HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

Size: px
Start display at page:

Download "HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance"

Transcription

1 HIPAA Health Insurance Portability and Accountability Act Presented by the UMMC Office of Integrity and Compliance

2 Rules and Regulations to ensure Privacy Set Federally recognized standards to ensure both Privacy and Security of patient health information (PHI). Both standards are overseen by the Office of Civil Rights. Within UMMC, standards are enforced by Office of Integrity and Compliance, Privacy Officer Information Systems, Security Officer

3 Policies and Procedures UMMC has created policies and procedures to facilitate compliance with all standards. These are to be followed by employees who come into contact with patient health information. The policies can be found on the UMMC Intranet or by clicking the following link:

4 HIPAA Privacy Standards The Privacy Standards provide for the following: Boundaries for the uses and disclosures of protected health information; The implementation of administrative, technical and physical safeguards to help ensure health information remains confidential; More control of an individual's health information by the individual; and Civil and criminal penalties for violators of the standards. Continue

5 What information is protected by the regulations? The HIPAA Privacy Standards protect individually identifiable health information, which is collectively referred to as protected health information (PHI). Basically, PHI is clinical information, such as an individual s diagnosis, in combination with some type of information that allows you to identify that individual. For instance, a diagnosis on a progress note that contains the patient s name in right hand corner would be considered PHI. PHI can be transmitted or maintained in any form or medium, which includes PHI that is transmitted orally, stored or transmitted on paper and/or electronically. Continue

6 Examples of PHI Some examples of confidential and protected health information: Documentation created by physicians, nurses, and other health care providers and assembled in medical records; Conversations about an individual's care or treatment between health care providers; Information about patients in UMMC s computer system; and Billing information about an individual s health care. Continue

7 Information that can be used to identify a patient can include: Patient s Name; Address or zip code; Month and date of service or other relevant date; Date of Birth; Telephone and/or fax number; address; Social Security Number; Medical Record or patient account numbers; Vehicle identifiers or serial numbers; Health plan beneficiary number; Device identifiers or serial numbers; Biometric identifiers, including finger & voice prints; Full face photographic images or other images; Web Locators (URLs) or Internet Protocol (IP) addresses; Any other unique identifying number, characteristic, or code. Continue

8 Which Disclosures are Allowed Without Authorization? Except for psychotherapy notes, the privacy standards allow UMMC to disclose information without an authorization for the following purposes: To comply with the law, such as reporting communicable diseases to the Mississippi State Department of Health; For the treatment of the individual; To obtain payment for services rendered by UMMC; and/or To carry out the healthcare operations of UMMC. Continue

9 Disclosures Allowed by Law There are many disclosures that UMMC makes because it is required by law and therefore, no authorization is required. Some of these include but are not limited to: Disclosures about victims of child abuse Disclosures for judicial proceedings, such as responding to a subpoena Disclosures for Law Enforcement purposes Continue

10 What is Considered Treatment Under HIPAA? Treatment includes the management of healthcare and related services by one or more healthcare providers, including the coordination with a third party, such as a skilled nursing facility; consultations with other providers; or the referral of a patient from one provider to another. The following are examples of treatment activities: Healthcare staff orally coordinating services at the hospital nursing station. The teaching physician or dental instructor discussing a patient s condition during training rounds. Continue

11 Examples of Treatment Cont A healthcare provider discussing lab test results with a patient or other provider in a joint treatment area. A dentist referring a patient to an orthodontist. Nurses or other health care providers discussing a patient s condition over the phone with the patient, a provider, or a family member. Continue

12 Payment The billing department uses confidential information to bill patients or their insurance companies for the services they receive. Continue

13 What are Healthcare Operations? Healthcare operations are activities that UMMC performs on a day-to-day basis in order to stay in business. Examples of healthcare operations include: Utilization review activities; Compliance activities; Internal auditing activities; Teaching of students; and/or Performance improvement activities Continue

14 Disclosures/Releases with Authorizations Disclosures, other than those previously listed, can be made by UMMC only if the patient signs an authorization. Authorizations, which are sometimes referred to as consents to release, must contain the necessary core elements and statements before the information can be released. Fulfilling an authorization that does not contain the required core elements and statements is a violation of this federal regulation. Only authorized employees can disclose patient information. Continue

15 What YOU Need to Know About HIPAA

16 Several Important Concepts: Concept #1 Need to Know- Only access patient information if you have been assigned some form of responsibility for the patient s care. Share information about patients only with other individuals who have a need to know. Part of protecting our patient s privacy is to ensure that employees access only that information which they need to know in order to perform their job duties. If an employee does not have a valid reason to know a patient s information, they should refrain from accessing it.

