Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Basic Training for Privacy and Information Security

Published byMagnus Parrish Modified over 6 years ago

Similar presentations

Presentation on theme: "HIPAA Basic Training for Privacy and Information Security"— Presentation transcript:

1 HIPAA Basic Training for Privacy and Information Security
Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic Training

2 Vanderbilt Credo Behavior
“We treat others as we wish to be treated” Vanderbilt Credo Behavior “I respect privacy and confidentiality” The Vanderbilt Credo states: “We treat patients and each other as we wish to be treated” Because Protecting a patient’s privacy is so important Vanderbilt has addressed it in one of the Credo Behaviors. “I respect privacy and confidentiality” Remember: Protecting our patients’ privacy and safeguarding their health information is YOUR responsibility and its “the right thing to do”.

3 What is HIPAA? What Does HIPAA Do?
Health Insurance Portability and Accountability Act of 1996 What Does HIPAA Do? Limits how we use and share patient information Gives patients more control over their information Protects the integrity, availability and confidentiality of patient information Defines violation penalties What is HIPAA? Health Insurance Portability and Accountability Act of 1996 HIPAA makes YOU accountable for managing and protecting patient health information. What does HIPAA Do Limits how we use and share patient information and gives patients rights and control over their medical information It also Protects the integrity, availability and confidentiality of patient information Penalties, including fines of up to $250,000 and 10+ years of imprisonment

4 What is Protected under HIPAA?
Individually identifiable health information: That is collected from an individual, or That is created or received by A health care provider Employer Health insurer’s plan This information can be in any form: Written, verbal, or electronic What is Protected? Individually identifiable health information This information is either collected from an individual It is also information that is created or received by a healthcare provider, employer, health insurance plan This is information In any form: written, verbal, electronic

5 What is Protected under HIPAA?
Information pertaining to HIV, alcohol and drug treatment, psychotherapy notes, etc. have even more stringent protections.

6 Patient Rights HIPAA regulations provide individuals with certain rights that are reflected in VUMC policy. ALL Patients have the right to: Receive a Notice of Privacy Practices that describes how we use and share their information Review and obtain copies of their medical and financial records Request amendments to their medical record if they believe information is incorrect or missing. At Vanderbilt we want to ensure that our patients know they have the right to: Receive a Notice of Privacy Practices that describes how we use and share their information Review and obtain copies of their medical and financial records Request amendments to their medical record if they believe information is incorrect

7 Sharing Patient Information
You must obtain patient authorization except in the following circumstances: Treatment (physicians involved with care, family members involved in patient’s care, etc.) Payment (insurance companies, other third parties) Administrative functions (QI, financial analysis, educational or training activities Other specific exceptions (required by law, Department of Public Health) Patient information may be shared without special written permission for the purposes of: Treatment (Ex. referring physicians, family members involved in the patient’s care, etc..) Payment (Ex. insurance companies or other third parties) Healthcare Operations (Ex. quality improvement, financial analysis, educational or training activities) Other specific exceptions (Ex. required by law, Department of Public Health)

8 Protecting the Privacy of Patient Information
Only share patient information with other faculty and staff who need the information to do their job. Avoid accessing a patient’s record unless you need to do so for your job or you have written permission from the patient. You can however access the record of YOUR minor children and your own personal record. You are not allowed to access the record of your co-worker, spouse, or family member unless there is written authorization in the patient’s record.

9 Key Information Security Practices
Passwords & Electronic Signatures Logging Off/Locking Computers Files Passwords Web sites Privacy is only one avenue to protecting patient information Protecting a patient’s privacy would not be possible without implementing appropriate security policies and procedures This would include: Passwords and Electronic Signatures Logging Off Computers and

10 Passwords and Electronic Signatures
Some Do’s related to passwords and electronic signatures. DO choose ones that you can remember DO remember that the longer they are, the better DO use numbers, uppercase and lowercase letters, and special symbols to create them, where allowed Some Do’s and Don’ts related to passwords and electronic signatures: DO choose ones that you can remember Do remember that the longer they are, the better DO use numbers, uppercase and lowercase letters, and special symbols to create them where allowed (Just and FYI some systems do not allow symbols to be used in password construction). DO NOT write them down DO NOT share them with anyone. DO NOT use words, names, or personal data (e.g., dogs name, husbands or kids birthday, or SSN)

11 Passwords and Electronic Signatures
Some Don’ts related to passwords and electronic signatures. DO NOT share them with anyone DO NOT write them down where others can see them or store them where others can access them DO NOT use words, names, or personal data others may guess, such as the name of your pet.

