1 / 33

HIPAA

HIPAA. Building a Privacy Foundation. What Why Who How When. HIPAA. What Is HIPAA?. Health Insurance Portability & Accountability Act of 1996. Why Do We Need HIPAA?. The purpose of HIPAA is to protect confidential health care information through improved security and

rego
Download Presentation

HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HIPAA Building a Privacy Foundation

  2. What Why Who How When HIPAA

  3. What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

  4. Why Do We Need HIPAA? The purpose of HIPAA is to protect confidential health care information through improved security and privacy standards.

  5. Who Must Comply With HIPAA? Every employee of a health care facility or provider that handles protected patient health information will have to comply with HIPAA regulations.

  6. What Must Be Kept Confidential? PHI: Protected Health Information The HIPAA privacy rule defines the type of information that must be kept private by categorizing it as “Protected Health Information,” or PHI for short. Healthcare organizations must have policies in place that maintain the privacy of PHI.

  7. What is PHI? Protected Health Information

  8. PHI (Protected Health Information) Health information is any information, (verbal, electronic, or written) that relates to a person’s physical or mental health, or payment information.

  9. Name SSN Driver’s license Address Telephone number Marital status Financial information Parental status Gender Race Religion Medical Condition Test Results Income Examples of Personally Identifiable Information

  10. Minimum Necessary What can I access? Only information you “need to know”to do your job Accessing, using, or disclosing PHI on a need to know basis to get your job done is an important concept under HIPAA known as “minimum necessary.” Working in a healthcare organization does not entitle a person to access any and all patient records in the organization. You can access only the information you need to know to get your job done. Does the minimum necessary standard apply in every situation? No – the minimum necessary standard does not apply when accessing, using, or disclosing PHI for treatment of the individual. It also does not apply to the patient – they can have access to their protected health information.

  11. Incidental Disclosure The Privacy Rule does not say that health information will not be accidentally over heard. But everyone should make every effort to prevent this from happening.

  12. Calling a patient’s name in a waiting room A sign-in sheet is ok as long as it does not list a reason for the visit Examples of Incidental Disclosure

  13. Examples of Verbal Risk Discussing personal health information with a patient in a waiting room when there is risk of others overhearing the conversation.

  14. Examples of Verbal Risk Personal health information should not be discussed in public areas such as elevators, hallways, parking lots, or bathrooms. a

  15. Examples of Verbal Risk You should never discuss a patient’s personal health information with friends, family, or neighbors.

  16. Examples of Visual Risks Leaving documents that you know contain PHI in the open, unprotected and easily accessible by anyone

  17. How Do I Know... …when information is considered private? -Did you learn it through your job? -If yes, then it is considered private! a

  18. Internal Security Violations • Taking advantage of computer glitches that mistakenly allow access to a patient’s medical record • Deliberately gaining access to patient data • Sharing pass codes • Leaving documents with patient information visible in an open area

  19. How Do I Handle… …An individual asking for access to their record? • Individuals have a right of access • Route requests to appropriate department or staff • Do not attempt to provide or get this information yourself

  20. How Do I Handle… …An individual’s request to change their medical record? • Individuals have the right to amend or correct their record • Route requests to appropriate department or staff • Do not attempt to handle yourself

  21. How Do I Handle… …A family member or close friend asking about a patient? • Tell them to call Directory information • Do not attempt to answer yourself

  22. How Do I Handle… …Co-workers asking about a patient’s condition or treatment? • Route request to appropriate department or staff • Do not attempt to provide or get this information yourself

  23. Penalties • If you break the rules, you can face civil and criminal penalties • If found guilty you can be fined and/or sentenced to jail a

  24. Civil Penalties • $100 per wrong act • up to $25,000 per person, per year for each rule broken a

  25. Criminal Penalties • $50,000 & 1 year in jail if found guilty of telling protected health information • $100,000 & 5 years in jail if found guilty of obtaining or disclosing protected health information under false pretenses • $250,000 & 10 years in jail if found guilty of obtaining and disclosing PHI with intent to sell, transfer, or use for cash, personal gain, or malicious harm

  26. “Privacy-friendly” Practices • Abide by the Notice of Privacy • Practice & Confidentiality • Avoid discussing personal health information • Keep health information out • of public areas

  27. “Privacy-friendly” Practices • Secure records in all locations • Respect an individuals’ right to privacy during treatments

  28. HIPAA Security HIPAA security applies to physical, technical and administrative safeguards that are put in place to protect the confidentiality of information. Passwords File Cabinets ID Numbers Coded information

  29. When complying with security standards… Organizations should always access what resources need to be protected, determine the cost for protection and access the likelihood of loss or compromise. Organizations should train all employees on day-to-day procedures that ensure the protection of information.

  30. Ways of Insuring that information is protected • Faxes should never be left unattended or in places where unauthorized people can view them. • Passwords should be changed regularly. Children’s names, pet’s names, spouse’s names and birthdates should never be used as passwords. • Information on computer monitors should not be visible to unauthorized people. • Files should always be closed and coded. Personal information should never be on a file’s cover.

  31. What Can You Do? • Be aware of patient information and how it is used or handled. • Look for ways to insure the information is not available to unauthorized individuals. • Shred when appropriate. • Password protect your computer. • Never leave files open on your desk or at the copier.

  32. Organizations can prevent access the unauthorized data by implementing procedures at time of employee termination. • Change all combination locks • Removal of terminated employee for access lists • Removal of user account(s)

  33. Protect &Serve MCG Compliance/Privacy Officers • Please report any violations to the MCG Privacy Officer at 721-2661, or call MCG’s Legal Office at 721-4018

More Related