HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

Slides:



Advertisements
Similar presentations
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
Advertisements

Procedural Safeguards
Protecting Patient Privacy:
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
PATIENT RIGHTS UNDER HIPAA HIPAA Collaborative of Wisconsin April 2003.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
HIPAA Privacy Rule Training
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
North Carolina State University Health Information Privacy 4/16/03.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
Pasadena Villa Network of Services
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Overview of HIPAA Administrative Simplification and Privacy Regulations Darrel J. Grinstead, Partner Amy B. Kiesel, Associate Hogan & Hartson L.L.P.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Office of the Secretary Office for Civil Rights (OCR) Indian Health Service HIPAA Training Hosted by the Aberdeen Area Office July 24, 2012.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
HIPAA A Sea of Confusion, A Wave of the future and A High Tide of Confidentiality.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
HIPAA Privacy Rule Training
HIPAA CONFIDENTIALITY
Reid Cushman, UM Ethics Programs
HIPAA Administrative Simplification
Privacy Notice - Requirements
Health Insurance Portability and Accountability Act
Disability Services Agencies Briefing On HIPAA
HIPAA Pros - Minimum Necessary
Health Insurance Portability and Accountability Act
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
Presentation transcript:

HIPAA Privacy Practices

Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to read it. A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to read it. DMH service sites must attempt to obtain a Consumers signed acknowledgement of receipt of the Notice at the Consumers next visit beginning April 14, This acknowledgement is to be recorded on DMH Form C-107 or an applicable intake or admission form containing the statement, I have been provided a copy of the SCDMH Notice of Privacy Practices and an opportunity to review it and ask questions. If not signed, staff must note on the signature line of the statement, shy signed acknowledgement was not obtained. DMH service sites must attempt to obtain a Consumers signed acknowledgement of receipt of the Notice at the Consumers next visit beginning April 14, This acknowledgement is to be recorded on DMH Form C-107 or an applicable intake or admission form containing the statement, I have been provided a copy of the SCDMH Notice of Privacy Practices and an opportunity to review it and ask questions. If not signed, staff must note on the signature line of the statement, shy signed acknowledgement was not obtained.

DMH Uses and Disclosures of PHI After providing the Consumer with the opportunity to review the Notice, and object and/or request certain restrictions, staff may share PHI as described in the Notice. DMH workforce members should limit use or disclosure of PHI to the Minimum Necessary to accomplish the purpose for the use or disclosure as described in the Notice. After providing the Consumer with the opportunity to review the Notice, and object and/or request certain restrictions, staff may share PHI as described in the Notice. DMH workforce members should limit use or disclosure of PHI to the Minimum Necessary to accomplish the purpose for the use or disclosure as described in the Notice.

Other Exceptions, Legal Proceedings, Notice of Privacy Law Unless disclosure is otherwise permitted by the Notice, upon receipt of a subpoena or other request for PHI, a statement substantially similar to the MODEL NOTICE OF PRIVACY LAW must be sent to the requester. If required to provide testimony or other information containing PHI in a legal proceeding, staff must follow the procedure described in DISCLOSURES IN LEGAL PROCEEDINGS. Unless disclosure is otherwise permitted by the Notice, upon receipt of a subpoena or other request for PHI, a statement substantially similar to the MODEL NOTICE OF PRIVACY LAW must be sent to the requester. If required to provide testimony or other information containing PHI in a legal proceeding, staff must follow the procedure described in DISCLOSURES IN LEGAL PROCEEDINGS.

Authorizations Unless permitted by the Notice, PHI may not be disclosed without a signed AUTHORIZATION TO DISCLOSE SCDMH PROTECTED HEALTH INFORMATION, to be kept in the Consumers medical record. Requests pursuant to an Authorization must be acknowledged within 15 days of receipt and completed within 60 days. Unless permitted by the Notice, PHI may not be disclosed without a signed AUTHORIZATION TO DISCLOSE SCDMH PROTECTED HEALTH INFORMATION, to be kept in the Consumers medical record. Requests pursuant to an Authorization must be acknowledged within 15 days of receipt and completed within 60 days.

Re-Disclosure When PHI is authorized to be disclosed by the Notice (e.g. photocopies of a medical records sent to a non-DMH medical provider for Treatment), the disclosed copies of PHI must be accompanied by a notice cover sheet or other statement substantially similar to the MODEL NOTICE PROHIBITING RE-DISCLOSURE. When PHI is authorized to be disclosed by the Notice (e.g. photocopies of a medical records sent to a non-DMH medical provider for Treatment), the disclosed copies of PHI must be accompanied by a notice cover sheet or other statement substantially similar to the MODEL NOTICE PROHIBITING RE-DISCLOSURE.

