Privacy and Security Compliance: The. Date Presenter Name of Member Organization

Size: px
Start display at page:

Download "Privacy and Security Compliance: The. Date Presenter Name of Member Organization"

Transcription

1 Privacy and Security Compliance: The Basics Date Presenter Name of Member Organization

2 Privacy and Security Compliance: The Context for What We Do Privacy and Security compliance within (your office) is grounded in Mission, Core Values, and Standards of Conduct. Respect Justice Compassion Excellence Stewardship Supporting Right Relationships We support each other; we are all accountable; we are continuous learners It can take a life-time to gain a person s trust but only a moment to lose it. 2

3 Expected Behaviors Comply with policies regarding appropriate access of patient information, in keeping with federal and state regulations and Trinity Health policy. Know your accountability under the Confidentiality and Network Access Agreement. Know how to appropriately use and disclose patient and business sensitive information. Demonstrate awareness of privacy compliance regulations related to the discussion of patient care activity within/outside the clinical care setting. 3

4 Expected Behaviors Know the appropriate ways to send patient or business sensitive information, including: - securing s sent outside Trinity network - verifying fax numbers and retrieving mis-directed faxes - appropriately labeling in-house and outside mail Follow designated procedures for appropriate disposal of paper and plastic containing PHI 4

5 Expected Behaviors Follow appropriate security safeguard practices, regarding: Passwords and log-in Identity badges and access codes Mobile devices and documents containing patient or business sensitive information Demonstrate appropriate use of social networking (Face Book,Texting,Twitter, You Tube, etc.): Your patient care and/or business-sensitive information is NOT to be discussed on social network sites. Demonstrate respect for the dignity of patients and families at all times. 5

6 Accountability under Confidentiality and Network Access Agreement Confidentiality and Network Access Agreement - A confidentiality agreement requires that all Workforce Members who need routine access to PHI or business-sensitive information read, sign and abide by the terms and conditions set forth in the Agreement - Violation of any part of the Agreement is subject to corrective action, up to and including termination of employment, as well a civil sanctions and/or criminal penalties 6

7 What is Protected Health Information (PHI)? PHI is information that: Identifies an individual Relates to the individual s health, health care treatment, or health care payment Is maintained or disclosed Electronically On paper Orally 7

8 What is identifiable PHI? PHI is considered to be identifiable if it contains any of the following specific identifiers of the individual and his/her relatives, employers, or household members, including: - Names - Account # - Street Address - Certificate/License # - Dates (birth, DOS) - Vehicle ID - Telephone/Fax - Device ID - - URLs - SS # - IP Address - MR # - Full face/biometric ID - Health plan # - Any unique identifier - Diagnosis - Procedures - Medications - Physician name & specialty - Location of Service (e.g., FMC, CCC, ICU) - Service Type (e.g., radiology, in-patient) -Test Results - Amount charged and paid 8

9 Appropriate Use and Disclosure of PHI Use of PHI means the sharing, using, analysis, and/or examination of PHI internally (i.e., within your office s internal operation). Disclosure of PHI means the release, transfer, provision of, or access to PHI externally (i.e., outside your office s internal operation.) HIPAA protects PHI that is: Spoken or recorded in any form or medium Relates to the past, present, or future physical or mental health of an individual Relates to the provision of health care to an individual Relates to the past, present, or future payment for provision of health care to an individual 9

10 PHI and Incidental Disclosure Incidental disclosure is secondary use or disclosure that: is limited in nature can not reasonably be prevented occurs as a result of another use or disclosure that is permitted by the Privacy Rule For example, some patient information may be seen or overheard incidentally in a clinical setting (E.g., ED, registration area, lab areas, waiting rooms, nurses station). While this type of disclosure may be secondary or unavoidable, every effort must be made to limit and control the amount of patient information that is visible or able to be overheard in and around patient care areas. E.g., Close doors Draw privacy curtains Keep voice at appropriate level Avoid discussions in hallways, outside patient bays, outside patient rooms, and around the nurses station if at all possible Avoid using patient names, if possible Avoid answering pages/calls in public places if at all possible Use password protection for computers that contain PHI Use locked bins when disposing of paper that contains PHI 10

