Shelby County Health Department

Slides:



Advertisements
Similar presentations
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Advertisements

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
HIPAA Training: Health Insurance Portability and Accountability Act.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
HIPAA Health Insurance Portability and Accountability Act 1.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA How can you maintain patient privacy and confidentiality? General Medicine LCCA.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Next ETCH Confidentiality and HIPAA Annual Review What you need to know. The Privacy Rule 1.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
HIPAA (health insurance portability and accountability act)
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Health Insurance Portability and Accountability Act (HIPAA) © 2013 Project Lead The Way, Inc.Principles of Biomedical Science.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Privacy What Every Staff Member Needs to Know.
Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Health Insurance Portability and Accountability Act
HIPAA Privacy & Security
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Reid Cushman, UM Ethics Programs
Privacy & Confidentiality
Health Insurance Portability and Accountability Act
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
HIPAA Privacy & Security
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
The Health Insurance Portability and Accountability Act
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
South Jordan City Fire Department
Presentation transcript:

Shelby County Health Department Medical Reserve Corps Health Insurance Portability and Accountability Act (HIPAA) Volunteer Training 2011 Privacy & Security Protection of Public Health Patients Information During a Disaster Judy C. Martin, Ph.D., NP-BC – Privacy Officer Shawn McClure, MBA, BA – Security Officer

Privacy and Confidentiality The Shelby County Health Department has a legal and ethical responsibility to safeguard the privacy of all patients and protect the confidentiality of their health information.

Protected Health Information All employees and volunteers are to safeguard the confidentiality of patients’ health information maintained in any form including medical records, electronic systems, oral or written communications.

What is HIPAA? Health Insurance Portability and Accountability Act Considered the most significant federal healthcare legislation since Medicare was enacted in 1965 HIPAA creates national standards for privacy and security of patient information HIPAA defines certain patient rights such as the patient’s right to access her/her medical record information

HIPAA? FERPA? What’s the Difference? Health Insurance Portability and Accountability Act (HIPAA) protects patient rights to privacy regarding health-related information such as the patient’s right to access her/her medical record information ->> Health care setting Family Educational Rights and Privacy Act (FERPA) protects the privacy of students' "education records" which also includes certain students' health records --> School setting

Privacy Notices HIPAA requires covered entities to provide patients with notices of their privacy practices and to document that this was done. The General Consent Form is used to communicate privacy practices and patient rights. Standard form for SCHD. If the health department opens up community point of dispensing sites, volunteers in certain roles will be required to distribute the HIPAA general consent form.

Disclosure Logs HIPAA requires covered entities to keep records of disclosures of patient information Volunteers that are assigned to work the registration desk will be required to ensure that patients names are kept confidential.

Why HIPAA? Requires covered entities to develop security standards to control access assure security of electronic protected health information (EPHI) from accidental or intentional disclosure to unauthorized persons If you are assigned to enter patient data on a computer, it is very important that any electronic information is not shared with the public, family, or friends.

Security Standards To protect information from being altered, damaged or destroyed accidentally or deliberately To provide for emergency operations and disaster recovery of computer systems

Who must comply? Health care providers and staff who conduct certain health care transactions electronically Health Care Insurance Plans Health Care Clearinghouses As volunteers you are required comply with these regulations.

What if we DO NOT comply? Employment penalties ranging up to termination and charges Non-Compliance $100 for each violation Maximum of $25,000 per year per incident Unauthorized Disclosure or Misuse of Patient Information Penalties up to $250,000 Prison time up to 10 years

What Information is Protected? Protected Health Information (PHI) Information about individuals or patients and their past, present or future health conditions All information about patients maintained in electronic paper or oral format Electronic Protected Health Information (EPHI) Information about patients that is kept in electronic form on computers The HIPAA Security Policies of the Health Department safeguard this information.

What are Examples of PHI? Protected Health Information (PHI) is any information that can identify the individual Examples include: Name Address Social Security Number Date of Birth Medical Record Number Medical diagnosis Chief complaint

Examples of Non-Compliance & Unauthorized Disclosures One sheet of paper containing PHI left at the front desk and visible to others (sign-in sheet) – Privacy One computer system left unattended while logged in – Security Knowingly releasing medical record or other PHI to unauthorized individuals - Privacy Selling PHI to marketing firms - Variable Faxing of PHI to an unsecured office fax machine Security Verifying to unauthorized entity the enrollment, diagnosis, or treatment of another individual - Variable

More Examples of Non-Compliance & Unauthorized Disclosures Medical Records area left unattended and door open to a public hall – Privacy A medical provider sharing their system access code with a another to read a report about a colleague – Security Driving with unsecured medical records or other patient PHI in vehicle - Privacy Leaving medical records on one’s desk in an unlocked office in an area with public access - Privacy Discarding any public health computer in any manner other than by direct transfer to IT staff - Security

Permitted Uses and Disclosures Permitted for TPO T Treatment P Payment O Health Care Operations Required Disclosures To the patient To HHS Department for compliance

Permitted Uses and Disclosures As required by law Law enforcement purposes To avert serious threat to health and safety Certain public health activities To report victims of abuse neglect, domestic violence or injury Judicial proceedings Worker’s compensation