17 Need to Know Scenario s Scenario 1: Sue was involved in a car accident and was rushed to the ER. Jane, her best friend, is a nurse on 2 North. She wants to check the EHR portal and make sure Sue is ok. Does Jane have an appropriate need to know? NO. Jane should only access the patient s information if she took a part in the patient s care or was conducting a job activity which required her to look at the patient s information. Scenario 2: Judy watched the local news this morning and saw where a local high school student was involved in an accident and transported to UMC. She just wants to check and make sure the student is ok. She has access to Invision and thinks surely no one will find out. Does Judy have an appropriate need to know? NO. She should only access the information if she has a need to know in order to fulfill her job duties. Also, The Office of Integrity and Compliance monitors access into patient charts. We will find out!!

18 Several Important Concepts Concept #2 Minimum Necessary- It is UMMC policy that each employee use and disclose only that information that is minimally necessary to fulfill a purpose or duty. Only access or view the minimum amount of patient health information necessary to complete your job duties.

19 Minimum Necessary Scenario s Scenario 1: Amy has been asked by one of her co-workers to lend a hand and look up a patients lab results in the portal. Amy notices that the patient has recently been an inpatient on the Psych floor and decides to view the psych notes from the prior visit. Should Amy access the Psych notes? No. Amy should only access the minimum necessary to accomplish her job task, i.e. look up lab results. She should refrain from snooping for additional information.

20 Several Important Concepts Concept #3 Patients Rights- Under HIPAA, patients have several rights related to there PHI. Below is a comprehensive list of those rights. The next slide shows how you should respond to a patient if they have questions pertaining to those rights. Right to access and obtain a copy of there medical record Right to receive an accounting of disclosures The right to request that restrictions be placed on the use of his/her PHI even for the purposes of treatment, payment and healthcare operations Right to file a complaint Right to agree or object to being included in the hospital directory Right to request confidential communications Right to a Notice of Privacy Practices

21 Patient Right Right to access and obtain a copy of there medical record How to handle request Refer requests to Release of Information of the respective area. Right to receive an accounting of disclosures Refer requests to Release of Information of the respective area. The right to request that restrictions be placed on the use of his/her PHI even for the purposes of treatment, payment and healthcare operations Refer requests to the Office of Integrity and Compliance. Right to agree or object to being included in the hospital directory Right to request confidential communications Refer inquires to Registration Refer requests to the Office of Integrity and Compliance. Right to a Notice of Privacy Practices Refer inquiries to the Office of Integrity and Compliance

22 Did you Know The American Recovery and Reinvestment Act, also known as the Stimulus Bill, signed by President Barack Obama on February 19, 2009, included changes and additions to the HIPAA laws? Until then, there had not been any changes made to the HIPAA laws since enforcement in 2003.

23 Revisions to HIPAA Among the changes and additions to the privacy laws include: Breach Notification Requirements Additional Patient Rights Criminal Penalties for Employees who violate HIPAA law

24 Breach Notifications Under these new set of laws, if a patient s PHI is breached, i.e. inappropriately released without authorization, we will be required to notify the patient of the occurrence. If a breach involves over 500 individuals, we will be required to notify a local media outlet (local news station/paper) that a breach occurred. For example, Dr. Smith carries a UMC owned computer to a conference out of state. The computer includes all of ABC s Clinic patient information in an excel spreadsheet and the spreadsheet is not password protected or encrypted. The hospital will be required to contact a local news station for reporting.

