HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.

Slides:



Advertisements
Similar presentations
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Advertisements

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA
HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
HIPAA Privacy Keys to Success Education for Nursing and all other Clinical Students Effective January 2010 HIPAA Job Specific Education1.
HIPAA P RIVACY & S ECURITY Education for Health Care Professionals.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
HIPAA OBJECTIVES  Define HIPAA  Define PHI  Use of PHI  Your rights  Your responsibilities.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Western Asset Protection
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA THE PRIVACY RULE Reviewed 10/ HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
ELECTRONIC HEALTH RECORD PRIVACY TRAINING
HIPAA Privacy and Security
HIPAA PRIVACY & SECURITY TRAINING
HIPAA THE PRIVACY RULE Reviewed December 2012.
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Privacy & Confidentiality
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI.
The Health Insurance Portability and Accountability Act
HIPAA Privacy & Security
The Health Insurance Portability and Accountability Act
HIPAA & PHI TRAINING & AWARENESS
The Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act
Presentation transcript:

HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation

Introduction The purpose of HIPAA training is to uphold the confidentiality of medical record information and protect the patient’s right to privacy in the collection and disclosure of patient information. HIPAA regulations require organizations, such as Ridgeview Institute, to provide HIPAA training to its workforce members.

What is HIPAA? Health Insurance Portability and Accountability Act (HIPAA) is a federal law to provide privacy standards to protect patient’s medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. These standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed.

Patient Rights Patients have the right: To receive a copy of Ridgeview Institutes Notice of Privacy Practices To request restrictions on disclosures of Protected Health Information To receive an accounting of disclosures To request an alternate means of communication, such as sending mail to a P.O. Box versus home address.

Right to Complain Patients have the right to complain if they feel their privacy rights have been violated. Refer patients with complaints about privacy violations to Ridgeview Institute’s Privacy Officer. Anita Thomas ext

Protecting Patient Confidentiality As a healthcare worker, you must do your best to keep patient information confidential, regardless of whether you know the patient. Discussing PHI with individuals not involved in the patient’s care is a violation of the patient’s rights! Each Ridgeview work force member is responsible for maintaining and protecting the privacy and confidentiality of patients, family members, visitors, and co-workers.

What is PHI? All protected health information (PHI) is subject to federal HIPAA regulation, which refers to any information that identifies a patient and relates to at least one of the following: 1.The individual's past, present, or future physical or mental health 2.The provision of health care to the individual 3.Past, present, or future payment for health care Information that can identify an individual includes either the individual's name or any other information that could enable someone to determine the individual's identity.

PHI & ePHI Definitions Protected Health Information (PHI) is all individually identifiable health information held or transmitted by Ridgeview in any form or media whether electronic, paper records, fax documents or oral communications. ePHI is all individually identifiable health information that Ridgeview creates, receives, maintains or transmits in electronic form. Types of Identifying Health Information  Name  Address  All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death, and exact age if over 89)  Telephone numbers  FAX number  address  Social Security number  Medical record number  Health plan beneficiary number  Account number  Certificate/license number  Any vehicle or other device serial number  Device identifiers or serial numbers  Web URL  IP address  Finger or voice prints  Photographic images  Any other characteristic that could uniquely identify the individual

Physical Security These steps include:  Locking Doors & Desks  Storing Computer equipment safely and securely  Making sure that those around you cannot easily view PHI or ePHI  Controlled Facility Access (e.g., ID badge) Physical Security involves common sense steps to safeguard information from physical threats.

Physical Safeguards Additional required steps include: Never leave your PC unattended while you are logged in. Never share your log in password with anyone. It is a violation of Ridgeview Policy to share your password or log-in credentials. Keep your computer monitor positioned out of public view. Hold your conversations with patient/family in areas where PHI is not easily overheard. Ridgeview Institute takes measures to provide physical safeguards by limiting physical access to facilities where PHI is stored and requiring employees to wear authorized ID badges at all times while on campus.

Inappropriate access to PHI It is a blatant violation of patient privacy to view someone’s record for reasons outside of your role at Ridgeview Institute. Those authorized to view a patient’s record are allowed to do so only as needed to perform their job. This limited access includes restrictions to accessing Hard Copies (Paper Records) and Electronic Data Records.

HIPAA–Minimum Necessary Requirement HIPAA calls on health care workers to use the minimum amount of patient information they need to do their jobs efficiently and effectively. Ask yourself: –Do I need this information to do my job and provide good patient care? –What is the least amount of information I need to do my job? –What is the minimum amount I need to share with other to provide quality patient care?

Disclosure of PHI HIPAA requires an authorization signed by the patient or the patients’ legal guardian before any PHI may be communicated verbally or in writing to another party. Federal regulations require documentation of what information was released, the date released, and who released the information, be recorded in the medical record. This may be documented at the bottom of the authorization form.

Exceptions to Disclosure  Medical Emergencies  Reporting of Suspected Abuse (child or elder)  Reporting of Communicable Diseases  Court Order

Disposal of PHI HIPAA requires Protected Health Information (PHI) to be kept confidential even when it’s being thrown away. It is the responsibility of ALL Ridgeview work force members to dispose of anything with PHI in a locked trash bin designated for disposal of confidential information.

Misdirected Faxes with PHI Misdirected faxes are not uncommon in the daily operations of a healthcare facility.  A Ridgeview employee who unintentionally sends a fax with PHI to the wrong party should report the incident to their supervisor or Ridgeview’s HIPAA Privacy Officer immediately at x2801 or  In addition, all print jobs should be picked up IMMEDIATELY from the printer and should never be left unattended. Ridgeview’s HIPAA Privacy Officer

Health Information Technology for Economic and Clinical Health (HITECH) Act The HITECH Act (law) strengthens HIPAA enforcement. It includes provisions that call for increased monetary penalties for violation of HIPAA privacy and security regulations, new patient information breach notification requirements, and increased privacy rights for patients.  HITECH established four tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical nature during a calendar year.  Depending on the circumstances, federal or state law may permit civil or criminal litigation and/or restitution, fines, and/or penalties (including jail time) for actions violating HIPAA.  Ridgeview Sanction Policy which could include termination of employment depending on the severity of the violation. A recent example in the news, a hospital in Massachusetts agreed to pay a $1 million dollar fine as a result of an incident involving the loss and disclosure of PHI of 192 patients.

Breach Notification (HITECH) If it is determined there is a violation, certain entities must be notified:  Individual whose privacy has been violated  Office of Civil Rights under the DHHS  Media (over 500 individuals)  Business Associates must report to the Covered Entity

Business Associates (BAs) HIPAA governs those who contract with Ridgeview Institute and use or have access to Protected Health Information (PHI). Penalties and sanctions are applied directly to BAs violating Privacy and Security regulations.

RVI Intranet: HIPAA Related SPPs  1.2Business Associates  1.6Confidentiality  7.1Personnel Security  7.2Workstation Use  7.3 , Internet, & Intranet Use  Faxing Employee Healthcare Info.  15.2 Release of Information

HIPAA Related SPPs (continued)  15.3 Completion of Medical Record  15.4 Faxing Patient Information  15.5 Amendment to Protected Health Information  15.6 Right to Request Privacy Protection  15.7 Sanctions for Non-Compliance with HIPAA  15.8 Privacy Complaints  15.9 Notices of Privacy Practices of PHI