New Employee Orientation HIPAA Privacy. Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer
|
|
- Ernest Murphy
- 6 years ago
- Views:
Transcription
1 New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer
2 Definitions HIPAA Health Insurance Portability and Accountability Act PHI Protected Health Information HHS Department of Health and Human Services OCR Office for Civil Rights Enforces HIPAA Privacy and Security rules.
3 What is identifiable protected health information (PHI) under HIPAA Includes: Name Address Employer Relative s names Birth date Phone/fax numbers address Social Security # Medical Record # Member/Acct # Certificate # Voiceprints Fingerprints Photos Codes Any other characteristics, such as occupation that can be used to identify an individual.
4 Forms of Information Paper Verbal Electronic It is the responsibility of every employee to protect the privacy and security of PHI in ALL forms
5 Goals of the Privacy Rule Provide strong federal protections for privacy rights Ensure patient s TRUST the privacy and security of his/her health information Preserve QUALITY health care Encourages frank communication with healthcare providers Makes sure that the right information is flowing to the right people at the right time.
6 Breaches A breach occurs when information that, by law, must be protected is: Lost, stolen, or improperly disposed of hacked into by people or computer programs Communicated or sent to others who do not have an official need to receive the information
7 The U.S. Attorney for the Southern District of Illinois announced today that Susan L Harris, 28 of Marissa, Illinois, and Ashley C. Drummond, 25, of East St. Louis, Illinois were sentenced for aggravated identity theft and conspiracy to commit mail fraud in the U.S. District Court for the Southern District of Illinois, East St. Louis Division. Harris was convicted following a 2-day jury trial in December 2012 Today, the U.S. District Court sentenced Harris to 4 years in prison, to be followed by 3 years of supervised release. Harris was ordered to pay $7, in restitution and a $200 special assessment. Drummond, who pleaded guilty in November 2012, was previously sentenced to 2 years in prison, to be followed by a 3 year term of supervised release. Drummond also was ordered to pay $8, in restitution to various victims and a $200 special assessment.
8 Evidence presented at the trial of Susan Harris showed that Harris conspired with Ashley Drummond to steal personal identifying information of patients of a Southern Illinois hospital. The two women targeted elderly patients, particularly patients who came in to the hospital from the nursing homes and assisted living facilities. Drummond and Harris used the stolen personal information to apply for new credit card accounts in the victims names Drummond was a radiology technician, and it was her job to transport patients to and from the radiology department as needed. While transporting the patients, Drummond would steal victims personal information from their charts. Harris was later caught on camera at a retail stores using one of the credit cards obtained with the personal information of a 90-year-old woman who lives in an assisted living center and had been a patient at the hospital where Drummond worked. The case was investigated by the Southern District of Illinois Identity Theft Task Force, the U.S. Postal Inspection Service, the Internal Revenue Service Criminal Investigation Division, the Social Security Administration Office of the Inspector General, the Maryville Police Department, the Glen Carbon Police Department, and the Collinsville Police Department.
9 Other recent nationwide reports of breaches A Nevada man pleaded guilty to violating HIPAA by using patient records to generate referrals for personal injury attorneys. Medical files were found at a recycling center in Tenn. They contained graphic photos and SS# from potentially 2 medical facilities. An unencrypted, password protected desk top computer was stolen from administrative offices at Sutter Health in Sacramento CA. The computer contained information on about 4 million patients. New York Presbyterian Hospital & Columbia University agreed to pay 4.8 million fine after the health records of more than 6000 people were mistakenly released on the Internet. 4 employees were fired from University Medical Center in Tucson after 1 employee took a picture of a patient with a cell phone camera. Natahsa Orr, 36 of Miami was sentenced to 24 months in prison plus 12 month of home confinement followed by 3 years of supervised release for stealing patient information from the Holy Cross ER during her employment. She used the information to obtain bank account info & obtain debit cards in the patient s name.
10 noteworthy facts Data breaches are occurring in health care at nearly 3 times the rate as in banking and finance. A thief downloading and stealing data can get $50 on the street for a medical identification number compared to just $1 for a social security number. Victim s can suffer monetary loss, possible inability to obtain or retain insurance, and corruption of their medical history.
11
12 Breaches involving 500 or more individuals reported to OCR (as of 3/2014) Unknown 2% Improper Disposal 4% Other 10% Breached Patient Information was due to: Hacking 8% Unauthor Access 18% Theft 47% Loss 11%
13 Breaches involving 500 or more individuals that have been reported to OCR Breached Patient Information was located on: Laptop, 23% Paper, 23% Desktop Computer, 15% Portable Electronic Device, 14% Network Server, 11% EMR, 2% Other, 10% , 2%
14 Illinois Wall of Shame
15 Breaching Patient Privacy Requires Notification of the Patient Breach definition: The unauthorized acquisition, access, use, or disclosure of PHI which compromise the security or privacy of protected health information, except where an unauthorized person to whom such information is disclosed would not have reasonably have been able to retain such information Applies to paper, electronic or verbal breaches The healthcare facility MUST: notify the individual (patient) within 60 days (of knowledge of breach) that their PHI has been or may have been accessed, acquired or disclosed as a result of a breach. o Notification must include: Description of what happened Type of information disclosed Steps the patient should take to protect themselves from potential harm Steps SIH is taking to investigate the breach, alleviate any potential harm, and protect against further breaches. report breaches annually to Department of Health & Human Services.
16 Example of Breach Notification Letter SIH/SIMS sends to a patient Dear Patient: On (date) (SIH/SIMS), became aware of a breach of your personal health information. The breach of your information occurred on or around (date) when you were at the Department. We are notifying you so you can take personal action along with our organization s efforts to reduce or eliminate potential harm. The incident involved your protected health information, specifically, your name and being disclosed to. I recommend that you increase your awareness of any type of communication regarding your personal health information. If you suspect anything unusual please contact the Contact the Consumer Protection Agency in Illinois: (800) ; East Main Street Carbondale, IL Southern Illinois Healthcare sincerely apologizes for the inconvenience and concern this incident causes you. The privacy of your personal information is very important to us and we will continue to do everything we can to fortify our operational protections for you and others. As a result of this breach SIH took the following actions: Under the Health Insurance Portability and Accountability Act (HIPAA) you also have the right to file a written complaint with the Director, Office of Civil Rights of the U.S. Department of Health and Human Services at the following address: Office of Civil Rights, U.S. Department of Health and Human Services 233 N Michigan Ave. Suite 240 Chicago IL Your complaint must describe Southern Illinois Healthcare s acts that you believe to be in violation of applicable law. A complaint to the Director of Health and Human Services may be submitted either by mail or electronic transmission within 180 days of this date. We will not retaliate against you if you file a complaint with the Director of Health and Human Services.
17 If breach involves PHI of 500 patients or more, then SIH will be required to notify local media and the Department of Health and Human Service
18 Information is accessible for authorized use and to Authorized users only When requested by the individual (patient), with proper identification For treatment of the individual (example: practitioner caring for the patient) For payment purposes (example: sending billing information to patient s insurance company), and Certain healthcare operations (example: TJC survey, quality improvement, Peer Review)
19 Patient s Privacy Rights Under HIPAA 1. To view and keep a copy of our Notice of Privacy Practices (document patient receives that explains how SIH uses their PHI and their rights regarding their PHI) 2. To view and copy their own protected health information (PHI) found in their medical/billing records 3. To request an amendment to documentation in their medical/billing record they think is inaccurate or incomplete. (Example: medical record documents patient has no allergies. The patient requests their medical record be amended to reflect an allergy to penicillin) 4. To request confidential communication
20 5. To ask for restrictions on how SIH uses and discloses their PHI for treatment, payment and healthcare operations (TPO). 6. To receive an Accounting of Disclosures. A document that identifies disclosures of their PHI made: To agencies, work comp, law enforcement, registries, when patient authorization is not required, and/or accidentally (example, faxed medical records to the wrong place). 7. To complain to SIH or with the U.S. Department of Health & Human Services about privacy violations 8. To opt out of the patient directory (do not want name on hospital publish list (do not want public to know of hospitalization)
21 Definitions Sensitive Information = Information in any form, including but not limited to paper, electronic, or oral, which if improperly disclosed could cause damage to the reputation, privacy, image and/or financial viability of the patient, medical staff, employees, board of trustees and/or Southern Illinois HealthCare. Sensitive information includes, but is not limited to All individually identifiable health information; Anything marked or stated as confidential Employee information; Financial information; Guarded Operational Information; Marketing and general business strategies Patient billing information; Physician information; and Proprietary products and product development
22 Ask yourself... Are you an authorized user of Sensitive Information and PHI? Do I need this information to do my job? Two rules of thumb. Rule 1: Is using or disclosing this information in the best interest of the patient? Yes = Do it and document No = Don t do it Rule 2: Do I need to access/know this information, (whether paper or electronic) to perform my job function? Yes = Go ahead and access the information No = Don t even think about accessing the information.
23 What does protecting health information & sensitive information mean? Keeping this information private Making sure this information is only accessible to the appropriate workforce and/or providers Safeguarding this information from unauthorized users
24 How to keep PHI & Sensitive Information private- paper world Private Medical records/documents are placed in a secure location Documents containing identifiable information that can be discarded are shredded Use fax cover sheet Timely removal of documents from fax machine tray, printer tray or copier Documents do not leave SIH premises, unless authorized to do so
25 How to keep PHI & Sensitive Information private electronic world Private Monitors are turned away from public view Patient information is not left up on computer screen User ID, passwords are not shared PHI is not downloaded/copied on personal storage media such as home computer, PDA, jump drive, etc
26 How to keep PHI and Sensitive Information private verbal world NO PHI Discussion: Elevators Smoke Areas Public or Private Dining Areas Employee Break Areas Public places restaurants, bars, etc. Social Networking Sites myspace, facebook, etc. Hallway Home
27 Civil and Criminal Penalties for Breaches Enforced by Office for Civil Rights & Department of Justice Unknown Violations Violations with reasonable cause Violations resulting from willful neglect Violations from willful neglect and not corrected $100-$50,000 (not to exceed $1.5 million in calendar year) $1,000-$10,000 (not to exceed $1.5 million in calendar year) $10,000-$250,000 (not to exceed $1.5 million in calendar year) $50,000-$1.5 million( not to exceed $1.5 million in calendar year)
28 SIH Top 5 HIPAA/Sensitive Information Hot Spots Wrongful disclosure due to misdirected fax (example: a fax number entered incorrectly & sent to an unintended individual/business). Patient complaints of breach of confidentiality involving an SIH employee wrongfully accessing or disclosing the health information of a family member, ex-family member or friend. Patient request for an amendment to their medical record because they are disagreeing with documentation about them entered by a physician or clinician. Employee access to their or their family members PHI stored on Electronic Medical Record (Meditech, Chartmaxx, etc) Employee posting SIH job related information on their social network site*
29 Know what you ve signed Does this document look familiar? This agreement, signed by you, is in your employee file.
30 More about Social Media SIH Policy Applies to use of social media at work and away from work when SIH affiliation is identified, known, or presumed. Used for approved business related purposes Workforce Members bound by SIH policies: Confidentiality of Sensitive Information, Internet Access & Usage, Harassment, HIPAA Abide by SIH: Mission & Values, Compliance Program, Code of Ethics & Conduct Standards, Performance Standards, Guidelines for using Social Media, Marketing guidelines Have a duty to report a violation of policy to immediate supervisor.
31 RESPECT, PROTECT, SAFEGUARD RESPECT Patients, Customers, and One Another PROTECT Confidentiality, Privacy & Security SAFEGUARD Properly use SIH Assets
32 Some Social Media Guidlines Do not announce company news. Do not cite or reference patients, partners or supplies w/o approval or written authorization from Marketing & Communications dept. Only those officially designated by SIH have the authorization to speak publicly on behalf of the company. Take responsibility. You are personally responsible for your post. SIH has the right to review & take action if a violation of policy or law occurs, even in personal blogs, etc. Be professional. Statements made in private social media sites, chat rooms, blogs, must treat the company & its workforce members, customers, and competitors with respect. SIH s harassment policy applies to the use of social media during both working & non-working hours. Be mindful of the world s longer memory. Everything you say is likely to be indexed & stored forever.
33 Confidentiality Policy Disciplinary Criteria Level 1. Failing to demonstrate appropriate care in handling sensitive information that results in accidental access, incidental access or inappropriate access due to lack of awareness or education. HIPAA Examples: Employee self access to own PHI, leaving PHI unattended, being away from work area while logged into application containing PHI, inadvertently routing PHI to a wrong recipient, fax sent to the wrong person, business, etc. Level 2. Disregard of organization or departmental policy related to the appropriate use and disclosure of sensitive information HIPAA Examples: Employee access to family member s PHI not needed for job related duties, knowingly sharing a password with coworker, discussing PHI in public areas, such as cafeteria s, hallways, or elevators
34 Level 3. Unauthorized access and/or disclosure of sensitive information HIPAA Examples: Intentionally exhibiting or divulging (verbal or written) PHI with co-workers or other individuals who are not privy to the information. Posting PHI on Internet sites, such as MySpace, FaceBook, Blogs (NOTE: POSTING OF ANY SENSITIVE INFORMATION ON MySpace, FaceBook Blogs is PROHIBITED). Level 4. Purposeful disregard of organizational or departmental policies. HIPAA Examples: Seeking personal benefit or permitting others to benefit personally from PHI. Access and/or disclosing PHI with malicious intent. Repeated disregard of any of the above levels 1-3.
35 Encrypt all containing PHI addressed to non-sih addresses. Do not send containing PHI to your personal account Do not text any type of PHI Securely store lap tops when unattended Log off of computer when walking away Keep your password confidential Turn computer monitors away from public eyesight Faxing: Double check fax numbers Complete fax cover sheet Securely seal mailing envelopes and containers that contain patient health information Before handing a patient medical record documents make sure the patient name matches the patient name on the documents. Refrain from taking pictures in patient care areas with your personal cell phone. Do not post information via social networking (face book, twitter, etc) that involves patient information you know about from being a workforce member at SIH.