25 Criminal Penalties Previously, employees who inappropriately accessed, used, or disclosed a patients health information was not subject to criminal penalties. The hospital would take the blame. NOW UNDER THE STIMULUS BILL-IF YOU INAPPROPRIATELY ACCESS, USE OR DISCLOSE A PATIENT S HEALTH INFORMATION, YOU CAN BE CHARGED WITH CRIMINAL PENALTIES!!!!!!!

26 Additional Patient Rights The right to request and receive at a reasonable cost their health information in electronic format if the information is maintained as an Electronic Health Record (EHR). The right to apply restrictions on disclosures made to Covered Entities for any item or service, for which the patient has paid the full cost out of pocket. The right to receive a full accounting of disclosures made by the Covered Entity or Business Associate involving treatment, payment, or health care operations during the previous three years.

27 Facebook and other Social Networking Sites Did you know a common HIPAA privacy violation involves employees posting patient information on Facebook and other social networking sites/blogs? The rising popularity of social networking sites has brought new responsibilities to those individuals working in the healthcare setting in ensuring that our patient s health information remains protected. As a UMMC employee, you are obligated to protect the privacy of all patient information.

28 HIPAA Violation Involving Social Networking Sites Scenario 1: Mary is a nurse and is on duty when a VIP is rushed to the ED following a car accident. She is assigned to this patient and because of such is aware of the accident details and the patient s condition. Upon leaving work and returning home, Mary checks her Facebook page and notices where someone has posted a link to the local newspaper article highlighting the story. Mary decides to comment on that individuals Facebook page confirming the article s brief description of the patient s condition and providing more in-depth information regarding the patient s status while also indicating that she took care of the patient in the ED. Does this constitute a HIPAA violation? YES! The information that Mary posted was information she knew only because she was an employee that assisted in the patient s care.

29 Facebook and other Social Networking Sites The Office of Integrity and Compliance does not discourage the personal use of such sites but you must refrain from posting or discussing any patient information (including patient pictures) on any social networking site/blog.

30 Brief Pointers Family and Friends- you should not access health information of family/friends if you do not have a need to know. VIPS- Do not access health information of individuals who are of public interest unless you have a need to know. Passwords- Do not share passwords- We audit and you will be held responsible. This includes portable devices Disposing Patient Information- if in printed format, must be disposed- NEVER throw away in regular garbage without at least shredding by hand. Ongoing Monitoring- We perform ongoing monitoring of access into patient health information. Employee to Employee access. IF WE FIND YOU ARE NOT CONNECTED TO THE PATIENT S CARE OR DO NOT HAVE THE APPROPRIATE NEED TO KNOW TO COMPLETE YOUR JOB DUTIES, YOU WILL BE HELD ACCOUNTABLE.

31 More Information Check out Policies and Procedures online- UMC Intranet IF YOU NEED TO REPORT A VIOLATION- Directly to your superior Compliance Hotline Compliance Report Form Office of Integrity and Compliance

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996 Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office Privacy and Security Orientation for Visiting Observers DUHS Compliance Office 919-668-2573 compliance@dm.duke.edu Introduction This orientation is to provide new Visiting Observers with the HIPAA Privacy

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT INSTRUCTIONS Read through this presentation. Submit completed post test to the Portage County MRC Coordinator. Estimated completion time: 1 hour Learning

More information

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers Health Insurance Portability and Accountability Act Awareness Training for Volunteers Southeastern Health Southeastern Health has a strong tradition of protecting the privacy of patient information. Confidentiality

More information

MCCP Online Orientation

MCCP Online Orientation 1 Objectives At the conclusion of this presentation, students will be able to: Discuss application of HIPAA to student s role. Describe the federal requirements of the HIPAA/HITECH regulations that protect

More information

HIPAA PRIVACY TRAINING

HIPAA PRIVACY TRAINING HIPAA PRIVACY TRAINING HIPAA Privacy Training Objective Present a general overview of HIPAA and define important terms Understand the purpose of HIPAA and the Privacy Rule Understand the term Protected

More information

Advanced HIPAA Communications and University Relations

Advanced HIPAA Communications and University Relations Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability

More information

HIPAA Privacy Regulations Governing Research

HIPAA Privacy Regulations Governing Research HIPAA Privacy Regulations Governing Research HIPAA Health Insurance Portability and Accountability Act In a Nutshell The Privacy Regulations govern a provider s use and disclosure of health information