11 PHI and Inappropriate Disclosure Inappropriate disclosure of PHI or business sensitive information includes social networks sites such as Face Book, My Space, You Tube; twittering; texting; and blog sites. These sites are unencrypted. Work-related comments posted on these sites can put the patient, [your office) and the employee at great risk. Even if you have a business/clinical reason for disclosing patient information, you should not share patient information using methods that are not Trinity Health approved E.g., Using your personal or cell phone to send/text patient care or business related information Caution: Remember that, in rare cases, inappropriate disclosure of even one PHI item could be considered a privacy breach. E.g., you may have a patient with a very unusual diagnosis. Referring to the patient only in terms of the diagnosis, without using the patient s name or location in the facility, potentially could be enough to identify that patient and constitute a privacy breach. 11

12 Discussion of Patient Information NEVER ASSUME: Just because a patient has someone with them a family member, a friend, a neighbor, a ride health care providers, including physicians, may not assume that it s okay to discuss the patient s situation with that person, or speak with the patient in front of that person. Verify with the patient that it s okay to discuss his/her case/treatment with the relative or friend (assuming the patient is conscious and competent.) Indicate to family/visitors that you need to discuss care issues with the patient in private and politely ask them to step out. (This gives patients the opportunity to say it s okay for the people to stay without putting them in an awkward position of having to ask the person to leave if they want a private conversation.) RESTRICTIONS: Patients have a right to restrict persons with whom you can share their patient information. PUBLIC SPACES: Discussions about patients should not take place in major hallways, stairwells, elevators, cafeteria, lobbies, or any general public place. SOCIAL NETWORKS: Discussions about patients and/or your work-related activity should not be posted on your Face Book page or by way of other social networking. STATUS REPORTS: Physicians or other staff who report patient status to families - may need a friendly reminder that, if at all possible, they should avoid discussing the outcome of procedures with patients or patient representatives in public places (waiting rooms, hallways, doorways of patient rooms). If there is no private place available, politely remind them to try and find a corner away from other people and keep their voices at a moderate level. 12

13 Discussion of Patient Information (Scenario) [Consider inserting a reference to a key privacy practice or procedure at your office that works well, or present an example of a incident/investigation at your office that came out well or not ] 13

14 Minimum Necessary: The Information You Need to Do Your Job Minimum Necessary limits the amount of information that is accessed, used, disclosed or requested to: The amount of patient information you need to carry out your job responsibilities ( need to know ) The amount of information a requesting party needs to carry out their job responsibilities, E.g. Law enforcement asks you for information related to a patient in ICU who was involved in a shooting incident; A long term care facility asks for a copy of the chart of a patient in rehab who is being transferred to their facility; A physician office asks for a copy of the chart of a patient who has been referred to their office for a consult. Each of these requests is legitimate but the amount of information you may disclose in each instance may vary. Note that Minimum Necessary limitations do not apply to treatment. Follow (your office) procedures and/or check with [name of your privacy officer or office manager] if you have questions or concerns about Minimum Necessary and appropriate access of patient information. 14

15 Minimum Necessary and Inappropriate Access Accessing patient information if you do not have a legitimate treatment/business need to do so can be both a privacy and security violation. Such inappropriate access includes: Accessing PHI of family, friends, or your personal PHI; Accessing and/or sharing patient information about coworkers out of care, curiosity or concern; Accessing information on VIPs or high profile patients even if their information is discussed in the news media. Accessing patient information that you do not need to do your job is a violation of Minimum Necessary and considered to be inappropriate access. Violation of Minimum Necessary may involve disciplinary action up to and including termination of employment. 15

16 Disposal of Patient/Business Information Disposal of Paper/Plastic Containing PHI or Business Sensitive Information - All confidential paper and plastic should be put in the appropriate confidential trash bins. [Insert information on where your confidential trash bins are and any other pertinent information about disposing of confidential paper/plastic at your office.] 16

17 Security Safeguards Workforce Members must comply with Trinity Health Enterprise Wide Security polices related to use of passwords, log-on/off, screen savers, access to records, role-based access and related security procedures. Workforce Members must abide by the (Trinity) Confidentiality and Network Access Agreement that addresses access to and use of Trinity Health network/information system and patient and business sensitive information. 17

18 Security Safeguards Passwords All passwords must be kept confidential: - NEVER share your password - NEVER post your password in public view - NEVER use someone else s password to log-in Access Codes/Security Badges - Use access codes only for work purposes - Never share an access code/your badge - Make sure doors are secure - Do not let people into a unit/building with your access code/badge 18

19 Security Safeguards Faxes Mail All faxes of patient information must contain a cover sheet and be filed in the patient s chart. Mis-directed faxes should be retrieved as soon as possible Verify, verify, verify the fax number/receipt of fax Fax machines, printers, copy machines should be out of public view When sending mail containing PHI through interoffice mail, remember to place the document in a secure envelope and clearly label it as to the sender and the recipient 19

20 Security Safeguards Mobile devices When transporting laptops, reports with patient information, documents containing business sensitive information protect the item as you would your wallet. Laptops should be locked in your car trunk if you have to leave your car. When in your home, they should be kept in a secure place. Secure mobile devices, digital cameras, in a locked office or cabinet in your unit/department when not in use. 20

21 Reporting Incidents, Complaints or Concerns Associates are required to report concerns they may have about potential privacy and security violations to their manager/supervisor, Privacy or Information Security Officials. [Insert names and contact information of appropriate persons in your office. 21

22 Civil and Criminal Penalties It s important to keep in mind that privacy and security violation may include civil and criminal penalties. There are frequently examples in the media Individuals (e.g., associates, physicians, Business Associate employees) who wrongfully disclose patient information can be prosecuted and potentially face jail time and monetary fines. Civil penalties can be applied to organizations and/or individuals and can range from $100-$50,000 per violation Criminal penalties can also be applied to individuals 22

23 Take Away If you remember nothing else from this presentation, remember these key points: The little things you do to protect patient information really do matter. Most privacy incidents are not the result of malicious intent. They result from associates with good intentions forgetting where the (sometimes gray) line between work and personal life begins and ends. When in doubt about accessing, using, or disclosing patient information ask you supervisor or privacy official for guidance. It s not OK to access patient information, your own or someone else's (whether you know them of not) out of care, curiosity or concern. You need a business or clinical reason to access patient information. Contact [insert name of your Privacy Official] or your supervisor when you have a concern about patient privacy or how information should be handled and protected in your department. 23

Privacy and Security For Teammates

Privacy and Security For Teammates Privacy and Security For Teammates This self-directed learning module contains information all CRHS Teammates are expected to know in order to protect our patients, our guests, and ourselves. Target Audience:

More information

MCCP Online Orientation

MCCP Online Orientation 1 Objectives At the conclusion of this presentation, students will be able to: Discuss application of HIPAA to student s role. Describe the federal requirements of the HIPAA/HITECH regulations that protect

More information

HIPAA Training

HIPAA Training 2011-2012 HIPAA Training New Hire Orientation and General Training 1 This training is to ensure all Health Management workforce members (associates, contracted individuals, volunteers and students) understand

More information

HIPAA PRIVACY TRAINING

HIPAA PRIVACY TRAINING HIPAA PRIVACY TRAINING HIPAA Privacy Training Objective Present a general overview of HIPAA and define important terms Understand the purpose of HIPAA and the Privacy Rule Understand the term Protected

More information

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

Student Orientation: HIPAA Health Insurance Portability & Accountability Act _ Student Orientation: HIPAA Health Insurance Portability & Accountability Act HIPAA: National Privacy Law History of HIPAA What was once an ethical responsibility to protect a patient s privacy is now

More information

HIPAA Privacy Training for Non-Clinical Workforce

HIPAA Privacy Training for Non-Clinical Workforce Office of Compliance Programs HIPAA Privacy Training for Non-Clinical Workforce Revised: January 24, 2017 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA)

More information

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996 HIPAA Health Insurance Portability and Accountability Act of 1996 Protected Health Information (PHI) Covers patient information in any form written, verbal, or electronic PHI Includes Any information that

More information

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996 Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

System Office New Hire Orientation

System Office New Hire Orientation System Office New Hire Orientation Integrity & Compliance Program Jennifer Munro, MA 2, CHC Manager, Integrity & Compliance Education, Communication & Hotline System Integrity & Audit Services munrojl@trinity-health.org

More information

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers Health Insurance Portability and Accountability Act Awareness Training for Volunteers Southeastern Health Southeastern Health has a strong tradition of protecting the privacy of patient information. Confidentiality

More information

HIPAA and HITECH: Privacy and Security of Protected Health Information

HIPAA and HITECH: Privacy and Security of Protected Health Information HIPAA and HITECH: Privacy and Security of Protected Health Information What is HIPAA? Health Insurance Portability and Accountability Act of 1996 A federal law enacted to: Protect the privacy of a patient

More information

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook HIPAA and Social Media and other PHI Safeguards Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook Social Networking Let s Talk Facebook More than 750 million users Average user has 130

More information

Advanced HIPAA Communications and University Relations

Advanced HIPAA Communications and University Relations Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability

More information

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance HIPAA Health Insurance Portability and Accountability Act Presented by the UMMC Office of Integrity and Compliance Rules and Regulations to ensure Privacy Set Federally recognized standards to ensure both

More information

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004 Rev. 1/22/2010 HIPAA TRAINING WHAT IS HIPAA? Health Insurance Portability and Accountability Act HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

More information

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015 Safeguarding PHI Nutrition Services UAMS HIPAA Office May 2015 HIPAA (not HIPPA) What is HIPAA? The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security

More information

Protecting Patient Privacy It s Everyone s Responsibility

Protecting Patient Privacy It s Everyone s Responsibility 1 of 27 Protecting Patient Privacy It s Everyone s Responsibility This presentation is comprised of 27 screens. When you have finished reading a screen, click your mouse to continue to the next screen.