Release of Protected Health Information Form Other uses and disclosures require the patient’s specific authorization (and signature) using the Release of Protected Health Information Form Regardless to use, Disclosure Log must be used

Minimum Necessary Standard or Need to Know Rules The Privacy Rule limits employees’ access only to: the type of PHI needed to perform their jobs disclosures to other entities for only the PHI needed to achieve the intended purposes Minimum Necessary Standard does not apply for: Disclosures made to a patient for his own record Does not apply uses or disclosures required by law

Not Subject to HIPAA HIPAA excludes individually identifiable health information contained in Employment Records of a covered entity Education records covered by the Family Education Rights and Privacy Act (FERPA)

10 Deadly HIPAA-Related Sins 1. Thou shalt not discuss or disclose any patient information with others, including family or friends, who do not have a need to know the information. Thou shalt only access patient information for which you have specific authorization to access in order to do your job. Thou shalt not make inquiries for patient information for other persons who do not have proper authority. Thou shalt keep your computer password confidential and not share it with anyone or knowingly use another person’s password instead of your own for any reason. Thou shalt control physical access to medical records and other areas with patient information including computers, fax machines, printers, copiers and file cabinets.

10 Deadly HIPAA-Related Sins Thou shalt not discuss or disclose any patient information with others, including family or friends, who do not have a need to know the information. Thou shalt always use a cover sheet that includes a confidentiality statement when faxing medical information. Thou shalt understand the requirements regarding transmission of ENCRYPTED patient information via email internally only. Thou shalt not make any unauthorized transmission, inquiries, modifications or purging of patient protected health information in any system. Thou shalt log off or prohibit screen access which contains any patient protected health information prior to leaving any computer or terminal unattended.

It is your duty as a Shelby County Health Department Medical Reserve Corps volunteer to report any breach of confidentiality that you observe.

Best Practices for Privacy and Security of Health Information

Security of EPHI Create a good password (8 characters in length with a combination of letters, numbers and symbols) Keep the password confidential. Do not share passwords. If you must write passwords down in order to remember them, put them in a safe place.

PHI at the Workplace and Volunteer Response Efforts Turn computer monitors away from general public. Restrict access to areas where PHI is openly displayed. Turn PHI face down when you step away from your desk. Place unneeded PHI like labels and encounter forms in the SHRED-IT bin in your work area. Seek private areas to share confidential information.

Faxing PHI Fax can be a high security risk if not used properly. Patient medical information (with the exception of information related to HIV and STDS) may be transmitted via fax when needed for IMMEDIATE PATIENT CARE ONLY. Always use a cover sheet that includes a confidentiality statement.

Faxing PHI Verify identity of person to whom you are faxing information. Ensure faxes can be received in a secure manner that limits unauthorized access to information. Pre-program frequently used numbers.

Emailing PHI Email can be a high security risk if not used properly. Protected Health Information (PHI) via email may be sent internally but it MUST be ENCRYPTED to be sent outside the department.

Transporting PHI Never leave PHI unattended at off-site locations. Maintain PHI in a secure enclosure such as a briefcase or carrying case. Keep PHI out of public view when transporting in car or van.

Transporting PHI - Examples Relocating medical record from one clinic to another. Transporting the client records completed during a home visit. Transporting pre-packaged and labeled medications to a community-based client

Privacy of PHI Never access information that you are not specifically authorized to access. The department monitors work stations for correct use of PHI. Treat all PHI confidential even when you learn it accidentally.

Physical Security and Access Only workforce members and authorized visitors are to be allowed access to SECURE AREAS where PHI is kept. Visitors should be appropriately monitored and escorted to assure that they do not access confidential information.

Physical Security Physical access to sensitive office equipment should be controlled - including computers, printers, copiers, fax machines, and file cabinets. PHI must not be left unattended on computer printers, copiers and fax machines.

Security Breaches Immediately report any of the following security breaches to the Volunteer Coordinator, Jennifer Price, Clinic Manager or designee: Disclosure of PHI due to a security breach Physical security of an area not maintained, thus causing risks to computers or improper disclosure Theft of computers with PHI

Potential Privacy and Security Breaches

HIPAA Compliance for Employees Document Destination Signed confidentiality agreement upon employment Human Resources Assigned program office Initial HIPAA training documentation (completed quiz, signed training log) Annual HIPAA training documentation (signed training log) Signed Information System User Access Notice IT Minimum Necessary Health Information Access Form Minimum Necessary Health Information Access Form IT

HIPAA Compliance for Students and Interns Document Destination Signed confidentiality agreement upon employment Human Resources Assigned program office HIPAA training documentation (completed quiz, signed training log) Signed Information System User Access Notice IT Minimum Necessary Health Information Access Form

HIPAA Compliance for Volunteers Each volunteer must comply with HIPAA regulations Volunteers are required to sign a HIPAA confidentiality agreement When warranted attend advanced HIPAA re-currency training for updates

And finally… We have a legal, moral and ethical responsibility to protect patient information as if it were our own. HIPAA is everyone’s responsibility.

Questions…..