More information

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

Student Orientation: HIPAA Health Insurance Portability & Accountability Act _ Student Orientation: HIPAA Health Insurance Portability & Accountability Act HIPAA: National Privacy Law History of HIPAA What was once an ethical responsibility to protect a patient s privacy is now

More information

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? DIRECTIONS HIPAA Privacy/Security Personal Privacy 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings on the Intranet home page 3. Click on the

More information

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI)

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI) PRIVACY 8.0 DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI) Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have

More information

HIPAA and HITECH: Privacy and Security of Protected Health Information

HIPAA and HITECH: Privacy and Security of Protected Health Information HIPAA and HITECH: Privacy and Security of Protected Health Information What is HIPAA? Health Insurance Portability and Accountability Act of 1996 A federal law enacted to: Protect the privacy of a patient

More information

Information Privacy and Security

Information Privacy and Security Information Privacy and Security 2015 Purpose of HIPAA HIPAA stands for the Health Insurance Portability and Accountability Act. Its purpose is to establish nationwide protection of patient confidentiality,

More information

HIPAA Privacy Rule. Best PHI Privacy Practices

HIPAA Privacy Rule. Best PHI Privacy Practices HIPAA Privacy Rule Best PHI Privacy Practices Learning Objectives Define the acronym HIPAA. Understand your role and responsibilities under the privacy regulations. Know what patient s rights are in terms

More information

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance New HIPAA Privacy Regulations Governing Research Karen Blackwell, MS Director, HIPAA Compliance kblackwe@kumc.edu 913-588 588-0942 HIPAA Health Insurance Portability and Accountability Act In a Nutshell

More information

HIPAA Education Program

HIPAA Education Program HIPAA Education Program 2017-2018 Assurance and Compliance Services HIPAA Training Requirement This HIPAA Training Program is intended for and will satisfy the training requirement for the: Mount Sinai

More information

HIPAA Policies and Procedures Manual

HIPAA Policies and Procedures Manual UNIVERSITY of NORTH CAROLINA at CHAPEL HILL SCHOOL of NURSING HIPAA Policies and Procedures Manual November 2015 1 Table of Contents I. INTRODUCTION... 3 A. GENERAL POLICY... 3 B. SCOPE... 3 II. DEFINITIONS...

More information

CLINICIAN S GUIDE TO HIPAA PRIVACY

CLINICIAN S GUIDE TO HIPAA PRIVACY CLINICIAN S GUIDE TO HIPAA PRIVACY Introduction... 2 What is HIPAA?... 2 Health Information Privacy... 2 Protected Health Information... 3 Identifiers... 3 HIPAA s Impact on Clinical Practice, Treatment,

More information

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office The University of Toledo Corporate Compliance and HIPAA Training Presented by: The Compliance and Privacy Office Topics Compliance HIPAA (Health Insurance Portability and Accountability Act) FERPA( Family

More information

HIPAA Privacy Training for Non-Clinical Workforce

HIPAA Privacy Training for Non-Clinical Workforce Office of Compliance Programs HIPAA Privacy Training for Non-Clinical Workforce Revised: January 24, 2017 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA)

More information

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative

More information

Compliance Program, Code of Conduct, and HIPAA

Compliance Program, Code of Conduct, and HIPAA Compliance Program, Code of Conduct, and HIPAA Agenda Introduction to Compliance The Compliance Program Code of Conduct Reporting Concerns HIPAA Why have a Compliance Program Procedures to follow applicable

More information

CHI Mercy Health. Definitions

CHI Mercy Health. Definitions CHI Mercy Health Definitions If you have any questions about this notice, please contact the CHI Mercy Health s Privacy Office at (701) 845-6540 or 570 Chautauqua Blvd, Valley City ND 58072. Notice of

More information

A general review of HIPAA standards and privacy practices 2016

A general review of HIPAA standards and privacy practices 2016 A general review of HIPAA standards and privacy practices 2016 45 CFR, 164 Health Insurance Portability and Accountability Act Treatment, Payment and Healthcare Operations 42 CFR, Part 2, Confidentiality

