Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy and Security

Published byOsborne Martin Modified over 6 years ago

Similar presentations

Presentation on theme: "HIPAA Privacy and Security"— Presentation transcript:

1 HIPAA Privacy and Security
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides consumers with important privacy rights and protections with respect to their health information, including  important controls over how their health information is used and disclosed by health plans and health care providers.   See for more information about Health Information Privacy.

2 HIPAA Privacy Regulations apply to:
Clinical information Demographic information Financial and billing information Unique patient identifiers Health plan member benefit information All of the above is considered PHI (Protected Health Information). However, we must also protect: PII (Personally Identifiable Information) such as medical, educational, financial, and employment information Other Hospital information such as, Financial, Payroll, and Human Resource information Other types of sensitive information, including business proprietary, regulated and confidential

3 PHI is protected, no matter what form it is in or where it is held.
Mobile devices s or texts Faxes Computers Telephone conversations Personal face-to-face conversations Business Office records Post-It notes, if used to store PHI Medical records

4 Use and Disclosure of PHI
We may use PHI for treatment, payment, or health care operations without patient authorization. We may disclose PHI if required by law or for public health/health oversight, without patient authorization. In general, any use of PHI outside of these parameters requires authorization and permission of the patient. Questions? Consult our HIPAA Privacy Officer or HIPAA Security Officer for clarification on use and disclosure of PHI related to your job responsibilities.

5 Minimum Necessary Requirements
HIPAA allows us to use only the minimum necessary PHI we need to do our jobs. HIPAA allows us to disclose or request only the minimal amount of PHI needed to address the purpose of the request or disclosure.

6 Verification of Identity and Authority Required
PHI should never be released without proper identification and authorization. Consult your manager if you have questions about releasing PHI.

7 What You Can and Cannot Access
You may only access information that is directly related to your job performance. Outside of your job responsibilities, you cannot access information. For example, you may have access to patient information, but you cannot access that information out of curiosity, such as checking to see the condition of a neighbor admitted to the hospital. You cannot access your own medical information or medical information of your family, even if they have asked you to. The Hospital acknowledges you have a legal right to access your medical information as a patient of the Hospital. To access your medical information or the medical information of a family member, you must submit a request to the Health Information Management Department after signing an authorization form. Failure to follow this process will result in a HIPAA investigation.

8 We safeguard PHI by following these protocols:
Locking our computer workstation when we step away and Logging Off at the end of our shift Using Individual logon IDs and passwords and NEVER sharing IDs and passwords Never texting PHI which is a blatant breach of Privacy Protecting the privacy of verbal discussions which include PHI Not discussing PHI with coworkers or other individuals, except for purposes of carrying out job responsibilities Taking steps to ensure observable PHI is shielded from view of unauthorized individuals Never storing documents with PHI on our Desktop Using designated shred bins to dispose of PHI/confidential information Contacting the I.T. Department to appropriately dispose of CDs/other electronic media with confidential information

9 Password Management You are responsible for all activity that occurs under your logon. Do not share your user ID or password with anyone! Pick passwords that are difficult to guess, but easy to remember. Your password should be at least 8 characters and complex with a mixture of upper and lower case alphabetic characters, numbers, and special characters (such as &, Change your password immediately if it has been disclosed.

10 Encrypt Emails with PHI
MHfS uses Zix encryption technology to protect communications with PHI. 1) Encrypt when sending sensitive or protected information such as: PHI (e.g., patient’s name, social security number, clinical information) PII (e.g., credit card number or employment information) 2) To encrypt , include the word ‘zsecure’ in the Subject Line Example of Subject Line: zsecure Equipment Request Form There must always be a blank space before or after ‘zsecure’ 3) Do not include sensitive or PHI in the Subject Line, such as a patient’s name. Refer to the ‘Encrypted FAQ’ or ask your supervisor if you have questions.

11 Faxing PHI Faxing PHI is an area where information security can be easily compromised if basic rules are not followed. Use an approved MHfS fax cover sheet. Verify fax number before sending. Use preprogrammed fax numbers when available. Confirm fax was received and number of pages received. Only send the PHI needed; do not send additional information. If fax is sent to the wrong number, report in the web-based hospital incident reporting system. This would be a HIPAA breach.

12 Social Engineers Pose Our Biggest Threat to Information/Network Security
Examples of social engineering: Tailgating: How many times have you heard, ‘Can you hold the door for me?’ Even if you’ve never seen that person before, you assume they work in your building and let them in. Remember, all MHfS employees have a badge and all approved vendors must get a badge from Materials Management (our safety gatekeepers) before going anywhere in the Hospital. Phishing: Avoid phishing attacks by NOT opening attachments or links from unfamiliar senders and/or websites. Pretexting: A fraudulent technique where an impersonator invents a scenario using prior knowledge or information in an attempt to gain more information.

13 Reporting HIPAA Privacy or Security Issues or Violations
HIPAA Privacy or Security issues or violations should be reported using the web-based hospital incident reporting system. You should also contact your supervisor and one of the following: HIPAA Privacy Officer HIPAA Security Officer If you suspect a security breach of electronic PHI or if your computer has been hacked into, immediately notify your supervisor and the I.T. Department. Signs that your computer has been hacked into include: Fake antivirus messages Random and frequent pop-ups People in your address list receive fake s from you Programs and files won’t work or open

Download ppt "HIPAA Privacy and Security"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.

HIPAA 101 Education. WHAT IS HIPAA??? WHAT IS HIPAA? The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.

HEAVEN’S HANDS COMMUNITY SERVICE H.I.P.A.A. What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, which was passed.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

Similar presentations

Ads by Google