Download presentation
Presentation is loading. Please wait.
Published byJunior Nichols Modified over 9 years ago
1
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security
2
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Privacy, Confidentiality, and Security 1. Discuss privacy as both a philosophic and legal concept. 2. Explore the history and scope of HIPAA. 3. List the four implementation specifications required by the administrative safeguards outlined in the HIPAA Security Rule, and explore ways in which they might apply to a small to medium-size medical practice. 4. Assess and complete forms related to patient privacy and security in the electronic health record (EHR). 2 Lesson 3.1
3
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Privacy, Confidentiality, and Security 5. Become familiar with patients' rights under HIPAA, and explore how they affect the EHR. 6. Identify organizations aimed at securing EHR systems. 7. Identify who is allowed access to the information in a patient's EHR and under what circumstances. 8. Describe the role of consumer reporting agencies and prescription database tools, and explain how they are regulated. 9. Discuss ways patients can protect their health information. 3 Lesson 3.1
4
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. What Is Privacy? Ethics Set of the rules and standards of conduct that grow out of our shared understanding of right and wrong and govern our professional behavior Laws Formal, enforceable rules and policies based on community standards of conduct Privacy Patient’s freedom to determine when, how much, and under what circumstances his or her medical information may be disclosed 4
5
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Confidential versus Anonymous Confidentiality Refers to how the recipient of the information handles information that a patient does not wish to share Anonymity Information cannot be linked back to the patient Example: Performing lab tests using an ID number instead of a patient name 5
6
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Health Insurance Portability & Accountability Act Privacy Rule Security Rule Portability of insurance 6
7
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Privacy Rule Establishes privacy standards for use of IIHI Helps patients control ways their health information is disclosed Requires disclosure of health information to be logged 7
8
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Disclosures Documentation Patients are permitted to request a log of disclosures of their PHI, which must include the following for each disclosure: The date of the disclosure The name and address, if known, of the entity or person who received the IIHI A description of the IIHI disclosed An explanation of the purpose of the disclosure or a copy of the patient’s written authorization A copy of a written request for a disclosure 8
9
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Disclosures Documentation (Cont.) Entities/providers are required to: Distribute NPP Designate a privacy officer Provider authorization forms for release of PHI Implement policies to protect PHI Develop procedures for correcting errors in the EHR Provide privacy training for staff 9
10
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Covered Entities and Business Associates Healthcare provider Health plan Healthcare clearinghouse 10
11
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Minimum Necessary Standard When a covered entity makes an allowed disclosure, it should include only a minimum necessary amount of information to accomplish the purpose 11
12
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Consent Individual choice principle Patients should have a reasonable opportunity to make informed decisions about the collection, use, and disclosure of their PHI In order for records to be released, an authorization form must be completed 12
13
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Authorization Forms 13
14
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Security Rule The HIPAA Security Rule gives each covered entity four broad goals to meet: Protect the integrity and confidentiality of electronic healthcare information created, received, maintained, or transmitted Shield against anticipated security threats Shelter PHI against unauthorized use and disclosure Ensure that all employees comply with the provisions of the Security Rule 14
15
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Security Safeguards in the Medical Practice Designed to avert security breaches Provide contingency plans Safeguards fall into three areas: Administrative Physical Technical 15
16
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Administrative Safeguards Four implementation specifications: Risk analysis Risk management Sanction (penalties) policy Information system activity review 16
17
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Physical Safeguards Ensure security of: Electronic data Buildings Equipment Sample methods: Screen saver Login and password 17
18
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Tips for Choosing a Strong Password 18
19
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Technical Safeguards Performed to protect and control access of technology Controlled access of employees Automatic logoff Encryption Decryption 19
20
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Assigning Employee Privileges 20
21
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Designing Auditing Procedures Systems link a person’s username to reveal an electronic breadcrumb trail Required as part of security procedures 21
22
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Patient's Rights Under HIPAA View or receive copies Have inaccurate information corrected Receive NPP Opt out of sharing certain information Have certain information withheld from certain payers Receive list of disclosures File a complaint 22
23
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. The Office for Civil Rights Complaint Process 23
24
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Other Security Initiatives The Certification Commission for Healthcare Information Technology (CCHIT) accelerates EHR certifications for: EHRs for office-based ambulatory care providers and specialists (particularly cardiovascular and emergency medicine) Inpatient EHRs Health networks that exchange EHR data EHRs within specific populations (such as behavioral health) in a range of care settings 24
25
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Access to Protected Health Information Financial institutions Insurance companies Government agencies Consumer reporting Medical Information Bureau Prescription database Schools Employers Family and friends Internet communities Researchers Direct marketing firms 25
26
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. How Can Patients Protect Themselves? Review medical, dental, and prescription drug records for accuracy Request a disclosure log Request restrictions on disclosure of sensitive information Ask to receive correspondence at alternative locations Pay out-of-pocket Opt for online versus paper statements and read them carefully 26
27
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Questions? 27
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.