More information

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) HIPPA Review Health Insurance Portability and Accountability Act (HIPAA) What is HIPAA: Stands for Health Insurance Portability and Accountability Act Addresses three areas: 1. Insurance portability 2.

More information

Breach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook

Breach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook Breach Reporting and Safeguarding PHI Outpatient Services August, 2012 UAMS HIPAA Office Anita Westbrook Breaches and Breach Reporting Real Life Example An employee of a large hospital accidentally left

More information

HIPAA Privacy Rule. Best PHI Privacy Practices

HIPAA Privacy Rule. Best PHI Privacy Practices HIPAA Privacy Rule Best PHI Privacy Practices Learning Objectives Define the acronym HIPAA. Understand your role and responsibilities under the privacy regulations. Know what patient s rights are in terms

More information

Health Information Privacy Policies and Procedures

Health Information Privacy Policies and Procedures University of the Pacific Arthur A. Dugoni School of Dentistry Health Information Privacy Policies and s These Health Information Privacy Policies & s implement our obligations to protect the privacy of

More information

HIPAA 201: Student Self-Learning Module & Test

HIPAA 201: Student Self-Learning Module & Test HIPAA 201: Student Self-Learning Module & Test Information: This self-learning module meets the HIPAA 201 competency for Students. This requirement must be met once (it is not an annual requirement). Instructions:

More information

Information Privacy and Security

Information Privacy and Security Information Privacy and Security 2015 Purpose of HIPAA HIPAA stands for the Health Insurance Portability and Accountability Act. Its purpose is to establish nationwide protection of patient confidentiality,

More information

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office The University of Toledo Corporate Compliance and HIPAA Training Presented by: The Compliance and Privacy Office Topics Compliance HIPAA (Health Insurance Portability and Accountability Act) FERPA( Family

More information

The Privacy & Security of Protected Health Information

The Privacy & Security of Protected Health Information The Privacy & Security of Protected Health Information By the end of this course, you should: Be familiar with the patient s rights to privacy under HIPAA Privacy Act Be able to identify Protected Health

More information

VHA Privacy Policy Training FY VHA Privacy Office

VHA Privacy Policy Training FY VHA Privacy Office VHA Privacy Policy Training Applicable Confidentiality Statutes and Regulations The following legal provisions govern the collection, use, maintenance, and disclosure of information from VHA records. The

More information

HIPAA Education Program

HIPAA Education Program HIPAA Education Program 2017-2018 Assurance and Compliance Services HIPAA Training Requirement This HIPAA Training Program is intended for and will satisfy the training requirement for the: Mount Sinai

More information

Compliance & Privacy For Teammates

Compliance & Privacy For Teammates Carolinas HealthCare System 2015 Annual Continuing Education Module Compliance & Privacy For Teammates This self-directed learning module contains information all Carolinas HealthCare System Teammates

More information

Compliance & Privacy For Teammates

Compliance & Privacy For Teammates Carolinas HealthCare System 2014 Annual Continuing Education Module Compliance & Privacy For Teammates This self-directed learning module contains information all Carolinas HealthCare System Teammates

More information

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations. HIPAA Privacy Procedure #1 Effective Date: April 14. 2003 Reviewed Date: February, 2011 Accountabilities for Compliance to HIPAA Privacy Revised Date: February, 2011 Rules Scope: Radiation Oncology ************************************************************************************************

More information

Compliance Program, Code of Conduct, and HIPAA

Compliance Program, Code of Conduct, and HIPAA Compliance Program, Code of Conduct, and HIPAA Agenda Introduction to Compliance The Compliance Program Code of Conduct Reporting Concerns HIPAA Why have a Compliance Program Procedures to follow applicable

More information

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY Page Number 1 of 8 TITLE: PURPOSE: USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY To assure that individually identifiable health information contained in any University Health