12 If you need to walk away from a computer you are using, always:
Logging Off Computers If you need to walk away from a computer you are using, always: Log Off OR\ Lock the computer screen Logging Off When using a computer if you need to walk away you must: Log Off OR Hold down CTRL+ALT and press DELETE then select “Lock Computer” from the pop-up screen This is important so that others cannot use the computer under your user-id and gain access to information they may not be authorized to view. Or document in the medical record under your user-id

13 sent over the Internet is generally unencrypted and not secure. Find alternative ways to communicate confidential information (e.g., encryption, MyHealthAtVanderbilt, password protected files, VPN) Limit the amount of patient information. Beware of Attachments! is an important part of how we do business at Vanderbilt, however, many privacy & security risks exist with its use. You therefore need to be aware of these best practices when using . sent external to Vanderbilt (over the Internet) is not secure. Find alternative ways to communicate confidential information (e.g., encryption, MyHealthatVanderbilt, password protected files, VPN client) Limit the amount of patient information included in internal s to the minimum necessary. Be cautious when opening attachments. Consider if it is from someone you know and trust? Does it look suspicious or odd?

14 Auditing The Privacy Office conducts audits daily on the medical records of employees who come to the hospital to monitor for inappropriate access. Audits are also conducted whenever a patient suspects that their medical record may have been inappropriately accessed. Note that 50% of you may show up in an audit…make sure that if your name appears that you have accessed that record because you needed to do so in order to fulfill your job duties, or you had written permission from the patient and it is in the patients record.

15 Sanctions for Privacy and Information Security Violations
VUMC considers it a serious incident anytime that a privacy or security violation occurs. HIPAA requires that we monitor information system activity which assists in identifying violations and that we document all incidents. Disciplinary/corrective action ranges from training/counseling to termination. VUMC considers it a serious incident anytime that a privacy or security violation occurs. HIPAA requires that we monitor information system activity and that we document all incidents. And there is a tracking system in place the monitors every time someone access a patients medical record. Disciplinary/corrective action ranges from training/counseling to termination. Unfortunately every year someone at VUMC is terminated due to committing this type of violation.

16 What Should Be Reported?
Privacy and Security Violations: Looking at someone else’s confidential data Paperwork with patient information lying around unattended Sharing passwords or electronic signatures or the use of another employee’s password or electronic signature What Should be reported? If you witness the following privacy and information security violations: You should report : Persons looking at someone else’s confidential data. Paper work with patient information lying around unattended. (Shuttle bus, cafeteria, bathroom, Eskind Library etc.) Sharing of passwords or electronic signatures or using someone else’s password or electronic signature

17 Contact One of the Following to Report Privacy & Information Security Incidents
Privacy Office ( ) or Help Desk 343-HELP ( ) Compliance Reporting Line ( ) Always forward Patient privacy complaints to Patient Affairs ( ) or the Privacy Office. Your manager Contact one of the following to Report Privacy & Information Security Incidents Privacy Office ( ) or Help Desk ( ). Compliance Reporting Line ( ) Your manager Always forward Patient privacy complaints to Patient Affairs ( ) or the Privacy Office.

18 The Bottom Line Consider the patient’s perspective and give them control over how their information is used. Avoid situations in which the patient would object to how their information was used or shared. Implement appropriate security measures to maintain the integrity of patient data, ensure its availability, and keep it confidential. Be familiar with Vanderbilt’s privacy & information security policies at: On page 4 of the hearts & minds booklet there is a table that list some of the privacy risks that you will encounter and approaches to reduce the risk. Remember any questions that you have pertaining to Privacy can be found at the HIPAA website (listed on page 4 also or by calling the privacy office

19 Final Instructions To complete the training you must print off the HIPAA Test and submit it to the manager in your department for filing in your personnel file. Any questions related to this training may be submitted to the Privacy Office at or call

Download ppt "HIPAA Basic Training for Privacy and Information Security"

Similar presentations

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
And the finer details of patient privacy TCH Confidential Understanding HIPAA.

And the finer details of patient privacy TCH Confidential Understanding HIPAA.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Similar presentations

Ads by Google