Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Published byKevin Holland Modified over 5 years ago

Similar presentations

Presentation on theme: "HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved."— Presentation transcript:

1 HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

2 The Security Rule Three Safeguards (security measures encompassing an information system) Administrative Protect through administrative actions Technical Protect and control access to information on computer systems Physical Prevent unauthorized use or disclosure due to physical events The Security Rule addresses only ePHI, due to technology standards. However, the guidelines should be applied to all PHI. Administrative, Technical, and Physical safeguards are all part of the Security Rule Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

3 ePHI – What does that mean?
Electronically protected health information Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

4 Why should I care about ePHI and the Security Rule?
If you work in a medical facility, confidentiality and security must be followed at all times to prevent unauthorized disclosure of ePHI. Do you remember ? What is ePHI ? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

5 Administrative Safeguards
Prevents unauthorized use or disclosure of PHI through administrative actions. Examples: Employee physical access to PHI. Management of computer passwords. Limited access to employees on a need to know basis. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

6 Pair and Share- Review Discuss with your partner the following questions: 1- What are the 3 safeguards for the security rule ? 2- Why are administrative safeguards important ? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

7 Internal Audits To review who has access to PHI, and ensure that there
are no inappropriate or accidental access to patient records. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

8 Risk Analysis Each organization must
evaluate their vulnerable areas associated with security and privacy. Reasonable safeguards must be implemented to protect against known risks. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

9 Employee Confidentiality Statement
Upon employment in a medical facility, employees will need to sign a statement they will comply with all HIPAA regulations (including the security rule), and keep all patient information confidential. REMEMBER, OUR LIPS ARE SEALED ! Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

10 Employee Confidentiality Statement Form
Fig. 2-5, p. 33. In most healthcare facilities, employees will need to sign a confidentiality statement as part of the hiring process. Don’t discuss a patient with acquaintances. Don’t leave confidential information exposed. Don’t leave confidential information visible on a computer screen. Properly dispose of notes/paper/memos by shredding. Be careful to remove original documents from the photocopier. Use common sense and follow confidentiality guidelines. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

11 Technical Safeguards Technological controls in place to protect and control access to information on computers in the health care industry. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

12 Examples of Technical Safeguards for ePHI
Limited access to patient PHI on a need to know basis. Audit controls- Changing passwords, deleting user accounts. Automatic logoffs – Prevents unauthorized users from accessing patient information. Unique identifier or “username” and an unshared password to log in. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

13 Pair and Share- Review Lets discuss some safeguards you use now to protect your information ? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

14 Physical Safeguards Media and equipment controls- Covers how the facility handles retention, removal, and disposal of paper records. This includes recycling of computers and software programs containing PHI. Limited access to unauthorized areas where equipment and medical charts are stored. Examples of information to be shredded ? Who should have the key? Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

15 Physical Safeguards, cont.
Secure workstations to minimize unauthorized viewing of PHI. Password protected screen savers are in use when computers are left unattended. Don’t let others know your passwords ! Protect those files ! Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

16 Privacy Rule Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

17 Responsibilities of Protecting Patient Rights
Privacy Rules: Patients’ Rights Under HIPAA Right to Notice of Privacy Practices (NPP) Right to request restrictions on certain uses and disclosures of PHI Right to request confidential communications Right to access (inspect and obtain a copy) PHI Right to request an amendment of PHI Right to receive an accounting of disclosures of PHI Never discuss patient information with anyone other than the physician, insurance company, and authorized individual. An NPP is tailored to each organization and every patient must have access to it. Refer to the Policy and Procedures manual for clarification when disclosures are permissible. (See Box 2.5, p. 35, for more information.) What information do patients NOT have access to? (Psychotherapy notes, information for legal proceedings, information exempted from disclosure under CLIA) Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

18 The Privacy Rule –What is it ?
Confidential Information Employees are responsible for maintaining the confidentiality of patients’ protected health information (PHI) Certain information or communications are excepted from the HIPAA rule- Covered in HIPAA lesson. Breach of confidential communication Considered a HIPAA violation See Box 2.2 (p. 31) for PHI examples. Confidentiality is automatically waived in some circumstances. See p. 32 in the textbook. Explain why the breach of confidential communication is considered a HIPAA violation. (HIPAA requires that PHI be kept confidential, so unauthorized release of PHI is considered a violation.) Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

19 The Privacy Rule (cont’d.)
Privileged Information Relates to the patient’s treatment and progress Patient must sign an authorization to release this information Nonprivileged Information Ordinary facts unrelated to the patient’s treatment Example: Name, address, insurance information, etc Patient’s authorization is not needed for most information Information is disclosed on a legitimate need-to- know basis Privileged information is related to treatment of the patient, and nonpriviledged information is unrelated to treatment of the patient. Nonprivileged information does not need an authorization form, but is released only on a need-to-know basis. Explain what the patient must do in order to authorize the release of privileged information. (sign an authorization to release the information or selected facts from the medical record) Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

20 Pair and Share - Review Discuss with your partner the following:
1- Name 3 patient rights under HIPAA. 2- What is breach of confidential communication mean ? 3- Name one example of privileged information, and one example of non- privileged information. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

21 Compliance Program –Why should there be one ?
Compliance Plan Internal monitoring and auditing Implementing compliance and practice standards Designate a compliance officer-All facilities should have one. Training and education-Ongoing Responding to offenses and developing corrective action. Open lines of communication Enforcing disciplinary standards A P&P will set out a compliance plan that complies with HIPAA standards. Reasonable safeguards should be outlined in the P&P and permissible incidental uses and disclosures should be identified as the plan is put into action. A well-designed compliance plan will improve efficiency, minimize mistakes, and reduce the likelihood of an OIG audit. Mitigating risk is the most important result of a good compliance plan. Always have a contact for the compliance plan. Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Download ppt "HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved."

Similar presentations

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
System Security & Patient Confidentiality General Lesson 1.

System Security & Patient Confidentiality General Lesson 1.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.

HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.

Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Similar presentations

Ads by Google