What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationUpdated FY15 Dignity Health General Compliance Education for Staff Module 2
Updated FY15 Dignity Health General Compliance Education for Staff Module 2 This course will provide you with important information about the laws and regulations that affect the healthcare industry, our
More informationHIPAA Training
2011-2012 HIPAA Training New Hire Orientation and General Training 1 This training is to ensure all Health Management workforce members (associates, contracted individuals, volunteers and students) understand
More informationPrivacy and Security For Teammates
Privacy and Security For Teammates This self-directed learning module contains information all CRHS Teammates are expected to know in order to protect our patients, our guests, and ourselves. Target Audience:
More informationAdvanced HIPAA Communications and University Relations
Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability
More informationProtecting Patient Privacy It s Everyone s Responsibility
1 of 27 Protecting Patient Privacy It s Everyone s Responsibility This presentation is comprised of 27 screens. When you have finished reading a screen, click your mouse to continue to the next screen.
More informationHIPAA Health Insurance Portability and Accountability Act of 1996
HIPAA Health Insurance Portability and Accountability Act of 1996 Protected Health Information (PHI) Covers patient information in any form written, verbal, or electronic PHI Includes Any information that
More informationThe Privacy & Security of Protected Health Information
The Privacy & Security of Protected Health Information By the end of this course, you should: Be familiar with the patient s rights to privacy under HIPAA Privacy Act Be able to identify Protected Health
More informationPrivacy and Security Compliance: The. Date Presenter Name of Member Organization
Privacy and Security Compliance: The Basics Date Presenter Name of Member Organization Privacy and Security Compliance: The Context for What We Do Privacy and Security compliance within (your office) is
More informationMCCP Online Orientation
1 Objectives At the conclusion of this presentation, students will be able to: Discuss application of HIPAA to student s role. Describe the federal requirements of the HIPAA/HITECH regulations that protect
More informationInformation Privacy and Security
Information Privacy and Security 2015 Purpose of HIPAA HIPAA stands for the Health Insurance Portability and Accountability Act. Its purpose is to establish nationwide protection of patient confidentiality,
More informationA general review of HIPAA standards and privacy practices 2016
A general review of HIPAA standards and privacy practices 2016 45 CFR, 164 Health Insurance Portability and Accountability Act Treatment, Payment and Healthcare Operations 42 CFR, Part 2, Confidentiality
More informationHIPAA Privacy Training for Non-Clinical Workforce
Office of Compliance Programs HIPAA Privacy Training for Non-Clinical Workforce Revised: January 24, 2017 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA)
More informationCompliance Program, Code of Conduct, and HIPAA
Compliance Program, Code of Conduct, and HIPAA Agenda Introduction to Compliance The Compliance Program Code of Conduct Reporting Concerns HIPAA Why have a Compliance Program Procedures to follow applicable
More informationHIPAA and HITECH: Privacy and Security of Protected Health Information
HIPAA and HITECH: Privacy and Security of Protected Health Information What is HIPAA? Health Insurance Portability and Accountability Act of 1996 A federal law enacted to: Protect the privacy of a patient
More informationVHA Privacy Policy Training FY VHA Privacy Office
VHA Privacy Policy Training Applicable Confidentiality Statutes and Regulations The following legal provisions govern the collection, use, maintenance, and disclosure of information from VHA records. The
More informationHealth Information Privacy Policies and Procedures
University of the Pacific Arthur A. Dugoni School of Dentistry Health Information Privacy Policies and s These Health Information Privacy Policies & s implement our obligations to protect the privacy of
More informationHIPAA PRIVACY TRAINING
HIPAA PRIVACY TRAINING HIPAA Privacy Training Objective Present a general overview of HIPAA and define important terms Understand the purpose of HIPAA and the Privacy Rule Understand the term Protected
More informationStudent Orientation: HIPAA Health Insurance Portability & Accountability Act
_ Student Orientation: HIPAA Health Insurance Portability & Accountability Act HIPAA: National Privacy Law History of HIPAA What was once an ethical responsibility to protect a patient s privacy is now
More informationIt defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.
