Mandatory hipaa training
1 / 18

Mandatory HIPAA Training - PowerPoint PPT Presentation

  • Updated On :

Mandatory HIPAA Training. An overview of the policies and procedures developed and implemented by Your Organization to address the HIPAA Privacy Rule. What is the HIPAA Privacy Rule?. Enacted in Aug.1996 to assure privacy and security of health information

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Mandatory HIPAA Training' - diamond

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Mandatory hipaa training l.jpg

Mandatory HIPAA Training

An overview of the policies and procedures developed and implemented by

Your Organization to address the

HIPAA Privacy Rule

What is the hipaa privacy rule l.jpg
What is the HIPAA Privacy Rule?

  • Enacted in Aug.1996 to assure privacy and security of health information

  • Mandatory for all health care providers, health plans and health clearinghouses

  • Clearly identifies the rights of the “patient” regarding their protected health information (PHI)

  • Forces providers to take measures to handle PHI in a secure manner

Plan for this training session l.jpg
Plan for this training session

  • Look at the “Notice of Privacy Practices” and the rights it affords each “patient”

  • Learn about the policies and procedures that have been developed

  • Explain the revised procedures you will be following

  • Demonstrate that you understand

Notice of privacy practices a patient has the right to l.jpg
Notice of Privacy Practices a “Patient” has the RIGHT to:

  • Request restriction on use or disclosure of PHI

  • Request to receive information by an alternate means or location

  • Access their PHI

  • Request amendments to their PHI

  • Receive and accounting of disclosures of PHI

  • Receive a copy of the “Notice of Privacy Practices”

  • File complaints regarding improper use or disclosure of PHI

Understanding the lingo l.jpg
Understanding the lingo

  • HIPAA – The Standards for Privacy of Individually Identifiable Health Information

  • PHI – Protected Health Information

  • TPO – Treatment, Payment, Operation

  • Consent – given by “patient” to use PHI for TPO

  • Authorization – given by “patient” to use/disclose PHI for any other reason

More lingo l.jpg
More lingo

  • Minimum necessary – disclosure of no more PHI than necessary for any given situation

  • Privacy Officer-person identified by organization to assure that all HIPAA policies and procedures are followed , rules on requests made by a “patient”, addresses any complaints filed (Gary Carone is our Privacy officer- Vivienne Manwaring is our Privacy consultant)

Hipaa policy manual l.jpg
HIPAA Policy Manual

  • Manual of actual policies available in hard copy at each location and also on the computer

  • Arranged into 8 sections for easy use

  • Should be consulted if there is any question of how to handle a situation concerning PHI

  • Policies contain attachments of corresponding forms

  • Everyone is responsible to be knowledgeable about these policies

Section i consumer client rights l.jpg
Section I – Consumer/client Rights

  • 13 policies beginning with “Consumer/client Privacy Rights”

  • Provide procedures to handle requests made or complaints files by service partners

  • Provide attachments of the various forms used to exercise rights and file complaints

Section ii use and disclosure by psychsystems l.jpg
Section II –Use and Disclosure by PsychSystems

  • 4 policies beginning with the “General Policy on Use and Disclosure of PHI”

  • Addresses Minimum Necessary requirement

  • Accounting of Disclosures

  • Psychotherapy notes CAN NOT be disclosed to a consumer/client

Section iii business associates l.jpg
Section III – Business Associates

  • Only one policy

  • Deals with any outside organization, agency or company that provides any treatment or non-treatment service for your organization that has access to PHI

Section iv storage disposal safeguards and protection of phi l.jpg
Section IV – Storage, Disposal, Safeguards and Protection of PHI

  • 11 policies that focus on day to day use of PHI

  • Procedures that will be uses on a day to day basis by all employees

  • Several procedures that might be new

  • Practices to tighten up how records are stored when not in use

  • How PHI is copied and the use of the copy machine

Slide12 l.jpg

  • How to dispose of PHI – including personal notes, extra copies, old records etc.

  • De-identification of all material that is discarded

  • How to send a fax

  • How to handle PHI when away from the office

  • Verification of persons/agencies requesting PHI

  • What PHI a staff has access to

  • Completing and maintaining forms containing signatures

Section v information systems l.jpg
Section V – Information Systems copies, old records etc.

  • Contains 3 policies

  • Deal with computer passwords, data classification for access, modification and deletion and development of Role Based Access for information

Section vi handling violations l.jpg
Section VI – Handling Violations copies, old records etc.

  • 3 policies

  • Strict enforcement, sanctions and penalties for violations of privacy, up to and including dismissal

  • Everyone will sign a “statement of Understanding Privacy Policies”

  • Agency will do whatever possible to mitigate harmful effects of violations

  • There will be no retaliation for reporting violations

Section vii organizational uses of phi l.jpg
Section VII- Organizational Uses of PHI copies, old records etc.

  • 3 policies

  • Defines that PHI cannot be used for marketing or fundraising

  • Identifies what PHI can be used in facility directories

Section viii uses and disclosures of phi outside your organization l.jpg
Section VIII- copies, old records etc.Uses and Disclosures of PHI Outside Your Organization

  • 5 policies

  • There are some governmental, judicial, public health and safety and Health and Human Service needs for PHI that do not require authorization

Slide17 l.jpg

TIME TO SHOW YOU UNDERSTAND! copies, old records etc.

The test please print slide 18 only complete and submit to psychsystems l.jpg
The test- please, print (slide 18 ONLY), complete and submit to PsychSystems

  • Name ___________________________ID # ______________ Date: _______________

  • Concerning the handling of individual records. Check all that apply:

  • ___ A) Records cannot be taken from the office for any reason

  • ___ B) Records are considered to be safe as long as they are some place within our agency offices)

  • ___ C) File cabinets need only be locked at night

  • ___ D) PHI should never be discussed in a public area of the building

  • True or False

  • ___ It is acceptable to make as many copies of documents containing PHI as I want

  • ___ Extra copies containing PHI must be de-identified or shredded

  • ___ I may not leave the copy machine unattended when making copies that contain PHI

  • ___ Our HIPAA policies are available ion the web site

  • ___ By completing this training I know ALL I need to know to assure that HIPAA policies are

  • followed.

  • There is a Privacy Officer for each agency location.

  • Who is the primary Privacy Officer for our agency?________________________________

  • True or False

  • ___ I am responsible to report any situations I believe to be a violation of HIPPA or agency

  • policies.

  • ___ It is possible to be dismissed from my job if I violate the Privacy Policies

  • ___ Consumers/clients can only file a complaint of a violation of their privacy with our agency.

  • ___ Our agency cannot take retaliation against anyone who reports a privacy violation.

  • Check all that apply

  • If a consumer/client makes a request to exercise one of his/her Privacy Rights, I will:

  • ___ Immediately grant his/her verbal request

  • ___ Provide him/her with the appropriate form on which to make the request

  • ___ Give the form to my supervisor

  • ___ Place the original request form in the record when the action is complete