CONFIDENTIALITY GUIDELINES FOR PA STAFF Based on HIPAA Regulations & General Confidentiality Protocols.

Slides:



Advertisements
Similar presentations
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Advertisements

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Protecting Enrollees’ Health Information under HIPAA Presented by the Michigan Department of Civil Service Employee Benefits Division Employee Benefits.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.
Informed Consent.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Health Insurance Portability and Accountability Act (HIPAA)
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
1 Ethics For the Employee Benefits Agent.  Ethics – defined as a principle of right or good conduct; a system of moral principles or values; the rules.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Privacy and Information Management ICT Guidelines.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
HIPAA (health insurance portability and accountability act)
Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
What is HIPAA? Health Insurance Portability and Accountability Act of HIPAA is a major law primarily concentrating on the prolongation of health.
HIPAA Privacy Rule Training
HIPAA PRIVACY & SECURITY TRAINING
East Carolina University
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Privacy & Confidentiality
Paul T. Smith Davis Wright Tremaine LLP
Health Advocate HIPAA Privacy Information
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Overview.
The Health Insurance Portability and Accountability Act
Lesson 1: Introduction to HIPAA
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
The Health Insurance Portability and Accountability Act
Presentation transcript:

CONFIDENTIALITY GUIDELINES FOR PA STAFF Based on HIPAA Regulations & General Confidentiality Protocols

What is HIPAA? A federal law Geared to improve the health insurance system Defines rules for protection of patient information  More on that later

Does the PA Have to Comply w/ HIPAA? Yes, it’s recommended HIPAA guidelines cover three basic groups:  Health plans, health care providers, and health care clearinghouses.  Expansive regulatory definition of health plan above includes: Employee benefit plans

But We’re Not A Health Plan! True, but we are:  An organization that routinely handles protected health information from a health plan, in any capacity, is in all probability a covered entity.  Routinely handles, includes: “administration” The PA is likely considered the plan administrator However, this hasn’t been officially determined In the meantime, better to err on the side of caution

We Contract w/ A Health Plan Business associate contracts required by HIPAA  Organizations performing functions involving PHI on behalf of “covered entities” would be reached.  The PA is considered a business associate of the AAH, Delta & EyeMed How does that business association effect all PA staff?  All PA staff are supposed to comply  Behavior of individuals in the business associates' workforces would be covered by HIPAA rules.

What Does the PA Have to Do to Comply? Generic requirements for covered entities:  Training workforce members so that they understand the privacy procedures  Designating a privacy office/officer  Adopting adequate security policies and procedures for records containing individually identifiable health information

What Am I Protecting? Patient information PHI  Individually identifiable health information

What is Patient Information? Patient information, a.k.a “patient health information,” is:  “Any information, whether oral or recorded in any form or medium that is…  “Created or received by an employer...” and  “Relates to the provision of health care to an individual…” or  “…the past, present, or future payment for the provision of health care to an individual."

What is PHI? (Protected Health Information) Protected health information includes any individually-identifiable health information. Health information with data items which reasonably could be expected to allow individual-identification. Individually-identifiable health information should not be interpreted narrowly Beyond a patient's name and social security number, other information:  Spouse's name, & emergency contact individual and number, could be used to individually identify a patient.

HIPAA Privacy Rule Mandates the protection and privacy of all protected health information. Specifically defines the disclosures of "individually-identifiable" health info.

What If I Don’t Handle Medical Information? You should still abide by general confidentiality protocols for sensitive information Let’s learn  What confidentiality means  What’s considered confidential  How to handle confidential data

Confidentiality Confidentiality defined by the International Organization for Standardization (ISO)  “Ensuring that information is accessible only to those authorized to have access"  Adaptation of the military's "need-to-know" principle  Forms the cornerstone of information security today

Sensitive Data- What is It? Why Keep It Confidential? Data required to hire, pay, and manage employees is by nature sensitive. Information could be misused to commit fraud, discrimination, and other violations.  Job discrimination based on breech of medical data or DOB  Identity theft If data is misused, employer could face costly lawsuits. Employer may lose employee trust and confidence

How Do Other Employers Handle Sensitive Information? Most employers voluntarily protect employee’s personal information  They follow the laws willingly Abide by current laws  Laws passed to protect employee confidentiality include: ADA (federal) HIPAA (federal)  State laws limit how an employee's SSN number can be used or transmitted Information Practices Act of 1977 On PA M:/ drive

Protocols for Handling Sensitive Information Develop policies that address workplace confidentiality Train managers and supervisors about confidentiality issues and legal requirements Guard against indiscreet behavior  Even seemingly minor incidents Tossing sensitive info. in the trash Speaking too loudly where other’s can overhear Leaving employee data displayed on visible monitor Coordinate with external employee services  Benefit providers, payroll services (HRM), outsourced HR service centers (HRM)

More Protocols (General) for Handling Sensitive Information Store confidential information securely  Traditional “lock & key” for hard copies  Electronic methods for electronic data Firewalls, encryption, password protection Secure disposal Stay current on legal requirements and best practices  Professional HR associations are a good source of updates  You also can attend seminars sponsored by consulting, outsourcing, and law firms

Confidentiality “How To”: Begin with Mindfulness Develop your confidentiality “higher consciousness”  Keep confidentiality in the forefront of your mind Continually ask yourself, “Am I dealing with something considered sensitive or confidential?” Hone your “Spidey” confidentiality sense Make peace with confidentiality protocols  Don’t fight them, adopt them

Confidentiality “How To” Best: exchange sensitive files via secure FTP Good: zip & encrypt files; send via  Win Zip or other software OK: password protect docs w/ out zipping; send via Turn monitor off if displaying sensitive info.  Monitor off & lock computer (cntrl, alt,del) if away from desk for more than a minute or two

More Confidentiality “How To” Keep your voice down  Don’t discuss/share sensitive info. where others can hear you  Just close the door Keep hard copies in a locked file cabinet  Restrict access to locked cabinet Use file folders to keep hard copy docs from public view when working with them

Even More Confidentiality “How To” Tell callers that you are bound by State & Federal laws that limit what you can discuss Steer callers away from disclosing personal medical information/sensitive info. if not necessary  The less you know, the less you may potentially misuse