Office of Compliance Programs Revised: July 18, 2017 HIPAA Privacy HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all
More informationUSES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY
Page Number 1 of 8 TITLE: PURPOSE: USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY To assure that individually identifiable health information contained in any University Health
More informationAUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director
UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE For the period October 2008 through May 2009 JEREMIAH P. CARROLL II, CPA Audit Director Audit Department 500 S Grand Central Pkwy Ste 5006 PO Box 551120 Las Vegas
More informationCLINICIAN S GUIDE TO HIPAA PRIVACY
CLINICIAN S GUIDE TO HIPAA PRIVACY Introduction... 2 What is HIPAA?... 2 Health Information Privacy... 2 Protected Health Information... 3 Identifiers... 3 HIPAA s Impact on Clinical Practice, Treatment,
More informationYour Role in Protecting Patient Privacy 2018
Your Role in Protecting Patient Privacy 2018 1 Training Focus This training will focus on what responsibilities you have in order to ensure that both you and our organization are in compliance with state
More informationPRIVACY BREACH MANAGEMENT POLICY
\(.kon Education Education PRIVACY BREACH MANAGEMENT POLICY Effective Date: September 1, 2016 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (A TIPP Act) public bodies
More informationChapter 9 Legal Aspects of Health Information Management
Chapter 9 Legal Aspects of Health Information Management EXERCISE 9-1 Legal and Regulatory Terms 1. T 2. F 3. F 4. F 5. F EXERCISE 9-2 Maintaining the Patient Record in the Normal Course of Business 1.
More information2018 Employee HIPAA Orientation (EHO) Handbook
2018 Employee HIPAA Orientation (EHO) Handbook Using EHO The material in this booklet is designed to provide newly hired employees with an understanding of HIPAA s regulations and their impact on the employee
More informationWHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004
Rev. 1/22/2010 HIPAA TRAINING WHAT IS HIPAA? Health Insurance Portability and Accountability Act HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004
More informationPrivacy and Security Training for Connecting Ontario. PACE Cardiology April, 2017
Privacy and Security Training for Connecting Ontario PACE Cardiology April, 2017 Session Goals By the end of this session you will: Review key elements of privacy protection Know your privacy obligations
More informationDO ASK BUT DON T TELL HIPAA PRIVACY RULE
DO ASK BUT DON T TELL HIPAA PRIVACY RULE HITECH/OMNIBUS FINAL RULE HIPAA enacted in 1996; compliance required April 14, 2003 for the Privacy Rule and April 21, 2005 for the Security Rule surrounding electronic
More informationFCSRMC 2017 HIPAA PRESENTATION
FCSRMC 2017 HIPAA PRESENTATION BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international
More informationPatient Privacy Requirements Beyond HIPAA
Patient Privacy Requirements Beyond HIPAA Jane Hyatt Thorpe, J.D. School of Public Health and Health Services George Washington University Carrie Bill, J.D. Feldesman Tucker Leifer Fidell LLP The George
More informationHIPAA Education Program
HIPAA Education Program 2017-2018 Assurance and Compliance Services HIPAA Training Requirement This HIPAA Training Program is intended for and will satisfy the training requirement for the: Mount Sinai
More informationValley Regional Medical Center HIPAA AND HITECH EDUCATION
Valley Regional Medical Center HIPAA AND HITECH EDUCATION Privacy and Security of Protected Health Information 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act
More informationEast Carolina University 2010 Annual HIPAA Privacy Training
East Carolina University 2010 Annual HIPAA Privacy Training What are the HIPAA Privacy and Security Rules? Federal laws that govern the use and disclosure of health information of our patients and research
More informationThe University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office
The University of Toledo Corporate Compliance and HIPAA Training Presented by: The Compliance and Privacy Office Topics Compliance HIPAA (Health Insurance Portability and Accountability Act) FERPA( Family
More informationHIPAA Privacy Rule. Best PHI Privacy Practices
HIPAA Privacy Rule Best PHI Privacy Practices Learning Objectives Define the acronym HIPAA. Understand your role and responsibilities under the privacy regulations. Know what patient s rights are in terms
More informationHIPAA THE PRIVACY RULE
HIPAA THE PRIVACY RULE Reviewed December 2012 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail. 2 HISTORY Many
More informationHealth Insurance Portability and Accountability Act (HIPAA)
HIPPA Review Health Insurance Portability and Accountability Act (HIPAA) What is HIPAA: Stands for Health Insurance Portability and Accountability Act Addresses three areas: 1. Insurance portability 2.