More information

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information PP-501.00 SOP For Safeguarding Protected Health Information Effective date of version: 01 April 2012 Study Management PP 501.00 STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

More information

QUESTIONS. Print Student s/faculty Name: Date of Test Completion: Site of Experience: School/University: Semester:

QUESTIONS. Print Student s/faculty Name: Date of Test Completion: Site of Experience: School/University: Semester: 2017 - QUESTIONS Print Student s/faculty Name: Date of Test Completion: Site of Experience: School/University: Semester: Instructions: Read each question, write an answer on space provided, and return

More information

A general review of HIPAA standards and privacy practices 2016

A general review of HIPAA standards and privacy practices 2016 A general review of HIPAA standards and privacy practices 2016 45 CFR, 164 Health Insurance Portability and Accountability Act Treatment, Payment and Healthcare Operations 42 CFR, Part 2, Confidentiality

More information

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

Updated FY15 Dignity Health General Compliance Education for Staff Module 2 Updated FY15 Dignity Health General Compliance Education for Staff Module 2 This course will provide you with important information about the laws and regulations that affect the healthcare industry, our

More information

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office Privacy and Security Orientation for Visiting Observers DUHS Compliance Office 919-668-2573 compliance@dm.duke.edu Introduction This orientation is to provide new Visiting Observers with the HIPAA Privacy

More information

CLINICIAN S GUIDE TO HIPAA PRIVACY

CLINICIAN S GUIDE TO HIPAA PRIVACY CLINICIAN S GUIDE TO HIPAA PRIVACY Introduction... 2 What is HIPAA?... 2 Health Information Privacy... 2 Protected Health Information... 3 Identifiers... 3 HIPAA s Impact on Clinical Practice, Treatment,

More information

HIPAA Privacy & Security Training

HIPAA Privacy & Security Training HIPAA Privacy & Security Training for Nonclinicians Introduction As a Duke Medicine workforce member you may have access to patients and patient information and you have a legal and ethical obligation

More information

ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY

ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY Rev. October 2011 EIV Security Policy Acknowledgment Form By signing this form I acknowledge my receipt of the EIV System Security Policy approved by

More information

Title: HIPAA PRIVACY ADMINISTRATIVE

Title: HIPAA PRIVACY ADMINISTRATIVE Administrative-HIPAA Privacy Title: HIPAA PRIVACY ADMINISTRATIVE Scope: All MultiCare Health System (MHS) workforce members, which includes but not limited to, employees, residents, students, volunteers

More information

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow. Office of Compliance Programs Revised: July 18, 2017 HIPAA Privacy HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all

More information

Valley Regional Medical Center HIPAA AND HITECH EDUCATION

Valley Regional Medical Center HIPAA AND HITECH EDUCATION Valley Regional Medical Center HIPAA AND HITECH EDUCATION Privacy and Security of Protected Health Information 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act

More information

Compliance & Privacy Post Test

Compliance & Privacy Post Test Compliance & Privacy Post Test 1. One of your family members recently had a procedure at the CHS facility where you work. You want to find out the results. What should you do? a. Use your access rights

More information

HIPAA Privacy & Security Training

HIPAA Privacy & Security Training HIPAA Privacy & Security Training for Clinicians Introduction As a clinician at Duke Medicine, you have direct access to patients and patient information and a legal and ethical obligation to protect patient

More information

East Carolina University 2010 Annual HIPAA Privacy Training

East Carolina University 2010 Annual HIPAA Privacy Training East Carolina University 2010 Annual HIPAA Privacy Training What are the HIPAA Privacy and Security Rules? Federal laws that govern the use and disclosure of health information of our patients and research

More information

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? DIRECTIONS HIPAA Privacy/Security Personal Privacy 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings on the Intranet home page 3. Click on the

More information

New Employee Orientation HIPAA Privacy. Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer

New Employee Orientation HIPAA Privacy. Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer Definitions HIPAA Health Insurance Portability and Accountability Act PHI Protected

More information

HIPAA is the Health Insurance Portability and Accountability Act

HIPAA is the Health Insurance Portability and Accountability Act HIPAA is the Health Insurance Portability and Accountability Act It is a federal law that Protects the privacy of a patient s personal and health information Provides for electronic and physical security

More information

Your Role in Protecting Patient Privacy 2018

Your Role in Protecting Patient Privacy 2018 Your Role in Protecting Patient Privacy 2018 1 Training Focus This training will focus on what responsibilities you have in order to ensure that both you and our organization are in compliance with state

More information

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders Training Statement: This training program is designed to educate you on WCEMS legal requirements to protect our patients rights and confidentiality,