More information

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH Helenemarie Blake, Esq. Chief Privacy Officer, Interim Office of HIPAA & Privacy Security August 2016 SCENARIO You are putting a study together

More information

Privacy and Security Compliance: The. Date Presenter Name of Member Organization

Privacy and Security Compliance: The. Date Presenter Name of Member Organization Privacy and Security Compliance: The Basics Date Presenter Name of Member Organization Privacy and Security Compliance: The Context for What We Do Privacy and Security compliance within (your office) is

More information

Notice of Privacy Practices

Notice of Privacy Practices River Valley Chiropractic LLC Notice of Privacy Practices Effective 9/2014; Revised 9/2014 If you have any questions about this notice, please contact the River Valley Chiropractic Privacy Officer at 308-534-5840.

More information

HIPAA THE PRIVACY RULE

HIPAA THE PRIVACY RULE HIPAA THE PRIVACY RULE Reviewed December 2012 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of antidepressant medications in their mail. 2 HISTORY Many

More information

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix IRB 101 Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix Contents Brief discussion of regulations IRB Structure Levels of Approval Informed Consent HIPAA/HITECH

More information

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL Page 1 Issued: POLICY: Committee Approval: HIPAA Administrative Policy Review Committee: April 2003 April 2005 April 2006 April 2007 April 2008 Attachment(s): For purposes of this policy, Pennsylvania

More information

CAPITAL SURGEONS GROUP, PLLC

CAPITAL SURGEONS GROUP, PLLC CAPITAL SURGEONS GROUP, PLLC NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook HIPAA and Social Media and other PHI Safeguards Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook Social Networking Let s Talk Facebook More than 750 million users Average user has 130

More information

The Privacy & Security of Protected Health Information

The Privacy & Security of Protected Health Information The Privacy & Security of Protected Health Information By the end of this course, you should: Be familiar with the patient s rights to privacy under HIPAA Privacy Act Be able to identify Protected Health

More information

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research LifeBridge Health HIPAA Policy 4 Uses of Protected Health Information for Research This Policy contains the following Sections: I. Policy II. III. IV. Definitions Applicability Procedures A. Individual

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 Revised: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS

More information

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE PARAGOULD DOCTORS CLINIC PRIVACY NOTICE Protected Health Information THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

Health Information Privacy Policies and Procedures

Health Information Privacy Policies and Procedures University of the Pacific Arthur A. Dugoni School of Dentistry Health Information Privacy Policies and s These Health Information Privacy Policies & s implement our obligations to protect the privacy of

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES 1 Effective Date: April 14, 2003 Revision Date: September 23, 2013 Revision Date: January 17, 2018 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

The HIPAA privacy rule and long-term care : a quick guide for researchers

The HIPAA privacy rule and long-term care : a quick guide for researchers Scripps Gerontology Center Scripps Gerontology Center Publications Miami University Year 2005 The HIPAA privacy rule and long-term care : a quick guide for researchers Jane Straker Patricia Faust Miami

More information

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM

NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM NOTICE OF PRIVACY PRACTICES MOUNT CARMEL HEALTH SYSTEM Effective Date: 9/23/ 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

Parental Consent For Minors to Receive Services

Parental Consent For Minors to Receive Services Parental Consent For Minors to Receive Services Welcome to the University of San Diego s Wellness Area! We appreciate your coming our way, and look forward to working with you. The following provides important

More information

Valley Regional Medical Center HIPAA AND HITECH EDUCATION

Valley Regional Medical Center HIPAA AND HITECH EDUCATION Valley Regional Medical Center HIPAA AND HITECH EDUCATION Privacy and Security of Protected Health Information 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act

More information

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand. MRN: FIN: FLORIDA HOSPITAL DELAND HIPAA NOTICE OF PRIVACY PRACTICES Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

DEPARTM PRACTICES. Effective: Tel: Fax: to protecting. Alice Gleghorn, Page 1

DEPARTM PRACTICES. Effective: Tel: Fax: to protecting. Alice Gleghorn, Page 1 SANTA BARBARA COUNTY DEPARTM MENT BEHAVIORAL WELLNESS NOTICE OF PRIVACY PRACTICES Effective: September 27, 2013 / Revision: January 7, 2015 This notice describes how medical information about you may be

