Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA Privacy and security checklist Can you say YES to each of the following statements.

Similar presentations


Presentation on theme: "HIPAA Privacy and security checklist Can you say YES to each of the following statements."— Presentation transcript:

1 HIPAA Privacy and security checklist Can you say YES to each of the following statements

2 HIPAA MYTHS  MYTH: HIPAA is a Technology issue  FALSE: HIPAA is a business issue. HIPAA will have significant impact on the whole organization, including healthcare providers, clerks, admitting staff, billing staff, etc.  To imply that it is a technology issue ignores the main reason behind the accountability aspect of HIPAA, to protect patient’s identifiable information against fraud, abuse, and unwanted disclosure.

3 HIPAA MYTHS  MYTH: Patient’s are entitled to free copies of their records  Not completely. Patient’s are able to view and obtain copies of their records, but the law specifically allows healthcare providers to impose a reasonable, cost-based fee for certain services, provided that the fee includes only the cost of: (1) Copying, including the cost of supplies for and labor of copying (2) Postage, when the patient request that the information be mailed (3) Preparation and explanation or summary of the protected health information.

4 HIPAA MYTHS  HIPAA will eliminate the use of sign-in sheets in Physician’s offices.  FALSE: The original intent of the low was NOT to eliminate sign-in sheets, but to protect the privacy of patients. You can still use sign-in sheets, but the information provided on the sign-in sheets must be limited to name, date, and time signing-in or signing-out.

5 HIPAA MYTHS  MYTH: Patient’s must sign a new consent for each office visit.  FALSE: Signed consent forms do NOT expire. A healthcare provider must retain the signed consent for at least 6 years from the date it was last in effect. A new consent is required if the patient previously revoked his/her consent. The revocation should be in writing.

6 HIPAA MYTHS  MYTH: HIPAA will prohibit the use of FAXES containing protected health information.  FALSE: You can still fax protected health information, but be sure that a fax/email disclaimer precedes all of your faxes.

7 HIPAA MYTHS  MYTH: Health care providers would have to keep track of everyone who received medical information from them.  FALSE: Healthcare providers will only be required to track the sharing of health information with someone outside of an organization.

8 HIPAA  What do I do if my files are hanging on the wall where people can see them?  1. Turn the file around  2. Purchase covers for the wall holders  3. Keep wall holders inside the room  4. Place stickers on the front of the files that say “confidential”.

9 HIPAA  What if I have open-shelved filing?  1. Make sure that the area is secure at all times. Do not allow anyone other than authorized personnel in the area, if possible.  2. Place stickers on the shelves that say “confidential”.  3. As you work with your files on a daily basis, check for either a confidential stamp or sticker. If absent, mark it confidential as you go. Do not go back to past files, make “stickering” them confidential as a part of your daily routine.

10 HIPAA  QUICK TIPS  1. Never walk away from an open file drawer. Lock after each use.  2. Keep all files away from easy view. Do not keep files laying around with visible PHI.  3. Mark all filing cabinets, files, etc. “confidential”.

11 HIPAA  QUICK TIPS  Phone messages on patient’s answering machines. HIPAA is concerned with protecting your patient’s privacy. One of the easiest ways to violate a patient’s privacy is by exposing PHI on answering machines.

12 HIPAA  QUICK TIPS  WHAT ARE THE RISKS?  1. The risk is that a family member, friend, or other could overhear or receive the message.  2. The risk that the message could be left at the wrong number is also very crucial.  3. The receiver might hear information that the patient does not want to be exposed.

13 HIPAA  QUICK TIPS  INFORMATION TO AVOID  1. Laboratory and test results  2. Any information that links the patient’s name to the medical condition.  3. The type of clinic or specialist the patient is seeing.  4. Personal information (ex: HIV, psychotherapy, substance abuse, pregnancy, etc.)

14 HIPAA  QUICK TIPS  1. Reminders of appointments are OK.  2. Train your employees on a set policy  3. Ask the patient if they would prefer a separate phone line(cell phone, etc.) for follow-up calls. Get it in writing  4. Always use good judgment on the type of messages that you leave.

15 HOW AND WHEN TO EXECUTE HIPAA AUDITS AND TRAINING SIMPLE GUIDELINES

16 AUDITS AND TRAINING  1. Complete an audit at least twice a year. Pull at least five files for your audits.  2. Follow the easy questions on your audit sheet, under the “audit” label in your manual, and compare to the file you are working with.  3. Assign a responsible employee to complete this task. It does not have to be a member of your compliance committee.  4. When finished, document your audit by filing it in your HIPAA Compliance Plan and Manual

17 AUDITS AND TRAINING  5. Complete audits at least every quarter  6. Your training sessions should be held at least twice a year. Please have every employee sign an employee compliance training log for these training sessions and place it in the signed training section of your HIPAA Compliance Plan and Manual.  REMEMBER, YOUR HIPAA MANUAL IS INSUFFICIENT IF YOU DO NOT CONTINOUSLY UPDATE, TRAIN, AND AUDIT.  IT IS UP TO YOU TO STAY IN COMPLIANCE WITH HIPAA.

18 HIPAA  1. Except for the patient’s name, confidential patient information is not called out into the waiting room  2. Release of confidential patient information is done ONLY by staff specifically authorized to do so.  3.  Confidential patient information is not left on an unattended printer, photocopier, or fax machine unless these devices are in a secure area. Physical access to fax machines and printers is limited to authorized staff.  4. Staff does not discuss confidential patient information among themselves in public areas.

19 HIPAA  5. Conversations with the patient/family regarding confidential patient information are not held in public areas.  6. Overhead and intercom announcements do not include confidential patient information.  7. Phone conversations and dictation are in areas where confidential patient information cannot be overheard.  8. Computer monitors are positioned away from public view, to avoid observation by visitors.  9. Confidential patient information is discarded in the appropriate secure container or shredded.

20 HIPAA  10. Screens of unattended computers are returned to the logon screen or have a password enabled screen saver. Staff understands their ID and password are confidential and never shares them, or the use of their workstation while logged in.  11. On desks in public areas, chart holders or nurse’s stations, documents with confidential patient information are face down or concealed, avoiding observation by patient’s or visitors.  12. Paper records and medical charts are stored or filed in such a way as to avoid observation by patient’s or visitors, or casual access by unauthorized staff.

21 HIPAA  13. Answering machines volume is turned down so information being left cannot be overheard by other staff or visitors. Voice mail passwords are not the default settings, or the last four digits of your phone number.  14. Patient lists, including scheduled procedures, with information beyond room assignments are not readily visible by patients or visitors.  15. Staff feel comfortable, and obligated, to report misuse of confidential patient information to their supervisor, knowing there will be no retaliation.  16. All supervisors regularly review institutional policies that are applicable for their work assignments with their staff, to insure that current practices and procedures protect patient privacy.

22 HIPAA  17. Only authorized staff has access to confidential patient information, and they access and use only the minimum amount necessary to accomplish their duties. All staff wear the appropriate nametag at all times.  18. For units that are not staffed 24 hours, patient records are filed in locking storage cabinets or rooms that are locked.  19. Visitors and patients are appropriately escorted to ensure they do not access staff areas, dictating rooms, chart storage, etc. Those persons not recognized in restricted areas, are challenged for identification.


Download ppt "HIPAA Privacy and security checklist Can you say YES to each of the following statements."

Similar presentations


Ads by Google