Your Role in Corporate Compliance and HIPAA Confidentiality. Part I: Understanding Your Role in Corporate Compliance. What is Compliance?.
Any OSF Healthcare employee who has knowledge of any activity or behavior which is unethical, immoral or illegal must report this activity or observed behavior to his/her immediate supervisor or to the Director of Human Resources.
These are areas that are identified as a higher risk for potential fraud and abuse therefore require more frequent monitoring by the compliance department.
The Corporate Compliance Plan identifies employee obligations to government investigations, compliance chain of command and compliance plan discipline.
OSF Healthcare System
HIPAA stands for:
Act of 1996
HIPAA is a federal regulation that OSF Healthcare System has to comply with that protects the privacy, security and confidentiality of a patient’s health information.
The HIPAA Privacy Rule
What is protected health information?-Information that could be used to identify an individual - Examples would be: name, social security number, (demographic information) - Transmitted or maintained in any form such as oral, written, or electronic information
HIPAA requires that all health care organizations have a Privacy Officer.
Corporate Compliance/Privacy Officer
Each OSF entity has their own Privacy Officer.
OSFSFMC – Dan Blunier (655-2734)
Confidentiality is so important, that OSF
1. The patient’s location with the facility;
2. The patient’s condition stated in general
terms (i.e. good, fair, poor);
3. The patient’s religious affiliation
(available only to clergy).
Our Confidentiality Policy also guides us on when and where we can discuss patient information.
- Do NOT access their private health information unless it is for patient care purposes
Can employees report possible violations of the privacy rule?
The Privacy Rules identifies what information is
protected, whether it be in electronic, oral or paper
form, and who may have access to that information
The Security Rules identifies steps for ensuring that
only those who should have access to electronic PHI
(ePHI) will actually have access.
The purpose of physical safeguards is to help protect the physical computer systems and related buildings and equipment from:
- Other natural and environmental hazards
- Unauthorized access.
Some of the processes used to promote compliance with the
Technical Safeguard rule include:
Passwords - don’t share and don’t post .
Workstations - secure your workstation, use screen savers, lock your computer if unattended, log off when not in use, log off at night.
E-mail - avoid sending sensitive/confidential patient information.
Removable media (disks, CDs,) - lock up and store, dispose/destroy properly.
Internet - firewalls, monitor and audit usage, utilize virus protection.
Remember Patient confidentiality is: information about a patient?