1 / 22

(YOUR SERVICE NAME) Ambulance HIPAA & Confidentiality Training: “Need to Know”

(YOUR SERVICE NAME) Ambulance HIPAA & Confidentiality Training: “Need to Know”. Introduction. (YOUR SERVACE NAME) Ambulance Policy Legal Considerations. Objectives. Describe Health Insurance Portability & Accountability Act (HIPAA) Describe what information may be considered confidential

moralesd
Download Presentation

(YOUR SERVICE NAME) Ambulance HIPAA & Confidentiality Training: “Need to Know”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. (YOUR SERVICE NAME)Ambulance HIPAA & Confidentiality Training: “Need to Know”

  2. Introduction • (YOUR SERVACE NAME) Ambulance Policy • Legal Considerations

  3. Objectives • Describe Health Insurance Portability & Accountability Act (HIPAA) • Describe what information may be considered confidential • Identify ways to keep electronically stored information private • Identify actions that constitute breach of privacy • Discuss consequences of breach of privacy • Identify privacy rules in special settings

  4. “Confidential Information”means: • Patient Information • Peer Review Records • Financial Data • Clinical Information • Medical Records • Computer Programs • Documents and all other information kept as part of normal operations.

  5. Who is responsible for maintaining confidentiality?? • Maintaining the security of confidential information is a duty of all board members, employees, volunteers, medical staff appointees, vendors, contractors, agents, and students.

  6. “Need to Know” Principle • All information relating to inpatients and outpatients and their clinical situation will be considered confidential. • The “Need to Know” principle will be the guiding concept in determining what information can be accessed or shared and by whom. • Parties usually covered in the “Need to Know” principle are: • Patients • Family or significant others when granted permission by the patient. • Guardians or other legal representatives as recognized by each respective state statute. • Health care providers involved in the care of the patient.

  7. “Need to Know” • If staff are approached by someone requesting information, and the staff perceive the inquiry to be outside the bounds of the “Need to Know” principle, they are expected to refuse to disclose any information. • Staff who become aware they are seeing or hearing confidential information and do not have a “Need to Know”, will voluntarily remove themselves from the areas, and if appropriate, will need to remind the individuals involved of the need to be more aware of how to prevent such a breach.

  8. “Need to Know” • Exceptions to the “Need to Know” rule applies only to the patient information that is: • Required to be reported to state or federal health agencies (child abuse/dependent adult abuse for mandatory reporters; gunshot or stabbing wounds, rapes or sexual assaults, some sexually transmitted diseased, burns that cover more than a specified area of the body; “duty to warn” – harm to self or others). • Defined as a matter of “public record”. If you have any doubts, refer all questions to your supervisor.

  9. Non-patient Information May Be Confidential Also • Employee data, financial data, other aggregate data, policies and procedures. • Staff having access to non-patient information are responsible for maintaining it’s confidentiality. • Staff should consult their manager prior to releasing non-patient information to external entities.

  10. Medical Records Access: • Access to information will be limited to individuals on a “Need to Know” basis. • Written consent is required and the Hawarden Ambulance Director will monitor the review of the medical record. • If a patients requests to view their records, written authorization and approval must be made by the Ambulance Director. The Hawarden Ambulance Director may review the record with the patient. • Access to computerized functions is controlled by security codes.

  11. Discussions & Phone Conversations: • Any discussions involving confidential information must be conducted in a secure environment to prevent unauthorized persons overhearing the information. • Areas clearly off-limits for confidential patient discussion are elevators, cafeteria, stairwells, waiting rooms, meeting rooms, and other public areas.

  12. Duty to Protect: Do No Harm • Must safeguard information, whether in written form or not. • Breach of confidentiality violates patient rights and may lead to discipline and/or civil liability. • Negligent disclosure • Invasion of privacy • Tortious-breach-of-confidence action • Defamation • Public disclosure of private facts or for breach of contract

  13. HIPAA • Health Insurance Portability and Accountability Act of 1996, went into effect in 2000. • Addresses questions of privacy raised by the storage and transfer of patient health information electronically • Mandated the creation of new patient privacy rules • Covers all forms of information including paper, oral and electronic information • Provides both civil and criminal penalties for violations that can range up to fines of $250,000 and 10 years in prison

  14. The 3 Components of HIPAA • Privacy Standards • Compliance Date April 2003 • EDI – Electronic Data Interchange • Compliance Date October 2003 • Security Standards • Effective Date Yet to be Determined

  15. Privacy StandardsWhat does this mean to the Hawarden Ambulance?? • PHI – Protected Health Information • Patient Consent/Authorization • Business Associates • Privacy Notice • Minimum Necessary Disclosures

  16. Security StandardsWhat does this mean to the Hawarden Ambulance?? • We have to look at how access is given to Protected Health Information and how we are protecting it • True Disaster Recovery Plan • Physical access to data • Auditing/Tracking of PHI

  17. Hawarden Ambulance HIPAA Contact • The Hawarden Ambulance Director is the: • HIPAA Leader • HIPAA Trainer • Security Officer • Privacy Officer

  18. Special Settings • Patients with HIV – criminal offense to reveal information. No patient may be tested for HIV or AIDS without their consent and no information regarding the results of these tests may be provided to anyone other than the patient. • Psychiatric Patients & Substance Abuse – violation of federal law to reveal or confirm the identity of a patient in any psychiatric or drug/alcohol program. • Minors – Pregnancy, Sexual Abuse, Rape – normally parents of minors are given information about their child’s condition, but in cases involving pregnancy, sexual abuse & rape disclosure, even to parents is a serious breach of confidentiality.

  19. Breach of Confidentiality • HIPAA rules call for both civil and criminal penalties for revealing patient information without authorization. The civil fines do not even require any wrongful intent.

  20. Reporting Laws • Threats – duty to warn • Abuse – children, adults and the elderly • Criminal Wounds – gunshots, knife wounds and poisonings • Communicable Diseases • Deaths of uncertain nature Exceptions to a caregiver’s obligation to keep information confidential: When in doubt check with you supervisor.

  21. What can I do to prevent breaches of privacy?? • Never leave information on computer screens where unauthorized persons can gain access. • Never give out your computer password. • Locate and positions screens so persons passing by can’t view information. • Never leave patient information where others may view • Never list or display personal or medical information of a patient where others may view it

  22. What can I do to prevent breaches of privacy?? (cont’d) • Do not leave charts in an area where others may view • Face charts in a position where others may not view • Do not discuss or allow patient information to be viewed in public places • Printed records should be shredded prior to recycling or discarding • Be aware of how you are sending & receiving information (FAX, answering machines, etc.)

More Related