slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
HIPAA Basic Training for Privacy and Information Security PowerPoint Presentation
Download Presentation
HIPAA Basic Training for Privacy and Information Security

Loading in 2 Seconds...

play fullscreen
1 / 19

HIPAA Basic Training for Privacy and Information Security - PowerPoint PPT Presentation

  • Uploaded on

HIPAA Basic Training for Privacy and Information Security. Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic Training. Vanderbilt Credo “We treat others as we wish to be treated” Vanderbilt Credo Behavior

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'HIPAA Basic Training for Privacy and Information Security' - fiona-rios

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

HIPAA Basic Trainingfor Privacy and Information Security

  • Vanderbilt University Medical Center
  • VUMC HIPAA Website:

HIPAA Basic Training

Vanderbilt Credo

“We treat others as we wish to be treated”

Vanderbilt Credo Behavior

“I respect privacy and confidentiality”

what is hipaa
What is HIPAA?

HealthInsurancePortabilityandAccountabilityActof 1996

What Does HIPAA Do?

  • Limits how we use and share patient information
  • Gives patients more control over their information
  • Protects the integrity, availability and confidentiality of patient information
  • Defines violation penalties
what is protected under hipaa
What is Protected under HIPAA?
  • Individually identifiable health information:
    • That is collected from an individual, or
    • That is created or received by
      • A health care provider
      • Employer
      • Health insurer’s plan
  • This information can be in any form:
    • Written, verbal, or electronic

What is Protected under HIPAA?

Information pertaining to HIV, alcohol and drug treatment, psychotherapy notes, etc. have even more stringent protections.

patient rights
Patient Rights

ALLPatients have the right to:

  • Receive a Notice of Privacy Practicesthat describes how we use and share their information
  • Review and obtain copiesof their medical and financial records
  • Request amendments to their medical record if they believe information is incorrect or missing.

HIPAA regulations provide individuals with certain rights that are reflected in VUMC policy.

sharing patient information
Sharing Patient Information
  • Treatment (physicians involved with care, family members involved in patient’s care, etc.)
  • Payment (insurance companies, other third parties)
  • Administrative functions (QI, financial analysis, educational or training activities
  • Other specific exceptions (required by law, Department of Public Health)

You must obtain patient authorization except in the following circumstances:

protecting the privacy of patient information
Protecting the Privacy of Patient Information
  • Only share patient information with other faculty and staff who need the information to do their job.
  • Avoid accessing a patient’s record unless you need to do so for your job or you have written permission from the patient.

You are not allowed to access the record of your co-worker, spouse, or family member unless there is written authorization in the patient’s record.

key information security practices
Passwords & Electronic Signatures

Logging Off/Locking Computers


Web sites




Key Information Security Practices
passwords and electronic signatures
Passwords and Electronic Signatures
  • DO choose ones that you can remember
  • DO remember that the longer they are, the better
  • DO use numbers, uppercase and lowercase letters, and special symbols to create them, where allowed

Some Do’s related to passwords and electronic signatures.

passwords and electronic signatures1
Passwords and Electronic Signatures
  • DO NOT share them with anyone
  • DO NOT write them down where others can see them or store them where others can access them
  • DO NOT use words, names, or personal data others may guess, such as the name of your pet.

Some Don’ts related to passwords and electronic signatures.

logging off computers
Logging Off Computers
  • Log Off OR\
  • Lock the computer screen

If you need to walk away from a computer you are using, always:

e mail
  • E-mail sent over the Internet is generally unencrypted and not secure.
  • Find alternative ways to communicate confidential information

(e.g., encryption, MyHealthAtVanderbilt, password protected files, VPN)

  • Limit the amount of patient information.
  • Beware of E-mail Attachments!
  • The Privacy Office conducts audits daily on the medical records of employees who come to the hospital to monitor for inappropriate access.
  • Audits are also conducted whenever a patient suspects that their medical record may have been inappropriately accessed.
sanctions for privacy and information security violations
Sanctions for Privacy and Information Security Violations
  • VUMC considers it a serious incident anytime that a privacy or security violation occurs.
  • HIPAA requires that we monitor information system activity which assists in identifying violations and that we document all incidents.
  • Disciplinary/corrective action ranges from training/counseling to termination.
what should be reported
What Should Be Reported?
  • Privacy and Security Violations:
  • Looking at someone else’s confidential data
  • Paperwork with patient information lying around unattended
  • Sharing passwords or electronic signatures or the use of another employee’s password or electronic signature
contact one of the following to report privacy information security incidents
Contact One of the Following to Report Privacy & Information Security Incidents
  • Privacy Office (936-3594) or e-mail
  • Help Desk 343-HELP (343-4357)
  • Compliance Reporting Line (343-0135)
  • Always forward Patient privacy complaints to Patient Affairs (322-6154) or the Privacy Office.
  • Your manager
the bottom line
The Bottom Line
  • Consider the patient’s perspective and give them control over how their information is used.
  • Avoid situations in which the patient would object to how their information was used or shared.
  • Implement appropriate security measures to maintain the integrity of patient data, ensure its availability, and keep it confidential.
  • Be familiar with Vanderbilt’s privacy & information security policies at:

final instructions
Final Instructions
  • To complete the training you must print off the HIPAA Test and submit it to the manager in your department for filing in your personnel file.

Any questions related to this training may be submitted to the Privacy Office at or call