More information

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions. HIPAA PRIVACY RULE & AUTHORIZATION Definitions Breach. The term breach means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy

More information

Professional Compliance Program Grievance Report

Professional Compliance Program Grievance Report Professional Compliance Program Grievance Report Please complete this form carefully. All material that you wish AAOS to consider must either accompany this form or be sent electronically and identified

More information

OREGON HIPAA NOTICE FORM

OREGON HIPAA NOTICE FORM MARCIA JOHNSTON WOOD, Ph.D. Clinical Psychologist 5441 SW Macadam, #104, Portland, OR 97239 Phone (503) 248-4511/ Fax (503) 248-6385 - Effective Sept.23, 2013 - (This copy for you to keep) OREGON HIPAA

More information

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015 Safeguarding PHI Nutrition Services UAMS HIPAA Office May 2015 HIPAA (not HIPPA) What is HIPAA? The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security

More information

Mental Health. Notice of Privacy Practices

Mental Health. Notice of Privacy Practices Effective June 2017 Notice of Privacy Practices Mental Health This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review

More information

HIPAA Training

HIPAA Training 2011-2012 HIPAA Training New Hire Orientation and General Training 1 This training is to ensure all Health Management workforce members (associates, contracted individuals, volunteers and students) understand

More information

Notice of Privacy Practices

Notice of Privacy Practices 2269 CHERRY VALLEY ROAD, NEWARK, OH 43055 (740) 788-1400 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

HIPAA Privacy & Security Training

HIPAA Privacy & Security Training HIPAA Privacy & Security Training for Nonclinicians Introduction As a Duke Medicine workforce member you may have access to patients and patient information and you have a legal and ethical obligation

More information

OVERVIEW OF THE USES AND DISCLOSURES OF PHI

OVERVIEW OF THE USES AND DISCLOSURES OF PHI PRIVACY 24.0 OVERVIEW OF THE USES AND DISCLOSURES OF PHI Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or

More information

SUMMARY OF NOTICE OF PRIVACY PRACTICES

SUMMARY OF NOTICE OF PRIVACY PRACTICES LAKE REGIONAL MEDICAL GROUP 54 HOSPITAL DRIVE OSAGE BEACH, MO 65065 SUMMARY OF NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES 1 Effective Date: April 14, 2003 Revised: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO

More information

Notice of Privacy Practices for Protected Health Information (PHI)

Notice of Privacy Practices for Protected Health Information (PHI) Notice of Privacy Practices for Protected Health Information (PHI) Dermatology Associates of Colorado, PC THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN

More information

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES CW CR 618 Exhibit A MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES Effective Date: THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES This notice describes how Pine Creek Medical Center may use and disclose your medical information, and how you may access this information. Please read through and review it

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. If you have any

More information

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS PRIVACY POLICY As of April 14, 2003, the Federal regulation on patient information privacy, known as the Health Insurance Portability and Accountability Act (HIPAA), requires that we provide (in writing)

More information

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1 HIPAA in the Division of Public Health February 19, 2003 February 19, 2003 Division of Public Health 1 Handouts HIPAA Definitions AG Advisory Opinion - Definition of Health Plan DPH Coverage Determination

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Who Presents this

More information

Greenwood Connections Notice of Privacy Practice

Greenwood Connections Notice of Privacy Practice Note: This notice describes how healthcare information about you may be used and disclosed and how you can get access to this information. Please read it carefully. This Notice is effective April 1, 2003

More information

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION FORM W/H-01 APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION Research for which this form is appropriate generally involves only existing patient records or specimens.

