HIPAA Privacy Training for Non-Clinical Workforce

Similar documents
It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

HIPAA Training

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

Privacy and Security For Teammates

HIPAA PRIVACY TRAINING

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

Protecting PHI for Clinical Staff and Students

Information Privacy and Security

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

Advanced HIPAA Communications and University Relations

Compliance Program, Code of Conduct, and HIPAA

Privacy and Security Compliance: The. Date Presenter Name of Member Organization

HIPAA and HITECH: Privacy and Security of Protected Health Information

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA 201: Student Self-Learning Module & Test

Protecting Patient Privacy It s Everyone s Responsibility

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

The Privacy & Security of Protected Health Information

HIPAA Privacy Regulations Governing Research

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

CLINICIAN S GUIDE TO HIPAA PRIVACY

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015

Health Information Privacy Policies and Procedures

MCCP Online Orientation

East Carolina University 2010 Annual HIPAA Privacy Training

HIPAA Privacy & Security Training

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

HIPAA Privacy & Security Training

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

HIPAA Policies and Procedures Manual

PRIVACY BREACH MANAGEMENT POLICY

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

Compliance & Privacy For Teammates

HIPAA Privacy Rule. Best PHI Privacy Practices

System Office New Hire Orientation

2018 Employee HIPAA Orientation (EHO) Handbook

Compliance & Privacy For Teammates

HIPAA Education Program

Chapter 9 Legal Aspects of Health Information Management

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

Title: HIPAA PRIVACY ADMINISTRATIVE

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

Breach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook

Understanding the Privacy and Security Regulations

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

HOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA. Fern Tsien, PhD Department of Genetics LSUHSC

Patient Privacy Requirements Beyond HIPAA

FCSRMC 2017 HIPAA PRESENTATION

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology

HIPAA & PRIVACY TRAINING FOR HEALTH PROFESSIONALS: Part 1 Denise M. Hill, JD, MPA

VCU Health System PatientKeeper Connect. Request Instructions

Yale University. HIPAA PRIVACY FAQs

HIPAA THE PRIVACY RULE

Valley Regional Medical Center HIPAA AND HITECH EDUCATION

The HIPAA Privacy Rule and Research: An Overview

Piedmont Healthcare, Inc. Code of Conduct

NORTHWEST TERRITORIES INFORMATION AND PRIVACY COMMISSIONER Review Recommendation File: July 13, 2015

VHA Privacy Policy Training FY VHA Privacy Office

A general review of HIPAA standards and privacy practices 2016

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL

PRIVACY POLICIES AND PROCEDURES

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI)

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

RISK MANAGEMENT AND PATIENT SAFETY

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office

Security Risk Analysis

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.

What is your start date? (Date in which you plan to begin seeing patients in the hospital). Specialty SECTION I. IDENTIFICATION DATA

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

Your Role in Protecting Patient Privacy 2018

Reporting a Privacy Breach to the Commissioner

Information Sharing and HIPAA Compliance

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS

Privacy and Security Training for Connecting Ontario. PACE Cardiology April, 2017

The Queen s Medical Center HIPAA Training Packet for Researchers

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

Faculty Profile. PART I Privacy Training for Health Professionals. Disclaimer. Always Be Prepared 7/11/2013. Why should you care about Privacy?

HIPAA Breach Policy & Procedures Handbook

INFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates

SUMMARY OF NOTICE OF PRIVACY PRACTICES

ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY

HIPAA Privacy and Security Training for Researchers

INLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS. Our shared commitment to honesty, integrity, transparency and accountability

Notice of Privacy Practices

HIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

QUESTIONS. Print Student s/faculty Name: Date of Test Completion: Site of Experience: School/University: Semester:

Compliance with Personal Health Information Protection Act

2514 Stenson Dr Cedar Park TX Fax

DO ASK BUT DON T TELL HIPAA PRIVACY RULE

New Employee Orientation HIPAA Privacy. Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer

Transcription:

Office of Compliance Programs HIPAA Privacy Training for Non-Clinical Workforce Revised: January 24, 2017 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff, residents and students) about the University's HIPAA policies and those specific HIPAA required procedures that may affect the work you do for the University. Overview This presentation provides a brief summary of the HIPAA Privacy Rule. It lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow. The HIPAA Privacy Rule A covered entity (e.g. LSUHSC-NO and its faculty, staff and students) may not use or disclose protected health information (PHI)about a patient without that patient's written authorization unless the use or disclosure falls under one of the exceptions. What is PHI? PHI consists of two parts: Information that personally identifies the the patient (an identifier) Any information, including genetic information, whether oral or recorded in any form or medium, that: 1. Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and 2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. What is an identifier? Patient name Date of birth Genetic information Social Security number Driver s license number Phone and fax nubers

Mailing address Email address Hospital account number Medical record number Insurance identification number Medicare/Medicaid ID numbers Certificate/License numbers Device identifiers and serial numbers Vehicle identifiers and serial numbers Photographs, video or other images where the patient's face is recognizable. Biometric identifiers Any other unique identifying number, characteristic, or code, that could be used alone or in combination with other information to identify an individual who is a subject of the information. PHI does not include: Information on individuals who have been dead more than 50 years Student health records Health information LSUHSC-NO keeps in its role as an employer (e.g. occupational health and safety information) De-identified information Remember PHI can appear in any medium including but not limited to: Spoken (conversations, telephone calls, etc.) Written (invoices, photocopies, etc.) Electronic (emails, databases, spreadsheets, billing systems, electronic health records, etc.) Exceptions Uses and disclosures that do not require and authorization include but are not limited to: To the individual For treatment purposes For payment purposes For healthcare operations (e.g. quality improvement activities, training,legal services, audits, etc.) To the Secretary of the Department of Health and Human Services (HHS) There are other exceptions. If you have a concern regarding whether a particular use or disclosure requires an authorization from the patient, contact the LSUHSC-NO Privacy Officer at (504) 568-5135 or via email at nocompliance@lsuhac.edu. Protecting Patient Privacy Treat all information as you would want information about you or your family memeber treated. Do not discuss confidential patient information in areas where it is likely to be overheard such as elevators, hallways, cafeteria, restrooms, or other public places, etc. Shred documents and disks with PHI before discarding. Do not allow unauthorized visitors or patients in staff areas, dictating rooms, chart storage areas, etc.

