mandatory hipaa training l.
Skip this Video
Loading SlideShow in 5 Seconds..
Mandatory HIPAA Training PowerPoint Presentation
Download Presentation
Mandatory HIPAA Training

Loading in 2 Seconds...

play fullscreen
1 / 18

Mandatory HIPAA Training - PowerPoint PPT Presentation

  • Uploaded on

Mandatory HIPAA Training. An overview of the policies and procedures developed and implemented by Your Organization to address the HIPAA Privacy Rule. What is the HIPAA Privacy Rule?. Enacted in Aug.1996 to assure privacy and security of health information

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Mandatory HIPAA Training' - diamond

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mandatory hipaa training

Mandatory HIPAA Training

An overview of the policies and procedures developed and implemented by

Your Organization to address the

HIPAA Privacy Rule

what is the hipaa privacy rule
What is the HIPAA Privacy Rule?
  • Enacted in Aug.1996 to assure privacy and security of health information
  • Mandatory for all health care providers, health plans and health clearinghouses
  • Clearly identifies the rights of the “patient” regarding their protected health information (PHI)
  • Forces providers to take measures to handle PHI in a secure manner
plan for this training session
Plan for this training session
  • Look at the “Notice of Privacy Practices” and the rights it affords each “patient”
  • Learn about the policies and procedures that have been developed
  • Explain the revised procedures you will be following
  • Demonstrate that you understand
notice of privacy practices a patient has the right to
Notice of Privacy Practices a “Patient” has the RIGHT to:
  • Request restriction on use or disclosure of PHI
  • Request to receive information by an alternate means or location
  • Access their PHI
  • Request amendments to their PHI
  • Receive and accounting of disclosures of PHI
  • Receive a copy of the “Notice of Privacy Practices”
  • File complaints regarding improper use or disclosure of PHI
understanding the lingo
Understanding the lingo
  • HIPAA – The Standards for Privacy of Individually Identifiable Health Information
  • PHI – Protected Health Information
  • TPO – Treatment, Payment, Operation
  • Consent – given by “patient” to use PHI for TPO
  • Authorization – given by “patient” to use/disclose PHI for any other reason
more lingo
More lingo
  • Minimum necessary – disclosure of no more PHI than necessary for any given situation
  • Privacy Officer-person identified by organization to assure that all HIPAA policies and procedures are followed , rules on requests made by a “patient”, addresses any complaints filed (Gary Carone is our Privacy officer- Vivienne Manwaring is our Privacy consultant)
hipaa policy manual
HIPAA Policy Manual
  • Manual of actual policies available in hard copy at each location and also on the computer
  • Arranged into 8 sections for easy use
  • Should be consulted if there is any question of how to handle a situation concerning PHI
  • Policies contain attachments of corresponding forms
  • Everyone is responsible to be knowledgeable about these policies
section i consumer client rights
Section I – Consumer/client Rights
  • 13 policies beginning with “Consumer/client Privacy Rights”
  • Provide procedures to handle requests made or complaints files by service partners
  • Provide attachments of the various forms used to exercise rights and file complaints
section ii use and disclosure by psychsystems
Section II –Use and Disclosure by PsychSystems
  • 4 policies beginning with the “General Policy on Use and Disclosure of PHI”
  • Addresses Minimum Necessary requirement
  • Accounting of Disclosures
  • Psychotherapy notes CAN NOT be disclosed to a consumer/client
section iii business associates
Section III – Business Associates
  • Only one policy
  • Deals with any outside organization, agency or company that provides any treatment or non-treatment service for your organization that has access to PHI
section iv storage disposal safeguards and protection of phi
Section IV – Storage, Disposal, Safeguards and Protection of PHI
  • 11 policies that focus on day to day use of PHI
  • Procedures that will be uses on a day to day basis by all employees
  • Several procedures that might be new
  • Practices to tighten up how records are stored when not in use
  • How PHI is copied and the use of the copy machine
How to dispose of PHI – including personal notes, extra copies, old records etc.
  • De-identification of all material that is discarded
  • How to send a fax
  • How to handle PHI when away from the office
  • Verification of persons/agencies requesting PHI
  • What PHI a staff has access to
  • Completing and maintaining forms containing signatures
section v information systems
Section V – Information Systems
  • Contains 3 policies
  • Deal with computer passwords, data classification for access, modification and deletion and development of Role Based Access for information
section vi handling violations
Section VI – Handling Violations
  • 3 policies
  • Strict enforcement, sanctions and penalties for violations of privacy, up to and including dismissal
  • Everyone will sign a “statement of Understanding Privacy Policies”
  • Agency will do whatever possible to mitigate harmful effects of violations
  • There will be no retaliation for reporting violations
section vii organizational uses of phi
Section VII- Organizational Uses of PHI
  • 3 policies
  • Defines that PHI cannot be used for marketing or fundraising
  • Identifies what PHI can be used in facility directories
section viii uses and disclosures of phi outside your organization
Section VIII-Uses and Disclosures of PHI Outside Your Organization
  • 5 policies
  • There are some governmental, judicial, public health and safety and Health and Human Service needs for PHI that do not require authorization
the test please print slide 18 only complete and submit to psychsystems
The test- please, print (slide 18 ONLY), complete and submit to PsychSystems
  • Name ___________________________ID # ______________ Date: _______________
  • Concerning the handling of individual records. Check all that apply:
  • ___ A) Records cannot be taken from the office for any reason
  • ___ B) Records are considered to be safe as long as they are some place within our agency offices)
  • ___ C) File cabinets need only be locked at night
  • ___ D) PHI should never be discussed in a public area of the building
  • True or False
  • ___ It is acceptable to make as many copies of documents containing PHI as I want
  • ___ Extra copies containing PHI must be de-identified or shredded
  • ___ I may not leave the copy machine unattended when making copies that contain PHI
  • ___ Our HIPAA policies are available ion the web site
  • ___ By completing this training I know ALL I need to know to assure that HIPAA policies are
  • followed.
  • There is a Privacy Officer for each agency location.
  • Who is the primary Privacy Officer for our agency?________________________________
  • True or False
  • ___ I am responsible to report any situations I believe to be a violation of HIPPA or agency
  • policies.
  • ___ It is possible to be dismissed from my job if I violate the Privacy Policies
  • ___ Consumers/clients can only file a complaint of a violation of their privacy with our agency.
  • ___ Our agency cannot take retaliation against anyone who reports a privacy violation.
  • Check all that apply
  • If a consumer/client makes a request to exercise one of his/her Privacy Rights, I will:
  • ___ Immediately grant his/her verbal request
  • ___ Provide him/her with the appropriate form on which to make the request
  • ___ Give the form to my supervisor
  • ___ Place the original request form in the record when the action is complete