Consumer Privacy Rights The Notice describes the following Consumer PHI privacy rights: receipt of a copy of the Notice and opportunity to review and ask questions; object and request restrictions on some PHI uses or disclosures; request confidential communication/notification; inspect and obtain copy of PHI; request amendment to PHI; receive an accounting of PHI disclosures; and the right to file a complaint with DMH, HHS and Office of Civil rights about DMH privacy practices. The Notice describes the following Consumer PHI privacy rights: receipt of a copy of the Notice and opportunity to review and ask questions; object and request restrictions on some PHI uses or disclosures; request confidential communication/notification; inspect and obtain copy of PHI; request amendment to PHI; receive an accounting of PHI disclosures; and the right to file a complaint with DMH, HHS and Office of Civil rights about DMH privacy practices.

Consumer Access to His or Her Own PHI, Psychotherapy Notes A Consumer has the right to request (REQUEST TO INSPECT AND/OR COPY SCDMH PROTECTED HEALTH INFORMATION) access and/or copies of his/her PHI as described in the Notice as long as DMH maintains the PHI. A Consumer has the right to request (REQUEST TO INSPECT AND/OR COPY SCDMH PROTECTED HEALTH INFORMATION) access and/or copies of his/her PHI as described in the Notice as long as DMH maintains the PHI. As applicable, the DMH component must inform the Consumer that the request has been granted and provide access as requested (see MODEL REPLY TO REQUEST TO INSPECT AND/OR COPY). As applicable, the DMH component must inform the Consumer that the request has been granted and provide access as requested (see MODEL REPLY TO REQUEST TO INSPECT AND/OR COPY). If access is denied, the DMH component must provide a written denial within 15 days of the request (see MODEL REPLY TO REQUEST TO INSPECT AND/OR COPY). If access is denied, the DMH component must provide a written denial within 15 days of the request (see MODEL REPLY TO REQUEST TO INSPECT AND/OR COPY). If the Consumer requests a review in writing, the component must designate a licensed health care professional who was not involved in the denial decision to review the denial. The designated person must give the Consumer written notice within 15 days of review request, the designated persons decision, and take other action necessary to carry out the decision. If the Consumer requests a review in writing, the component must designate a licensed health care professional who was not involved in the denial decision to review the denial. The designated person must give the Consumer written notice within 15 days of review request, the designated persons decision, and take other action necessary to carry out the decision.

Consumers Right to Request Amendment to PHI After a Consumer requests an amendment in writing (REQUEST TO AMEND SCDMH PROTECTED HEALTH INFORMATION) staff must act on the request in accord with the Notice timelines and procedures. After a Consumer requests an amendment in writing (REQUEST TO AMEND SCDMH PROTECTED HEALTH INFORMATION) staff must act on the request in accord with the Notice timelines and procedures. The request must be reviewed by the designated staff in conjunction with staff originally recording the PHI and by the staffs supervisor(s), who must consult with other staff as needed to determine if an amendment is needed. The request must be reviewed by the designated staff in conjunction with staff originally recording the PHI and by the staffs supervisor(s), who must consult with other staff as needed to determine if an amendment is needed. The Consumer must be informed of the final decision by a letter substantially similar to the MODEL REPLY TO REQUEST TO AMEND with a copy of the original REQUEST, including Page 2 documenting the DMH components review and basis for its decision. The Consumer must be informed of the final decision by a letter substantially similar to the MODEL REPLY TO REQUEST TO AMEND with a copy of the original REQUEST, including Page 2 documenting the DMH components review and basis for its decision.

Consumers Right to Request Accounting of Some PHI Disclosures DMH components must log each applicable PHI disclosure using the ACCOUNTING LOG OF PHI DISCLOSURES. DMH components must log each applicable PHI disclosure using the ACCOUNTING LOG OF PHI DISCLOSURES. The accounting must include disclosures by DMH as well as disclosures to a DMH Business Associate. This accounting requirement does not include PHI used or shared before April 14, 2003 or other disclosures described in the Notice. The accounting must include disclosures by DMH as well as disclosures to a DMH Business Associate. This accounting requirement does not include PHI used or shared before April 14, 2003 or other disclosures described in the Notice.