Do not discuss patient information with your family, friends, or people in your facility who are not directly involved in the patient's treatment, payment, or operations. Do not share your passwords with anyone. Set an idle time out on your local workstation. Always log off of your computer when you leave your work area. Do not leave charts, schedules, or open documents on computer screens that may contain patient information in plain view. Conduct telephone conversations or dictation regarding confidential patient information in a discreet manner. Access only the information you are officially authorized to access. When scrapping or surplusing computer equipment, make sure someone from I.T. erases all the information from any storage devices (e.g. hard drives, solid state drives, flash drives, etc.) Each of us only has authorization to access PHI based on a need to know basis for the purpose of fulfilling our job responsibilities. Unfortunately, some take advantage of various sources of PHI to satisfy curiosity or other motives instead. LSUHSC-NO faculty, staff and students may find themselves working and/or training in facilities that use electronic systems containing PHI that are shared by multiple, independent health care providers. In such cases, an individual must be granted permission to access the electronic record in writing by the facility that owns the record, in addition to having a job related need to view the information before accessing the electronic record. No matter why an employee or physician accesses PHI, if there is not a job specific reason to do so, the access is prohibited by hospital policy, LSU policy, and HIPAA regulations. This includes access to family members information, including spouses, parents, adult children, siblings, significant others, coworkers, etc. Any such unauthorized access would be a direct violation of LSUHSC-NO policy and HIPAA regulations. Such action would expose the violator not only to disciplinary action, but also to possible legal action. LSUHSC-NO Privacy Policies The HIPAA Privacy Policies and Procedures are contained in Chancellor s Memorandum 53. What is a Breach? A breach of PHI is the unauthorized access, use, or disclosure of PHI that compromises the security of that information. Any unauthorized access, use, or disclosure of PHI should be reported immediately to the Compliance/Privacy Officer in the Office of Compliance Programs at LSUHSC-NO. Compliance will conduct a risk assessment to determine if the use and/or disclosure must be reported to the patient and the U.S. Department of Health and Human Services. Things to Remember about Breaches Breaches Happen!! Breaches can be deliberate or accidental. You can report them anonymously. Timely notification of any known Breach is CRITICAL as we only have 60 days from the discovery of the Breach to take the necessary action required by the Breach Notification Rule. If you are unsure whether or not an incident is a breach, call the Compliance Office. Some Examples of a Breach of PHI include, but are not limited to: PHI from discarded paper documents, computer hard drives, flash drives, backup tapes and optical disks.

PHI included in emails sent to the wrong recipient or PHI inappropriately attached to an email. PHI stolen and sold for monetary gain PHI obtained and disclosed by hackers. PHI contained in lost or stolen paper documents, laptops, flash drives, backup tapes or optical disks. PHI that is disclosed due to the actions of a computer virus. PHI inappropriately posted or to which access is provided on a web server. Privacy Complaints If anyone suspects or knows of mishandling or misuse of patient PHI, a complaint can be made to: The LSUHSC-NO Privacy Officer The Office of Compliance Programs The Office of Civil Rights of Department Health and Human Services The appropriate Privacy Officer at the institution if other than LSUHSC-NO How to Report a HIPAA Violation Contact the LSUHSC-NO Privacy Officer or the Office of Compliance Programs via: Office Phone: (504) 568-5135 Anonymous reporting hotline: (504) 568-2347 or, E-mail: nocompliance@lsuhsc.edu Contact the Privacy Officer or the Compliance department at the hospital/facility where you work. Penalties The HHS Office of Civil Rights shall assess penalties ranging from $100 per violation up to $1.5 million per violation. Please note that inappropriate use and or disclosure of information on each patient is a separate violation. In addition, LSUHSC-NO may take disciplinary action up to and including termination of employment or, if a student, expulsion from your program. Individuals and health care providers (hospitals, etc.) can also face civil and criminal prosecution, depending on the facts of the case. Recap HIPAA provides for the rights of patients in relation to their Protected Health information. It also provides for the privacy and security of that information.

It is everyone s responsibility to protect PHI. Violations of any of the HIPAA regulations may result in fines from the federal government. Violations of HIPAA privacy regulations can also include civil and even criminal penalties. Report breaches of PHI to Compliance immediately. If you are found to be deliberately accessing PHI for reasons other than related to performing your job, you will face disciplinary action, up to and including termination your employment or student status. Be familiar with the HIPAA Privacy policies wherever you work as they differ from institution to institution. Resources Chancellor s Memorandum 53 HHS Office of Civil Rights HIPAA webpage. Any Questions? We Are Here to Help! Office of Compliance Programs 433 Bolivar St. Suite 807 New Orleans, LA 70112 568-5135 nocompliance@lsuhsc.edu

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback