3.04 HIPAA Compliant Employee Sanctions: A Fair and Objective Approach Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation.

Slides:

Advertisements

Similar presentations

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

Advertisements

Privacy and Information Security Training ( ) VUMC Privacy Website

HIPAA Training: Health Insurance Portability and Accountability Act.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

The Health Insurance Portability and Accountability Act - HIPAA

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

Confidentiality and HIPAA

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

LMC WHAT IS HIPAA AND HOW TO COMPLY WITH IT? Health Insurance Portability and Accountability Act of 1996.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Page 1 of 16 DMC HIPAA Privacy and Security DMC’S COMMITMENT TO COMPLIANCE: HIPAA PRIVACY and SECURITY DMC Corporate Audit and Compliance Department Detroit.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

Health Insurance Portability and Accountability Act

HIPAA Health Insurance Portability and Accountability Act.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

NAU HIPAA Awareness Training

Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

Electronic Health Records Danielle P. Berthelot, RHIA Director, Health Information Management and Cancer Registry Privacy Officer Woman’s Hospital.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security Kay Carolin Barbara Ann Karmanos Cancer Center March 2009.

HIPAA PRIVACY AND SECURITY AWARENESS.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.

INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,

Group 3 Angela, Rachael, Misty, Kayelee, and Krysta.

Children’s Hospital Requirements for Remote Access.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Why Respect Privacy and Confidentiality? Access to Confidential Information (OP ) Protection and Security of Protected Health Information (OP.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

HIPAA Health Insurance Portability and Accountability Act of 1996.

1 HIPAA Updates and Reminders February Training Objectives What is the Omnibus Rule and what does it mean for you and PHD? What are the changes.

Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.

Table of Contents  Protect patients and their personal health information  Became law in 1996.

HIPAA Privacy What Every Staff Member Needs to Know.

Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Protecting PHI & PII 12/30/2017 6:45 AM

WHAT IS HIPAA AND HOW TO COMPLY WITH IT?

HIPAA Privacy & Security

WHAT IS HIPAA AND HOW TO COMPLY WITH IT?

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware.

Lesson 1  7 Basic Components of an Effective Compliance Plan

Drew Hunt Network Security Analyst Valley Medical Center

HIPAA Privacy & Security

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Corporate Compliance.

Lesson 3: Medical Records

HIPAA IX Summit - Security Workshop

Move this to online module slides 11-56

HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;

Presentation transcript:

3.04 HIPAA Compliant Employee Sanctions: A Fair and Objective Approach Frank Ruelas, MBA Director, Corporate Compliance Gila River Health Care Corporation Sacaton, Arizona Presenter:

“It's about time law enforcement got as organized as organized crime. - Rudolph W Giuliani Some views on enforcement… National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA 2

Maintains awareness Increases participation Aids decision making Deterrent effect Add Visibility to Enforcement Activities 3 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Equitable E-E-E-Essential Elements of the Sanctions Policy Education Enforcement Expedient 4 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

45 CFR (e)(1) 45 CFR (a)(1)(ii)(C) Applies to Privacy and Security Coordination aspects - Privacy Officer - Security Officer - Compliance Officer 5 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Key Point # 1: Define Violation Levels or Categories Level I Level II Level III Type I Type II Type III Group I Group II Group III 6 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Level I / Type I / Group I Lack of training Inexperience Accidental Unintentional No harm no foul Training Counseling 3 Strikes Model Cause or MotivationSanction Activity 7 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Level II / Type II / Group II Curiosity Concern Compassion Carelessness Documentation - Warning - Counseling Notice Admin leave Probationary Period Corrective Action Plan (CAP) Cause or MotivationSanction Activity 8 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Level III / Type III / Group III Malicious Intent Financial Gain Termination Cause or MotivationSanction Activity 9 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Key Point # 2: Identify Examples for Each Violation Level or Category 10 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Level I / Type I / Group I Clerical error Technical error Judgment error Possible themes Examples Originals left on copier or fax Unopened mail left unattended address error PHI sent to similar named patient PHI in conversation overheard Desk or work area left unsecured Computer files erased Computer temporary files not deleted Document not placed in shred bin Phone messages overheard Computer screen left unattended 11 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Level II / Type II / Group II Unauthorized Not job related Stealth mode Possible themes Examples Checking on patient condition Copying information as a favor Accessing patient test results Installing software Experimenting with computer Using someone else’s password Providing access to someone else Deleting information from network Not following policy or procedure 12 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Level III / Type III / Group III Disgruntled Theft Maliciousness Possible themes Examples Selling patient addresses e-Broadcasting patient info Intentionally altering PHI 13 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Key Point # 3: Link the Violation to the Sanction Activity and Provide Disciplinary Recommendation Provides a high level of objectivity Aids in achieving long term consistency “Surprise” factor is reduced (eliminated) 14 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Key Point # 4: Request and Document Activities Performed by Other Departments Identifies sanction “creep” Validates level of follow through Completes file 15 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Key Point # 5: Under development at print deadline, more to follow… 16 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA

Summary: Enforcement is a critical activity Sanctions should be applied consistently Remember that mistakes will happen and people learn from mistakes that they make 17 National HIPAA Summit XI: September 7, 2005 Frank Ruelas, MBA