More information

HIPAA THE PRIVACY RULE

HIPAA THE PRIVACY RULE HIPAA THE PRIVACY RULE Reviewed December 2012 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail. 2 HISTORY Many

More information

STUDENT VOLUNTEER APPLICATION *Minimum Age for volunteers is 16*

STUDENT VOLUNTEER APPLICATION *Minimum Age for volunteers is 16* STUDENT VOLUNTEER APPLICATION *Minimum Age for volunteers is 16* CONTACT INFORMATION Name: Date: Address: Home Phone: Cell Phone: Email: Over 16? Over 18? EMERGENCY CONTACT INFORMATION Emergency Contact:

More information

Chapter 9 Legal Aspects of Health Information Management

Chapter 9 Legal Aspects of Health Information Management Chapter 9 Legal Aspects of Health Information Management EXERCISE 9-1 Legal and Regulatory Terms 1. T 2. F 3. F 4. F 5. F EXERCISE 9-2 Maintaining the Patient Record in the Normal Course of Business 1.

More information

Protecting PHI for Clinical Staff and Students

Protecting PHI for Clinical Staff and Students Office of Compliance Programs Protecting PHI for Clinical Staff and Students Revised: July 24, 2017 Introduction HIPAA requires that LSUHSC-NO "have in place appropriate administrative, technical, and

More information

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE For the period October 2008 through May 2009 JEREMIAH P. CARROLL II, CPA Audit Director Audit Department 500 S Grand Central Pkwy Ste 5006 PO Box 551120 Las Vegas

More information

HOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA. Fern Tsien, PhD Department of Genetics LSUHSC

HOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA. Fern Tsien, PhD Department of Genetics LSUHSC HOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA Fern Tsien, PhD Department of Genetics LSUHSC Type and Format Check with your mentor if he/she requires a specific format depending on the type

More information

What is Social Networking?

What is Social Networking? Social Networking 9/25/2012 1 What is Social Networking? Blogging type of website maintained by an individual with regular entries of commentary, description of events or other material such as graphics

More information

What is Social Networking?

What is Social Networking? Social Networking 9/25/2012 1 What is Social Networking? Blogging type of website maintained by an individual with regular entries of commentary, description of events or other material such as graphics

More information

OSHA & HIPAA Seminar. Northern Texas Facial & Oral Surgery

OSHA & HIPAA Seminar. Northern Texas Facial & Oral Surgery OSHA & HIPAA Seminar Sponsored By Northern Texas Facial & Oral Surgery April 11, 2014 Power Point Slides For The Course Power Point handout slides are provided for your use during the lecture. Bring these

More information

What is your start date? (Date in which you plan to begin seeing patients in the hospital). Specialty SECTION I. IDENTIFICATION DATA

What is your start date? (Date in which you plan to begin seeing patients in the hospital). Specialty SECTION I. IDENTIFICATION DATA This Application is for Non-employed Clinical Assistants (RN, dental assistant, orthotist, etc) who wish to assist a supervising physician at one or more of our facilities. Advanced Practice Nurses (CRNA,

More information

2018 Employee HIPAA Orientation (EHO) Handbook

2018 Employee HIPAA Orientation (EHO) Handbook 2018 Employee HIPAA Orientation (EHO) Handbook Using EHO The material in this booklet is designed to provide newly hired employees with an understanding of HIPAA s regulations and their impact on the employee

More information

Returning Volunteer Application

Returning Volunteer Application Returning Volunteer Application Office Use Only Application Received Brenda LeBlanc, Volunteer Coordinator 978-683-4000 x2645 Brenda.leblanc@lawrencegeneral.org Welcome! Returning Volunteers, Before returning,

More information

HIPAA Privacy Test Overview

HIPAA Privacy Test Overview HIPAA Privacy Test Overview We have developed a short test as an adjunct to your HIPAA training. The test has 22 questions and should take approximately 10-20 minutes to complete. It may be used in many

More information

Internship Application x2645

Internship Application x2645 Internship Application 978-683-4000 x2645 Office Use Only Application Received Interview Orientation CORI TB1 TB2 Pin # Entered in Volgistics FLU PERSONAL INFORMATION First Name Last Name Street Address

More information

INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS

INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS The purpose of this brochure is to provide you with a brief orientation to Children s Mercy Hospitals and Clinics. It provides important information

More information

REFERENCES: (If applying to assist with religious activities, please include a member of the clergy as a reference.)

