shelf (COTS) Product customized for TMA –Deployed in October 2003 with a series of training supporting the deployment to the MTFs

14 Why Does the PHIMT Exist? (1 of 2) The HIPAA Privacy Rule requires a covered entity to maintain a history of when and to whom disclosures of PHI are made for purposes other than treatment, payment and healthcare operations (TPO) Individuals have the right to receive an accounting of disclosures of PHI made by the covered entity MHS must be able to provide an accounting of those disclosures to an individual upon request –Not required to account for disclosures that occurred prior to the April 14, 2003 compliance date

15 Why Does the PHIMT Exist? (2 of 2) To comply with this requirement, TMA provides an electronic disclosure-tracking tool –Centrally managed application that is accessed via the Internet –Database is stored within TMA’s Network Operations Center located in Falls Church, VA –Stores information about all disclosures, authorizations, and restrictions that are made for a particular patient

16 JCAHO - Environment of Care & Patient Safety EC Standards 2.10 and 9.10 Address auditory and visual privacy Identify and manage security risks Monitor conditions in the environment Medication Reconciliation 8b Communicate patient’s medications when referred or transferred to another service, practitioner, or level of care within or outside the organization Source: Joint Commission on Healthcare Accreditation Brief from April 2006 HIPAA Summit

17 Public Concerns about Privacy … Breaches of Confidentiality June 2006 – Nurse prosecuted for disclosing patient information for personal gain, violating HIPAA May 2006 – A laptop containing information on 26.5 million beneficiaries is stolen from the home of a VA Employee April 2006 – HA/TMA Network is hacked, information on both government employees and beneficiaries is compromised

18 Public Concerns about Privacy … Breaches of Confidentiality Bank of America loses credit card account data of 1.2 million federal employees, including 60 U.S. senators –Several senators have introduced privacy legislation in the wake of this and other breaches ChoicePoint Settles Data Security Breach Charges; to Pay $10 Million in Civil Penalties, $5 Million for Consumer Redress –At Least 800 Cases of Identity Theft Arose From Company’s Data Breach

19 Public Concerns about Privacy … Breaches of Confidentiality ' Human error' exposes patients' Social Security numbers in N.C. –More than 600 Blue Cross members in the state were affected by the breach Contractor sent names and Social Security numbers of current and former employees, vendors and contractors to his home computer in violation of company policies –That file contained the names and Social Security numbers of 27,000 former and current internal and contract employees

20 This Is Happening to You Hacker Steals Air Force Officers' Personal Information By Jonathan Krim Washington Post Staff Writer Tuesday, August 23, 2005; Page D01 Social Security numbers, birth dates and other private data on roughly 33,000 Air Force officers -- about half the branch's officer corps -- were stolen from a military computer database, the service informed its personnel…

21 Due Diligence: How Do You Know You Are Safe? What are you doing to prevent a compromise from happening? Are you aware of the issues your HIPAA Privacy and Security Officers are facing? Is there enough time, resource, personnel, and money to get the job done? What are your policies and procedures related to the protection of data and Protected Health Information (PHI)? Have you mapped the flow of data in your MTF/Clinic/Organization? Have you expanded your HIPAA and other Privacy and Security training to include related responsibilities?

22 What Can You Do? Policies Procedures –Existence –Enforcement –Standardization –Accountability Training Statistics –Percentage Complete –Delinquency –Time to complete course/exam Accounting of Disclosures –Use of centralized tool (PHIMT) –Multiple disclosure procedure –Documentation

23 JCAHO - Leadership LD Standards 1.30 and 3.15 Comply with applicable licensure requirements, laws, rules and regulations Develop and implement plans to identify and mitigate impediments to efficient patient flow Source: Joint Commission on Healthcare Accreditation Brief from April 2006 HIPAA Summit

24 Leadership Be a proactive Leader Take ownership of program Develop “Best Practices” Become the expert Innovation is the key Get involved and stay involved Communicate Become a HIPAA advocate for the beneficiaries and your staff HIPAA

25 Biggest Challenge Need to assess everyday practices such as: – Who has the need to know? – What information is discussed during Morning Reports? – How do your medical records move within and outside of your facility? – Where is PHI being released? – What vulnerabilities exist? – What current practices within your facility are truly necessary or are just traditional? – Are you at risk?

26 TMA Privacy Office Website

27 Our Commitment The TRICARE Management Activity (TMA) Privacy Office is committed to ensuring the privacy and security of patient information at every level as we deliver the best medical care possible to those we serve. TRICARE Management Activity

28 Resources DoD R, “DoD Health Information Privacy Regulation”, January 2003 DoD 8580.x-R, Draft “DoD Health Information Security Regulation” for subject matter questions for tool related questions to subscribe to the TMA Privacy Office E-News HIPAA Privacy and Security Service Representatives

Questions? HEALTH AFFAIRS TRICARE Management Activity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.