More informationPRIVACY BREACH GUIDELINES
PRIVACY BREACH GUIDELINES Purpose The may provide some guidance to government institutions, local authorities, and health information trustees (hereinafter Organizations) in Saskatchewan when a privacy
More informationBreach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook
Breach Reporting and Safeguarding PHI Outpatient Services August, 2012 UAMS HIPAA Office Anita Westbrook Breaches and Breach Reporting Real Life Example An employee of a large hospital accidentally left
More informationPrivacy and Security Orientation for Visiting Observers. DUHS Compliance Office
Privacy and Security Orientation for Visiting Observers DUHS Compliance Office 919-668-2573 compliance@dm.duke.edu Introduction This orientation is to provide new Visiting Observers with the HIPAA Privacy
More informationTitle: HIPAA PRIVACY ADMINISTRATIVE
Administrative-HIPAA Privacy Title: HIPAA PRIVACY ADMINISTRATIVE Scope: All MultiCare Health System (MHS) workforce members, which includes but not limited to, employees, residents, students, volunteers
More informationHealth Insurance Portability and Accountability Act. Awareness Training for Volunteers
Health Insurance Portability and Accountability Act Awareness Training for Volunteers Southeastern Health Southeastern Health has a strong tradition of protecting the privacy of patient information. Confidentiality
More informationReporting a Privacy Breach to the Commissioner
SEPTEMBER 2017 Reporting a Privacy Breach to the Commissioner GUIDELINES FOR THE HEALTH SECTOR To strengthen the privacy protection of personal health information, the Ontario government has amended the
More informationStudy Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
PP-501.00 SOP For Safeguarding Protected Health Information Effective date of version: 01 April 2012 Study Management PP 501.00 STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information
More informationWhat is Social Networking?
Social Networking 9/25/2012 1 What is Social Networking? Blogging type of website maintained by an individual with regular entries of commentary, description of events or other material such as graphics
More informationWhat is Social Networking?
Social Networking 9/25/2012 1 What is Social Networking? Blogging type of website maintained by an individual with regular entries of commentary, description of events or other material such as graphics
More informationPiedmont Healthcare, Inc. Code of Conduct
Piedmont Healthcare, Inc. Code of Conduct You are part of the Piedmont Healthcare family, a group of talented and dedicated people who take pride in what you do and are committed to our patients and our
More informationWRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS
WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS Jeffrey Staton Attorney at Law Legal Aid Society of Louisville 416 W. Muhammad Ali Blvd., Ste. 300 Louisville, KY 40202 Phone: 502.614.3146 Jstaton@laslou.org
More informationWhat to do When Faced With a Privacy Breach: Guidelines for the Health Sector. ANN CAVOUKIAN, Ph.D. COMMISSIONER
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, Ph.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER OF ONTARIO Table of Contents What is a privacy breach?...1
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES 1 Effective Date: April 14, 2003 Revision Date: September 23, 2013 Revision Date: January 17, 2018 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
More informationNavigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections
Navigating HIPAA Regulations Michelle C. Stickler, DEd Director, Research Subjects Protections mcstickler@vcu.edu 828-0131 Key Definitions Covered Entity: Organization that handles identifiable health
More informationHIPAA Privacy & Security Training
HIPAA Privacy & Security Training for Clinicians Introduction As a clinician at Duke Medicine, you have direct access to patients and patient information and a legal and ethical obligation to protect patient
More informationWhat is your start date? (Date in which you plan to begin seeing patients in the hospital). Specialty SECTION I. IDENTIFICATION DATA
This Application is for Non-employed Clinical Assistants (RN, dental assistant, orthotist, etc) who wish to assist a supervising physician at one or more of our facilities. Advanced Practice Nurses (CRNA,
More informationPERSONALLY IDENTIFIABLE INFORMATON (PII)
PERSONALLY IDENTIFIABLE INFORMATON (PII) 1 PII - REFERENCES DOD 5400.11-R, DoD Privacy Act Program, May 07 OSD Memo, Subj: Safeguarding Against and Responding to the Breach of Personally Identifiable Information,
More informationCompliance & Privacy For Teammates
Carolinas HealthCare System 2014 Annual Continuing Education Module Compliance & Privacy For Teammates This self-directed learning module contains information all Carolinas HealthCare System Teammates
More informationSystem Office New Hire Orientation
System Office New Hire Orientation Integrity & Compliance Program Jennifer Munro, MA 2, CHC Manager, Integrity & Compliance Education, Communication & Hotline System Integrity & Audit Services munrojl@trinity-health.org
More informationCompliance Program Code of Conduct
City and County of San Francisco Department of Public Health Compliance Program Code of Conduct Purpose of our Code of Conduct The Department of Public Health of the City and County of San Francisco is
More informationINFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS
INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS The purpose of this brochure is to provide you with a brief orientation to Children s Mercy Hospitals and Clinics. It provides important information