REFERENCES: (If applying to assist with religious activities, please include a member of the clergy as a reference.) BRRJA APPLICATION FOR VOLUNTEER SERVICES SITE: AA NA Academic Religious Other DATE: FULL NAME: Last First Middle HOME ADDRESS: Street City State Zip PHONE: Home Cell Work EMAIL ADDRESS: EDUCATION: HS Degree

More information

PROTECTING PATIENT PRIVACY IS NOT ONLY

PROTECTING PATIENT PRIVACY IS NOT ONLY HIPAA POCKET GUIDE HIPAA Privacy Policies & Procedures Table of Contents I. Clinical Policies A. Accounting of Disclosures...Pg 6 B. De-Identification of Information...Pg 7 C. Facility Directory...Pg

More information

Yale University. HIPAA PRIVACY FAQs

Yale University. HIPAA PRIVACY FAQs HIPAA PRIVACY FAQs Table of Contents I. PRIVACY FUNDAMENTALS I- 4 WHAT IS HIPAA? WHAT IS HITECH? WHO NEEDS TO ABIDE BY HIPAA? ARE THERE PENALTIES FOR NOT COMPLYING? WHAT IS PHI? WHAT IDENTIFIES AN INDIVIDUAL?

More information

VCU Health System PatientKeeper Connect. Request Instructions

VCU Health System PatientKeeper Connect. Request Instructions VCU Health System PatientKeeper Connect Request Instructions Remote Clinical User 1. Complete pages 2, 4, and 5. All items are required. 2. Have your Site Supervisor complete and sign page 3. 3. Send forms

More information

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology Publish Date: 1/2/2018 This guide has been created to serve Vail Aspen Breckenridge

More information

Information Sharing and HIPAA Compliance

Information Sharing and HIPAA Compliance Information Sharing and HIPAA Compliance The Health Insurance Portability and Accountability Act (HIPAA) became a federal law in 1996 and it is administered by the Department of Health and Human Services

More information

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION FORM W/H-01 APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION Research for which this form is appropriate generally involves only existing patient records or specimens.

More information

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative

More information

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research LifeBridge Health HIPAA Policy 4 Uses of Protected Health Information for Research This Policy contains the following Sections: I. Policy II. III. IV. Definitions Applicability Procedures A. Individual

More information

FCSRMC 2017 HIPAA PRESENTATION

FCSRMC 2017 HIPAA PRESENTATION FCSRMC 2017 HIPAA PRESENTATION BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international

More information

HIPAA Privacy Policies & Procedures Table of Contents

HIPAA Privacy Policies & Procedures Table of Contents HIPAA POCKET GUIDE HIPAA Privacy Policies & Procedures Table of Contents I. Clinical Policies A. Accounting of Disclosures..Pg 6 B. De-Identification of Information..Pg 7 C. Facility Directory...Pg 7

More information

Accessing HEALTHeLINK

Accessing HEALTHeLINK Accessing HEALTHeLINK HEALTHeLINK can be accessed through the at www.wnyhealthecommunity.com or www.wnylink.com or you will be redirected from your saved link. Enter your and to open

More information

INFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates

INFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates INFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates The purpose of this brochure is to provide you with a brief orientation to Children s Mercy Hospitals and Clinics. It provides

More information

SUMMARY OF NOTICE OF PRIVACY PRACTICES

SUMMARY OF NOTICE OF PRIVACY PRACTICES LAKE REGIONAL MEDICAL GROUP 54 HOSPITAL DRIVE OSAGE BEACH, MO 65065 SUMMARY OF NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU

More information

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice. WELCOME Those of us at Crossroads Counseling want to thank you for choosing to work with us and we want to make your time with us as productive as possible. In order to expedite the intake process, please

More information

Emergency Medical Treatment and Active Labor Act (EMTALA) AUDIT GUIDE

Emergency Medical Treatment and Active Labor Act (EMTALA) AUDIT GUIDE Emergency Medical Treatment and Active Labor Act (EMTALA) AUDIT GUIDE Audit Criteria Audit Date: June 2010 Review: Review policy and procedures for emergency room services. Review of the transfer documentation,

More information

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule HIPAA Privacy and Security HIPAA Privacy Rule Final implementation April 14, 2003 Today: Monitor

More information

Slide 1 WHO IS THE CLIENT? WHO CONTROLS THE RECORD? ETHICS AND HIPAA. Slide 2. Slide 3. The Four As of Ethical Practice

