1 / 20

HIPAA Privacy / Security Education

HIPAA Privacy / Security Education. HIPAA Definitions. HIPAA – Health Insurance Portability and Accountability Act PHI – Protected Health Information EPHI – Electronic Protected Health Information. HIPAA Privacy / Security. The Privacy regulations make sure PHI is properly handled.

ohio
Download Presentation

HIPAA Privacy / Security Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HIPAA Privacy / Security Education

  2. HIPAA Definitions • HIPAA – Health Insurance Portability and Accountability Act • PHI – Protected Health Information • EPHI – Electronic Protected Health Information

  3. HIPAA Privacy / Security • The Privacy regulations make sure PHI is properly handled. • The Security regulations make sure EPHI is properly handled. • Costly lawsuits in addition to penalties and fines if we do not comply.

  4. HIPAA Privacy • Privacy requirements apply to anyone that has access to or works with patient’s PHI. • Keep a log of the patient complaints made, including the resolution.

  5. HIPAA Privacy • We use and disclose PHI to carry out essential health care functions: • Treatment • Payment • Healthcare Operations

  6. HIPAA Privacy • Treatment – Management of healthcare by one or more providers. • Payment – Obtain payment or reimbursement for services. • Operations – Administrative, financial, legal or quality improvement activities necessary to run business and support functions of treatment and payment.

  7. HIPAA Privacy Patient Requested Restrictions • Hospital Directory – Do Not Announce • Can restrict PHI from being shared with others

  8. HIPAA Privacy Accounting of Disclosures – AOD • A patient has a right to receive a Accounting Of Disclosures of PHI.

  9. HIPAA Privacy AOD Exclusions • Treatment, payment or healthcare operations • Pursuant to a patient’s written authorization • Persons involved in patient’s care • Business Associates for purpose of treatment, payment or healthcare operations • Directory • Made to the patient

  10. HIPAA Privacy Notice of Privacy Practices / Business Associate Agreement • NPP – Notice of Privacy Practices informs patients how we may use their PHI. • BAA – Contractors or other non-workforce members hired to do the work of, or for, that involves the use or disclosure of PHI.

  11. HIPAA Privacy Minimum Necessary • We must make reasonable efforts to limit the use or disclosure of, and requests for PHI to minimum amount necessary for the intended purpose.

  12. HIPAA Privacy Overheard, Seen in Passing • The regulation permits uses or disclosures incidents, provided minimum necessary and safeguard standards are met.

  13. HIPAA Security • Assurance of Confidentiality, Integrity and Availability of PHI in any form.

  14. HIPAA Security Three Areas • Physical Safeguards • Technical Safeguards • Administrative Safeguards

  15. HIPAA Security Physical Safeguards • Measures taken to protect our facility and computer systems from unauthorized use. • Computer placement should be considered prior to computer arriving in the area. • Employee badges are physical safeguards.

  16. HIPAA Security Technical Safeguards • Control access, validate the identity and have authorization of users and protect information. • Computer system access should be available on a need to know basis. • Audit trails can be used to monitor authorized and unauthorized system access.

  17. HIPAA Security Administrative Safeguards • Formal written policies and procedures to protect PHI. • Periodic evaluations of all security safeguards should be conducted and documented.

  18. HIPAA Security HIPAA Notes • Do not share or display passwords. • Do not e-mail PHI outside of SJHS without putting it into a password protected document. • Become familiar with policy 30110-170 Use and Disclosure of PHI.

  19. HIPAA Security HIPAA Notes • Do not discuss patient’s PHI for personal gain. • Do not place PHI documents in trash cans. • Practice common sense security. Make sure doors and desks are locked, as appropriate.

  20. HIPAA Security HIPAA Notes • Everyone should be assigned a personal user ID and should never use someone else’s. • If you do not have access to certain records as part of your job, you should not be accessing them.

More Related