More informationHIPAA & PRIVACY TRAINING FOR HEALTH PROFESSIONALS: Part 1 Denise M. Hill, JD, MPA
HIPAA & PRIVACY TRAINING FOR HEALTH PROFESSIONALS: Part 1 Denise M. Hill, JD, MPA 2016 Denise M. Hill & CEI, Photos used Creative Commons. Disclosure & Disclaimer DISCLOSURE Denise Hill reports no actual
More informationCompliance & Privacy For Teammates
Carolinas HealthCare System 2015 Annual Continuing Education Module Compliance & Privacy For Teammates This self-directed learning module contains information all Carolinas HealthCare System Teammates
More informationResident/Fellow Training Orientation Policies
Resident/Fellow Training Orientation Policies Restraint or Seclusion: Violent Behavior Prevention and Reporting of Patient Abuse Blood Component Indications & Critical Tests HIPAA Privacy and Security
More informationHealth Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living
Health Information Exchange 101 Your Introduction to HIE and It s Relevance to Senior Living Objectives for Today Provide an introduction to Health Information Exchange Define a Health Information Exchange
More informationHIPAA Privacy & Security Training
HIPAA Privacy & Security Training for Nonclinicians Introduction As a Duke Medicine workforce member you may have access to patients and patient information and you have a legal and ethical obligation
More informationNOTICE OF PRIVACY PRACTICES
Our Responsibilities Notice of Privacy Practices - Page 1 NOTICE OF PRIVACY PRACTICES Our Responsibilities. Your Information. Your Rights. This Notice of Privacy Practices ( Notice ) explains how University
More informationHIPAA Privacy Policies & Procedures Table of Contents
HIPAA POCKET GUIDE HIPAA Privacy Policies & Procedures Table of Contents I. Clinical Policies A. Accounting of Disclosures..Pg 6 B. De-Identification of Information..Pg 7 C. Facility Directory...Pg 7
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES Effective Date: 2013 Wisconsin Dental Association (800) 243-4675 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
More informationSafeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015
Safeguarding PHI Nutrition Services UAMS HIPAA Office May 2015 HIPAA (not HIPPA) What is HIPAA? The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security
More informationHIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology
HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology Publish Date: 1/2/2018 This guide has been created to serve Vail Aspen Breckenridge
More informationINCOMPLETE APPLICATIONS WILL NOT BE PROCESSED
Dear Applicant: Enclosed in this reappointment application for membership to the Guadalupe Regional Medical Center (GRMC) Allied Health Professionals Staff, you will find the following. Allied Health Professional
More informationMethodist Le Bonheur Healthcare Corporate Compliance and HIPAA New Associate Training
Methodist Le Bonheur Healthcare Corporate Compliance and HIPAA New Associate Training All new Methodist Le Bonheur Healthcare (MLH) Associates must complete this compliance training. It includes information
More informationPROTECTING PATIENT PRIVACY IS NOT ONLY
HIPAA POCKET GUIDE HIPAA Privacy Policies & Procedures Table of Contents I. Clinical Policies A. Accounting of Disclosures...Pg 6 B. De-Identification of Information...Pg 7 C. Facility Directory...Pg
More informationHCCA Institute Privacy Officer Round Table Discussion
HCCA Institute Privacy Officer Round Table Discussion Marti Arvin Deann Baker Why We re Here X A facilitated discussion of current issues that Privacy Professionals are dealing with in their day-to-day
More informationWilliamson County EMS (WCEMS) HIPAA Training for Third Out Riders
Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders Training Statement: This training program is designed to educate you on WCEMS legal requirements to protect our patients rights and confidentiality,
More informationMembership Application February 2013
Membership Application February 2013 DATE: PERSONAL INFORMATION Last Name: First Name: MI: of Birth: Social Security Number: CONTACT INFORMATION Street Name: Apt/Suite City State Zip Code Mailing Address
More informationHIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance
HIPAA Health Insurance Portability and Accountability Act Presented by the UMMC Office of Integrity and Compliance Rules and Regulations to ensure Privacy Set Federally recognized standards to ensure both
More information2514 Stenson Dr Cedar Park TX Fax
HIPAA QUESTIONS LESSON 2 1. Civil monetary penalties can be as high as: a. $100 b. $1,000 c. $10,000 d. $50,000 2. Civil penalties for HIPAA violations apply to: a. Covered entities b. Business associates
More informationA self-assessment for GxP and HIPAA concerns
WHITE PAPER IS YOUR ORGANIZATION AT RISK? A self-assessment for GxP and HIPAA concerns MDDX RESEARCH & INFORMATICS 58 California St, Floor 6 San Francisco, California 9 T (8) -MDDX F (866) 8-696 info@mddx.com
More informationCompliance and Privacy/Security Training Academic Year
Compliance and Privacy/Security Training Academic Year 2017-18 Dear Student, Welcome to UConn Health. This training packet includes a general overview of compliance principles, UConn Health s Compliance
More informationHIPAA Breach Policy & Procedures Handbook
HIPAA Breach Policy & Procedures Handbook TABLE OF CONTENTS PART 1: POLICY... 5 I. Introduction... 6 Purpose... 6 Rationale... 6 Policy Statement... 6 Scope... 7 Definitions... 7 EXCEPTIONS... 7 II. Responsibility...