Slide 1 WHO IS THE CLIENT? WHO CONTROLS THE RECORD? ETHICS AND HIPAA. Slide 2. Slide 3. The Four As of Ethical Practice Slide 1 WHO CONTROLS THE RECORD? ETHICS AND HIPAA 22 nd Oklahoma Child Abuse & Neglect Conference Norman, Oklahoma, on September 4, 2014 Dr. Arlene B. Schaefer, Ph.D. Forensic and Clinical Psychology Oklahoma

More information

Compliance and Privacy/Security Training Academic Year

Compliance and Privacy/Security Training Academic Year Compliance and Privacy/Security Training Academic Year 2017-18 Dear Student, Welcome to UConn Health. This training packet includes a general overview of compliance principles, UConn Health s Compliance

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT INSTRUCTIONS Read through this presentation. Submit completed post test to the Portage County MRC Coordinator. Estimated completion time: 1 hour Learning

More information

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA LEGAL CITATION California Civil Code Section 1798.82 California Health and Safety (H&S) Code Section 1280.15 42 U.S.C. Section 17932; 45 C.F.R.

More information

HIPAA Privacy Regulations Governing Research

HIPAA Privacy Regulations Governing Research HIPAA Privacy Regulations Governing Research HIPAA Health Insurance Portability and Accountability Act In a Nutshell The Privacy Regulations govern a provider s use and disclosure of health information

More information

HIPAA Privacy & Security

HIPAA Privacy & Security POWERCHART ACCESS REQUEST FORM Instructions: Complete this form for users who are not employed by St. Dominic-Jackson Memorial Hospital that will access St. Dominic Hospital s electronic health record.

More information

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996 YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA Health Insurance Portability and Accountability Act of 1996 Handbook Table of Contents I. Introduction What is HIPAA? What is PHI? What is a Covered Entity

More information

DESK OPERATIONS COORDINATOR HIRING DOCUMENT

DESK OPERATIONS COORDINATOR HIRING DOCUMENT DESK OPERATIONS COORDINATOR HIRING DOCUMENT 2016-17 HOUSING & RESIDENTIAL EDUCATION MISSION AND VALUES Housing & Residential Education (HRE) creates an environment where students become responsible members

More information

Southwest Acupuncture College /PWFNCFS

Southwest Acupuncture College /PWFNCFS Southwest Acupuncture College /PWFNCFS This replaces policies in the catalogue and any other documents to date. Boulder Santa Fe TABLE OF CONTENTS STATEMENT OF PURPOSE... 1 I. RIGHT TO A NOTICE OF PRIVACY

More information

INVESTIGATION REPORT

INVESTIGATION REPORT Prince Albert Co-operative Health Centre Community Clinic March 27, 2018 Summary: A patient and her spouse attended the Prince Albert Co-operative Health Centre Community Clinic (the Clinic) for lab services

More information

BON SECOURS DEPAUL MEDICAL CENTER

BON SECOURS DEPAUL MEDICAL CENTER BON SECOURS DEPAUL MEDICAL CENTER 150 Kingsley Lane, Norfolk Virginia 23505 Main Number: 757-889-5000 Volunteer Office: 757-889-5340 VOLUNTEER SERVICES Orientation Agenda I. Welcome II. Objective TO BE

More information

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections Navigating HIPAA Regulations Michelle C. Stickler, DEd Director, Research Subjects Protections mcstickler@vcu.edu 828-0131 Key Definitions Covered Entity: Organization that handles identifiable health

More information

Patient Privacy Requirements Beyond HIPAA

Patient Privacy Requirements Beyond HIPAA Patient Privacy Requirements Beyond HIPAA Jane Hyatt Thorpe, J.D. School of Public Health and Health Services George Washington University Carrie Bill, J.D. Feldesman Tucker Leifer Fidell LLP The George

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. WHY ARE YOU GETTING

More information

Social Media IUSM-GME-PO-0031

Social Media IUSM-GME-PO-0031 Social Media IUSM-GME-PO-0031 FULL POLICY CONTENTS Scope Reason for Policy Policy Statement Procedures Definitions ADDITIONAL DETAILS Implementation Oversight Additional Contacts Forms Related Information

More information

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH Helenemarie Blake, Esq. Chief Privacy Officer, Interim Office of HIPAA & Privacy Security August 2016 SCENARIO You are putting a study together

More information

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone (PLEASE PRINT) Emma Warner, MSW, LCSW, ACSW Tulsa, OK 74105 (918) 749-6935 Personal Information Name Address Last Name First Name Initial Home Phone Soc. Sec. # City State Zip Sex M F Age Birthdate Single

More information