Consumer Privacy Practice Complaints Applicable DMH components must, in coordination with the local Privacy Officer and Consumer Advocate, have a process for Consumers to make a written complaint about DMH privacy practices or compliance with those practices (SCDMH PRIVACY PRACTICES COMPLAINT) and must document all complaints received and their disposition as described in the Notice. At any time, a Consumer has the right to file a complaint with DMH and/or HHS as described in the Notice. Applicable DMH components must, in coordination with the local Privacy Officer and Consumer Advocate, have a process for Consumers to make a written complaint about DMH privacy practices or compliance with those practices (SCDMH PRIVACY PRACTICES COMPLAINT) and must document all complaints received and their disposition as described in the Notice. At any time, a Consumer has the right to file a complaint with DMH and/or HHS as described in the Notice.

DMH Privacy Officer DMH must designate a DMH Privacy Officer responsible for the development and implementation of DMH privacy practices. Applicable DMH components must designate a local Privacy Officer and Privacy Practices workgroup that advise and support the local Privacy Officer and DMH Privacy Officer DMH must designate a DMH Privacy Officer responsible for the development and implementation of DMH privacy practices. Applicable DMH components must designate a local Privacy Officer and Privacy Practices workgroup that advise and support the local Privacy Officer and DMH Privacy Officer

Training DMH components must document training on DMH Privacy Practices before April 14, 2003 for its workforce members. Each new workforce member must receive this training within 30 days after joining the workforce. Each workforce member, whose functions are impacted by a material change in this Directive, or by a change in position or job description, must receive the training as described above within a reasonable time after the change becomes effective. DMH components must document training on DMH Privacy Practices before April 14, 2003 for its workforce members. Each new workforce member must receive this training within 30 days after joining the workforce. Each workforce member, whose functions are impacted by a material change in this Directive, or by a change in position or job description, must receive the training as described above within a reasonable time after the change becomes effective.

Sanctions and Mitigation of Damages DMH Human Resources office must document and each DMH component must apply, appropriate DMH employee disciplinary action, for employees who fail to comply with this Directive. Exceptions include disclosures made by employees as whistleblowers, for mandatory reporting or certain crime victims. Each DMH component must have a process to mitigate, to the extent practicable, any harmful effects of unauthorized uses or disclosures of PHI by the component or any of its Business Associates. DMH Human Resources office must document and each DMH component must apply, appropriate DMH employee disciplinary action, for employees who fail to comply with this Directive. Exceptions include disclosures made by employees as whistleblowers, for mandatory reporting or certain crime victims. Each DMH component must have a process to mitigate, to the extent practicable, any harmful effects of unauthorized uses or disclosures of PHI by the component or any of its Business Associates.

Security Applicable DMH components must comply with PRIVACY PRACTICES SECURITY requirements. Applicable DMH components must comply with PRIVACY PRACTICES SECURITY requirements.

Disclosure of Unidentifiable Information or Information in Limited Data Sets PHI may be disclosed under the requirements and protocols described in UNIDENTIFIABLE OR DE-INDENTIFIED INFORMATION or LIMITED DATA SETS. PHI may be disclosed under the requirements and protocols described in UNIDENTIFIABLE OR DE-INDENTIFIED INFORMATION or LIMITED DATA SETS.

Violations and Penalties All violations of this directive must be reported to the applicable person's supervisor. DMH employees who make an unauthorized disclosure of PHI, or otherwise violate provisions of this Directive, are subject to disciplinary action in accordance with the DMH Employee Discipline Directive. Further, South Carolina law provides for penalties for the unauthorized disclosure of PHI up to one year imprisonment and/or a fine of up to $500. Federal law provides for penalties of $100 per incident up to $250,000 and ten years in prison. Unauthorized use or disclosure of PHI may also subject the employee to additional civil or criminal liability. All violations of this directive must be reported to the applicable person's supervisor. DMH employees who make an unauthorized disclosure of PHI, or otherwise violate provisions of this Directive, are subject to disciplinary action in accordance with the DMH Employee Discipline Directive. Further, South Carolina law provides for penalties for the unauthorized disclosure of PHI up to one year imprisonment and/or a fine of up to $500. Federal law provides for penalties of $100 per incident up to $250,000 and ten years in prison. Unauthorized use or disclosure of PHI may also subject the employee to additional civil or criminal liability.