More informationSection: Medical Staff Office Page: 1 of 2
Section: Medical Staff Office Page: 1 of 2 Subject: Job Shadowers and Observers Not Covered Under Clinical Affiliation Agreement Executive Owner: Chief Medical Officer Original Policy: 6/4/13 Current Effective
More informationSTAFFING AGENCY ADMINISTRATIVE POLICIES AND PROCEDURES
STAFFING AGENCY ADMINISTRATIVE POLICIES AND PROCEDURES WELCOME TO NEW SOLUTIONS STAFFING! We appreciate your visit with us today and would like to outline what will take place while you are here. You will
More informationFailure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.
HIPAA Privacy Procedure #1 Effective Date: April 14. 2003 Reviewed Date: February, 2011 Accountabilities for Compliance to HIPAA Privacy Revised Date: February, 2011 Rules Scope: Radiation Oncology ************************************************************************************************
More informationChapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)
Health Insurance Portability and Accountability Act (HIPAA) of 1996 Chapter 19 Section 3 1.0 BACKGROUND AND APPLICABILITY 1.1 The contractor shall comply with the provisions of the Health Insurance Portability
More informationHIPAA Notice of Privacy Practices
HIPAA Notice of Privacy Practices Georgia Mountains Hospice understands that your health information is highly personal and we are committed to safeguarding your privacy. Please read this Notice of Privacy
More informationNotice of Privacy Practices for Protected Health Information (PHI)
Notice of Privacy Practices for Protected Health Information (PHI) Dermatology Associates of Colorado, PC THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationPrivacy & Security: What You Need to Know
Privacy & Security: What You Need to Know DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationPRIVACY BREACH MANAGEMENT GUIDELINES. Ministry of Justice Access and Privacy Branch
Ministry of Justice Access and Privacy Branch December 2015 Table of Contents December 2015 What is a privacy breach? 3 Preventing privacy breaches 3 Responding to privacy breaches 4 Step 1 Contain the
More informationHIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?
DIRECTIONS HIPAA Privacy/Security Personal Privacy 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings on the Intranet home page 3. Click on the
More informationYale University. HIPAA PRIVACY FAQs
HIPAA PRIVACY FAQs Table of Contents I. PRIVACY FUNDAMENTALS I- 4 WHAT IS HIPAA? WHAT IS HITECH? WHO NEEDS TO ABIDE BY HIPAA? ARE THERE PENALTIES FOR NOT COMPLYING? WHAT IS PHI? WHAT IDENTIFIES AN INDIVIDUAL?
More informationNotice of Privacy Practices
Notice of Privacy Practices Effective September 23, 2013 TCHC.org An equal opportunity employer and provider. CLINICS Baxter Bertha Henning Ottertail Sebeka Verndale Wadena HOSPITAL Wadena 415 Jefferson
More informationHealthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation
Healthcare Privacy Officer on Evaluating Breach Incidents A look at tools and processes for monitoring compliance and preserving your reputation June 20, 2012 ID Experts Webinar www.idexpertscorp.com Mahmood
More informationI. PURPOSE DEFINITIONS. Page 1 of 5
Policy Title: Computer, E-mail and Mobile Computing Device Use Accreditation Reference: Effective Date: October 15, 2014 Review Date: Supercedes: Policy Number: 4.31 Pages: 1.5.9 Attachments: October 15,
More informationNOTICE OF PRIVACY PRACTICES
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. WHY ARE YOU GETTING
More informationA Deep Dive into the Privacy Landscape
A Deep Dive into the Privacy Landscape David Goodis Assistant Commissioner Information and Privacy Commissioner of Ontario Canadian Institute Advertising & Marketing Law January 22, 2018 Who is the Information
More informationFEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA
FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA LEGAL CITATION California Civil Code Section 1798.82 California Health and Safety (H&S) Code Section 1280.15 42 U.S.C. Section 17932; 45 C.F.R.
More informationTechnology Standards of Practice
2016 Technology Standards of Practice Used with permission from the Association of Social Work Boards (2016) Table of Contents Technology Standards of Practice 2 Definitions 2 Section 1 Practitioner Competence
More informationSt. Jude Children s Research Hospital. Code of Conduct
1 St. Jude Children s Research Hospital Code of Conduct 2 Dear Colleague: As a global leader in the research and treatment of pediatric catastrophic diseases, St. Jude Children s Research Hospital has
More informationDavid Behinfar, JD, LLM, CHC, CIPP University of Florida College of Medicine Jacksonville UF Privacy Manager (904)
David Behinfar, JD, LLM, CHC, CIPP University of Florida College of Medicine Jacksonville UF Privacy Manager (904) 244 6229 david.behinfar@jax.ufl.edu 1 Presentation Summary High level Summary of the federal
More information