Protecting client data hipaa hitech and pipa part 1a
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Protecting Client Data HIPAA, HITECH and PIPA Part 1A PowerPoint PPT Presentation


  • 154 Views
  • Uploaded on
  • Presentation posted in: General

Protecting Client Data HIPAA, HITECH and PIPA Part 1A. Module #1A Will Cover…. What is HIPAA? HIPAA & Privacy Security Rule Who does HIPAA apply to? HIPAA Terms Release of Information/Identity Verification Documenting Disclosure. Topics Continued….

Download Presentation

Protecting Client Data HIPAA, HITECH and PIPA Part 1A

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Protecting client data hipaa hitech and pipa part 1a

Protecting Client DataHIPAA, HITECH and PIPAPart 1A

2014 DHS IT Security & Privacy Training


Module 1a will cover

Module #1A Will Cover….

  • What is HIPAA?

  • HIPAA & Privacy Security Rule

  • Who does HIPAA apply to?

  • HIPAA Terms

  • Release of Information/Identity Verification

  • Documenting Disclosure

2014 DHS IT Security & Privacy Training


Topics continued

Topics Continued….

  • Safeguarding Protective Health Information(PHI) and Personally Identifying Information (PII)

  • Breach Notification

  • Enforcement under HITECH Act

  • Arkansas Personal Information Protection Act

    • State Law Act 1526

2014 DHS IT Security & Privacy Training


What is hipaa

What is HIPAA?

  • HIPAA is a federal law named the Health Insurance Portability and Accountability Act.

  • Its purpose is to provide a national standard for the protection of health information.

  • State or other Federal laws may provide greater protections than HIPAA.

2014 DHS IT Security & Privacy Training


What is hipaa continued

What is HIPAA Continued….

  • HIPAA applies to both:

    • Privacy of confidential information

    • Security of confidential information

  • Privacy and Security of confidential information must work together. If you do not use one, the other will not work.

2014 DHS IT Security & Privacy Training


Hipaa and the privacy rule

HIPAA and the Privacy Rule

  • Protects individual health care data

  • Defines how PHI may be used or disclosed

  • Gives clients privacy rights and the right to access their health information

  • Outlines ways to safeguard PHI

  • Works with PIPA or Act 1526

  • The HIPAA Security Rule works with the Privacy Rule protecting electronic forms of PHI

2014 DHS IT Security & Privacy Training


Who does hipaa apply to

Who Does HIPAA Apply to?

  • DHS is a hybrid entity – meaning it has both covered and non-covered functions under HIPAA.

    • Health Plans (DMS/Medicaid)

    • Providers (DAAS, DBHS, DDS, DYS) health care providers who conduct one or more of the HIPAA-defined transactions electronically

    • Business Associates: contractors who work for the divisions listed above.

2014 DHS IT Security & Privacy Training


Important hipaa terms

Important HIPAA Terms

  • Protected health information (PHI) is information which identifies an individual or offers a reasonable basis for identification and is created or received by a health plan or health care provider. It relates to past, present, or future physical or mental health, the provision of health care, or payment for health care.

2014 DHS IT Security & Privacy Training


Hipaa terms continued

HIPAA Terms Continued…..

  • Use: When you review or use PHI within your division -- for example: for internal audits, training, customer service, quality improvement;

  • Disclosure: When you release or provide PHI to someone outside your division -- for example: giving data to OCC or to an outside attorney or to another provider.

2014 DHS IT Security & Privacy Training


Hipaa terms continued1

HIPAA Terms Continued….

  • Minimum Necessary: To use or disclose only the minimum necessary to accomplish the intended purposes of the use, disclosure or request.

  • Employees must be given only the access to PHI needed to do their jobs;

  • Outside organizations must only be given the PHI needed to accomplish the purpose for which the request was made; the exception is treatment requests.

2014 DHS IT Security & Privacy Training


Example

Example

  • Sally works in a DHS county office and sees one of her fellow caseworker’s file on the desk. She notices the name on the folder is her soon-to-be ex-husband’s girlfriend. Sally looks in the file and sees that she has applied for Medicaid and ARKids First. Sally is going through a bitter divorce along with a custody battle and thinks any information that she can give to her attorney will help her case. Sally makes copies of the file and takes it home with her and plans to show it to her attorney.

  • Would this be a Permissible Use or Disclosure?

2014 DHS IT Security & Privacy Training


No this i s a n i mpermissible d isclosure u nder hipaa

No – this is an impermissible disclosure under HIPAA.

  • If you do not need PHI to do your job, then you should not access it. This is a HIPAA violation and may result in discipline and even termination.

  • Never let anyone talk you into accessing information on a family member, friend, cousin, etc.

  • If you are aware of someone who is accessing DHS data outside of the scope of their job, report it immediately. https://dhs.arkansas.gov/reporting

2014 DHS IT Security & Privacy Training


Where is phi found

Where is PHI Found?

  • PHI can in be found in:

    • Client Folders

    • Medical Records

    • Invoices

    • E-mails

    • Letters

2014 DHS IT Security & Privacy Training


You may be asked to disclose information c ontaining phi

You May Be Asked To Disclose Information Containing PHI….

  • Often, PHI must be redacted or blacked out so that it is not visible before disclosing it. How do you know what to redact?

  • On the next two slides we will go over what is considered the PHI Identifiers. These elements need to be redacted before disclosing PHI.

2014 DHS IT Security & Privacy Training


Phi identifiers

PHI Identifiers

  • Names

  • Medical Record Numbers

  • Social Security Numbers

  • Account Numbers

  • License/Certification numbers

  • Vehicle Identifiers/Serial numbers/License plate numbers

  • Internet protocol addresses

  • Health plan numbers

2014 DHS IT Security & Privacy Training


Phi identifiers continued

PHI Identifiers Continued…

  • Full-face photographic images and any comparable images

  • Any dates related to any individual (date of birth, telephone numbers)

  • Fax numbers

  • Email addresses

  • Biometric identifiers including finger and voice prints

  • Any other unique identifying number, characteristic or code that could reasonably be used to identify the owner of the PHI.

2014 DHS IT Security & Privacy Training


What is de identified data

What is De-Identified Data?

  • Under HIPAA's "safe harbor" standard, information is considered de-identified if all of the PHI Identifiers in the previous two slides have been removed, and there is no reasonable basis to believe that the remaining information could be used to identify a person.

2014 DHS IT Security & Privacy Training


  • Login