More information

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology Publish Date: 1/2/2018 This guide has been created to serve Vail Aspen Breckenridge

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices, pg. 1 of 5 Notice of Privacy Practices CATHOLIC CHARITIES OF THE ROMAN CATHOLIC DIOCESE OF SYRACUSE, NY This notice describes the privacy practices of Catholic Charities of

More information

Re-Vita -Life. Sub-dermal Bio-identical Pellets

Re-Vita -Life. Sub-dermal Bio-identical Pellets Re-Vita -Life Sub-dermal Bio-identical Pellets Welcome and thank you for inquiring about Re-Vita-Life Bio-identical hormone replacement therapy. We have included a new patient information packet which

More information

NOTICE OF PRIVACY PRACTICES MedQuest Effective April 2003 Revised January 2014

NOTICE OF PRIVACY PRACTICES MedQuest Effective April 2003 Revised January 2014 NOTICE OF PRIVACY PRACTICES MedQuest Effective April 2003 Revised January 2014 THIS NOTICE OF PRIVACY PRACTICES applies only to care and treatment you receive at this facility or other Novant Health facilities

More information

HIPAA COMPLIANCE APPLICATION

HIPAA COMPLIANCE APPLICATION 1 HIPAA COMPLIANCE APPLICATION PROJECT TITLE: PRINCIPAL INVESTIGATOR Name (Last, First): Please complete this form if you intend to use/disclose protected health information (PHI) in your research. An

More information

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections Navigating HIPAA Regulations Michelle C. Stickler, DEd Director, Research Subjects Protections mcstickler@vcu.edu 828-0131 Key Definitions Covered Entity: Organization that handles identifiable health

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices Effective September 23, 2013 TCHC.org An equal opportunity employer and provider. CLINICS Baxter Bertha Henning Ottertail Sebeka Verndale Wadena HOSPITAL Wadena 415 Jefferson

More information

Opp Health and Rehabilitation, LLC 115 Paulk Avenue P.O. Box 730 Opp, AL Phone Number: (334)

Opp Health and Rehabilitation, LLC 115 Paulk Avenue P.O. Box 730 Opp, AL Phone Number: (334) Opp Health and Rehabilitation, LLC 115 Paulk Avenue P.O. Box 730 Opp, AL 36467-1695 Phone Number: (334) 493-4558 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW

More information

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10 Page 1 of 10 TITLE: HIPAA COMPLIANCE: PRIVACY AND THE CONDUCT OF RESEARCH POLICY It is the policy of the San Francisco Department of Public Health (DPH) to maintain the privacy of Protected Health Information

More information

NOTICE OF PRIVACY PRACTICES Mid-Atlantic Women s Care, PLC Effective Date: September 23, 2013 Last Revised: February 15, 2018

NOTICE OF PRIVACY PRACTICES Mid-Atlantic Women s Care, PLC Effective Date: September 23, 2013 Last Revised: February 15, 2018 NOTICE OF PRIVACY PRACTICES Mid-Atlantic Women s Care, PLC Effective Date: September 23, 2013 Last Revised: February 15, 2018 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996 YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA Health Insurance Portability and Accountability Act of 1996 Handbook Table of Contents I. Introduction What is HIPAA? What is PHI? What is a Covered Entity

More information

HIPAA Privacy & Security Training

HIPAA Privacy & Security Training HIPAA Privacy & Security Training for Clinicians Introduction As a clinician at Duke Medicine, you have direct access to patients and patient information and a legal and ethical obligation to protect patient

More information

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004 Rev. 1/22/2010 HIPAA TRAINING WHAT IS HIPAA? Health Insurance Portability and Accountability Act HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

More information

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS Jeffrey Staton Attorney at Law Legal Aid Society of Louisville 416 W. Muhammad Ali Blvd., Ste. 300 Louisville, KY 40202 Phone: 502.614.3146 Jstaton@laslou.org

More information

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone (PLEASE PRINT) Emma Warner, MSW, LCSW, ACSW Tulsa, OK 74105 (918) 749-6935 Personal Information Name Address Last Name First Name Initial Home Phone Soc. Sec. # City State Zip Sex M F Age Birthdate Single

More information

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised February 17, 2010 Revised September 23, 2013 Revised July 1, 2016 This Notice of Privacy Practices applies to the

More information

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice. WELCOME Those of us at Crossroads Counseling want to thank you for choosing to work with us and we want to make your time with us as productive as possible. In order to expedite the intake process, please

