Protecting client data hipaa hitech and pipa part 1a
Download
1 / 17

Protecting Client Data HIPAA, HITECH and PIPA Part 1A - PowerPoint PPT Presentation


  • 193 Views
  • Uploaded on
  • Presentation posted in: General

Protecting Client Data HIPAA, HITECH and PIPA Part 1A. Module #1A Will Cover…. What is HIPAA? HIPAA & Privacy Security Rule Who does HIPAA apply to? HIPAA Terms Release of Information/Identity Verification Documenting Disclosure. Topics Continued….

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Protecting Client Data HIPAA, HITECH and PIPA Part 1A

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Protecting client data hipaa hitech and pipa part 1a
Protecting Client DataHIPAA, HITECH and PIPAPart 1A

2014 DHS IT Security & Privacy Training


Module 1a will cover
Module #1A Will Cover….

  • What is HIPAA?

  • HIPAA & Privacy Security Rule

  • Who does HIPAA apply to?

  • HIPAA Terms

  • Release of Information/Identity Verification

  • Documenting Disclosure

2014 DHS IT Security & Privacy Training


Topics continued
Topics Continued….

  • Safeguarding Protective Health Information(PHI) and Personally Identifying Information (PII)

  • Breach Notification

  • Enforcement under HITECH Act

  • Arkansas Personal Information Protection Act

    • State Law Act 1526

2014 DHS IT Security & Privacy Training


What is hipaa
What is HIPAA?

  • HIPAA is a federal law named the Health Insurance Portability and Accountability Act.

  • Its purpose is to provide a national standard for the protection of health information.

  • State or other Federal laws may provide greater protections than HIPAA.

2014 DHS IT Security & Privacy Training


What is hipaa continued
What is HIPAA Continued….

  • HIPAA applies to both:

    • Privacy of confidential information

    • Security of confidential information

  • Privacy and Security of confidential information must work together. If you do not use one, the other will not work.

2014 DHS IT Security & Privacy Training


Hipaa and the privacy rule
HIPAA and the Privacy Rule

  • Protects individual health care data

  • Defines how PHI may be used or disclosed

  • Gives clients privacy rights and the right to access their health information

  • Outlines ways to safeguard PHI

  • Works with PIPA or Act 1526

  • The HIPAA Security Rule works with the Privacy Rule protecting electronic forms of PHI

2014 DHS IT Security & Privacy Training


Who does hipaa apply to
Who Does HIPAA Apply to?

  • DHS is a hybrid entity – meaning it has both covered and non-covered functions under HIPAA.

    • Health Plans (DMS/Medicaid)

    • Providers (DAAS, DBHS, DDS, DYS) health care providers who conduct one or more of the HIPAA-defined transactions electronically

    • Business Associates: contractors who work for the divisions listed above.

2014 DHS IT Security & Privacy Training


Important hipaa terms
Important HIPAA Terms

  • Protected health information (PHI) is information which identifies an individual or offers a reasonable basis for identification and is created or received by a health plan or health care provider. It relates to past, present, or future physical or mental health, the provision of health care, or payment for health care.

2014 DHS IT Security & Privacy Training


Hipaa terms continued
HIPAA Terms Continued…..

  • Use: When you review or use PHI within your division -- for example: for internal audits, training, customer service, quality improvement;

  • Disclosure: When you release or provide PHI to someone outside your division -- for example: giving data to OCC or to an outside attorney or to another provider.

2014 DHS IT Security & Privacy Training


Hipaa terms continued1
HIPAA Terms Continued….

  • Minimum Necessary: To use or disclose only the minimum necessary to accomplish the intended purposes of the use, disclosure or request.

  • Employees must be given only the access to PHI needed to do their jobs;

  • Outside organizations must only be given the PHI needed to accomplish the purpose for which the request was made; the exception is treatment requests.

2014 DHS IT Security & Privacy Training


Example
Example

  • Sally works in a DHS county office and sees one of her fellow caseworker’s file on the desk. She notices the name on the folder is her soon-to-be ex-husband’s girlfriend. Sally looks in the file and sees that she has applied for Medicaid and ARKids First. Sally is going through a bitter divorce along with a custody battle and thinks any information that she can give to her attorney will help her case. Sally makes copies of the file and takes it home with her and plans to show it to her attorney.

  • Would this be a Permissible Use or Disclosure?

2014 DHS IT Security & Privacy Training


No this i s a n i mpermissible d isclosure u nder hipaa
No – this is an impermissible disclosure under HIPAA.

  • If you do not need PHI to do your job, then you should not access it. This is a HIPAA violation and may result in discipline and even termination.

  • Never let anyone talk you into accessing information on a family member, friend, cousin, etc.

  • If you are aware of someone who is accessing DHS data outside of the scope of their job, report it immediately. https://dhs.arkansas.gov/reporting

2014 DHS IT Security & Privacy Training


Where is phi found
Where is PHI Found?

  • PHI can in be found in:

    • Client Folders

    • Medical Records

    • Invoices

    • E-mails

    • Letters

2014 DHS IT Security & Privacy Training


You may be asked to disclose information c ontaining phi
You May Be Asked To Disclose Information Containing PHI….

  • Often, PHI must be redacted or blacked out so that it is not visible before disclosing it. How do you know what to redact?

  • On the next two slides we will go over what is considered the PHI Identifiers. These elements need to be redacted before disclosing PHI.

2014 DHS IT Security & Privacy Training


Phi identifiers
PHI Identifiers

  • Names

  • Medical Record Numbers

  • Social Security Numbers

  • Account Numbers

  • License/Certification numbers

  • Vehicle Identifiers/Serial numbers/License plate numbers

  • Internet protocol addresses

  • Health plan numbers

2014 DHS IT Security & Privacy Training


Phi identifiers continued
PHI Identifiers Continued…

  • Full-face photographic images and any comparable images

  • Any dates related to any individual (date of birth, telephone numbers)

  • Fax numbers

  • Email addresses

  • Biometric identifiers including finger and voice prints

  • Any other unique identifying number, characteristic or code that could reasonably be used to identify the owner of the PHI.

2014 DHS IT Security & Privacy Training


What is de identified data
What is De-Identified Data?

  • Under HIPAA's "safe harbor" standard, information is considered de-identified if all of the PHI Identifiers in the previous two slides have been removed, and there is no reasonable basis to believe that the remaining information could be used to identify a person.

2014 DHS IT Security & Privacy Training


ad
  • Login