More information

Lutheran Brethren Homes, Inc. NOTICE OF PRIVACY PRACTICES

Lutheran Brethren Homes, Inc. NOTICE OF PRIVACY PRACTICES Lutheran Brethren Homes, Inc. [dba LB Homes] and Affiliates: Lutheran Brethren Retirement Services, Inc. [dba LB Alcott Manor / dba Lutheran Brethren Home Care / dba LB Broen Home / dba LB Short Stay];

More information

Privacy and Security For Teammates

Privacy and Security For Teammates Privacy and Security For Teammates This self-directed learning module contains information all CRHS Teammates are expected to know in order to protect our patients, our guests, and ourselves. Target Audience:

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES Page 1 of 10 NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: The Notice of Privacy Practices became effective on April 14, 2003 and was amended on August 30, 2013. THIS NOTICE DESCRIBES HOW HEALTH INFORMATION

More information

HIPAA Privacy and Security Training for Researchers

HIPAA Privacy and Security Training for Researchers HIPAA Privacy and Security Training for Researchers Version April 2017 Mountain States Health Alliance Bringing Loving Care to Health Care 1 Course Objectives This learning course covers HIPAA, HITECH,

More information

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) HIPPA Review Health Insurance Portability and Accountability Act (HIPAA) What is HIPAA: Stands for Health Insurance Portability and Accountability Act Addresses three areas: 1. Insurance portability 2.

More information

HIPAA Privacy Policies & Procedures Table of Contents

HIPAA Privacy Policies & Procedures Table of Contents HIPAA POCKET GUIDE HIPAA Privacy Policies & Procedures Table of Contents I. Clinical Policies A. Accounting of Disclosures..Pg 6 B. De-Identification of Information..Pg 7 C. Facility Directory...Pg 7

More information

JOINT NOTICE OF PRIVACY PRACTICES

JOINT NOTICE OF PRIVACY PRACTICES JOINT NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. respects

More information

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

Updated FY15 Dignity Health General Compliance Education for Staff Module 2 Updated FY15 Dignity Health General Compliance Education for Staff Module 2 This course will provide you with important information about the laws and regulations that affect the healthcare industry, our

More information

ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES. Effective Date : April 14, 2003 Revised: August 22, 2016

ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES. Effective Date : April 14, 2003 Revised: August 22, 2016 ERIE COUNTY MEDICAL CENTER CORPORATION NOTICE OF PRIVACY PRACTICES Effective Date : April 14, 2003 Revised: August 22, 2016 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow. Office of Compliance Programs Revised: July 18, 2017 HIPAA Privacy HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all

More information

Notice of HIPAA Privacy Practices Updates

Notice of HIPAA Privacy Practices Updates Notice of HIPAA Privacy Practices Updates The following is a summary of the updates to the privacy notice for Meridian Hospitals Corporation, Meridian Home Care Services, Inc., Meridian Nursing & Rehabilitation,

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. I. What This Is

More information

Chapter 9 Legal Aspects of Health Information Management

Chapter 9 Legal Aspects of Health Information Management Chapter 9 Legal Aspects of Health Information Management EXERCISE 9-1 Legal and Regulatory Terms 1. T 2. F 3. F 4. F 5. F EXERCISE 9-2 Maintaining the Patient Record in the Normal Course of Business 1.

More information

NOTICE OF HOSPICE EL PASO S PRIVACY PRACTICES

NOTICE OF HOSPICE EL PASO S PRIVACY PRACTICES NOTICE OF HOSPICE EL PASO S PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

Patient Privacy Requirements Beyond HIPAA

Patient Privacy Requirements Beyond HIPAA Patient Privacy Requirements Beyond HIPAA Jane Hyatt Thorpe, J.D. School of Public Health and Health Services George Washington University Carrie Bill, J.D. Feldesman Tucker Leifer Fidell LLP The George

More information

Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.

Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations. Collom & Carney Clinic Association NOTICE OF PRIVACY PRACTICES Effective Date: April 14, 2003 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS

More information

If you have any questions about this notice, please contact the SSHS Privacy Officer at:

If you have any questions about this notice, please contact the SSHS Privacy Officer at: Notice of Privacy Practices 0 Effective Date: April 14, 2003 Revision Date: July 15, 2016 South Shore Health System ( SSHS ) is an integrated health care delivery system. For a list of entities which comprise

More information