Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

Similar documents
The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

HIPAA Health Insurance Portability and Accountability Act of 1996

HIPAA PRIVACY TRAINING

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Privacy Rule. Best PHI Privacy Practices

HIPAA is the Health Insurance Portability and Accountability Act

MCCP Online Orientation

Privacy and Security For Teammates

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

Privacy and Security Compliance: The. Date Presenter Name of Member Organization

Information Privacy and Security

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

The Privacy & Security of Protected Health Information

HIPAA Privacy Training for Non-Clinical Workforce

HIPAA Education Program

HIPAA and HITECH: Privacy and Security of Protected Health Information

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

HIPAA Training

A general review of HIPAA standards and privacy practices 2016

Health Information Privacy Policies and Procedures

HIPAA Training Handbook for Long-Term Care: Privacy for Frontline Staff

Protecting Patient Privacy It s Everyone s Responsibility

Parental Consent For Minors to Receive Services

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

CLINICIAN S GUIDE TO HIPAA PRIVACY

East Carolina University 2010 Annual HIPAA Privacy Training

HIPAA 201: Student Self-Learning Module & Test

VHA Privacy Policy Training FY VHA Privacy Office

HOW TO MAINTAIN A LAB NOTEBOOK- RECORD KEEPING AND HIPAA. Fern Tsien, PhD Department of Genetics LSUHSC

CAPITAL SURGEONS GROUP, PLLC

SUMMARY OF NOTICE OF PRIVACY PRACTICES

Compliance & Privacy For Teammates

QUESTIONS. Print Student s/faculty Name: Date of Test Completion: Site of Experience: School/University: Semester:

Compliance Program, Code of Conduct, and HIPAA

INFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates

System Office New Hire Orientation

Chapter 9 Legal Aspects of Health Information Management

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS

FERPA 101. December 4, Michael Hawes Director of Student Privacy Policy U.S. Department of Education

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

STAFFING AGENCY ADMINISTRATIVE POLICIES AND PROCEDURES

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

Compliance & Privacy For Teammates

OREGON HIPAA NOTICE FORM

PROTECTING PATIENT PRIVACY IS NOT ONLY

Valley Regional Medical Center HIPAA AND HITECH EDUCATION

Notice of Privacy Practices

Understanding the Privacy and Security Regulations

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

HIPAA in DPH. HIPAA in the Division of Public Health. February 19, February 19, 2003 Division of Public Health 1

Yale University. HIPAA PRIVACY FAQs

Title: HIPAA PRIVACY ADMINISTRATIVE

Notice of Privacy Practices

HIPAA THE PRIVACY RULE

HIPAA Privacy Regulations Governing Research

Houston Rheumatology Center Sabeen Najam, MD, PA Board Certified in Rheumatology

Houston Rheumatology Center Sabeen Najam, MD, PA Board Certified in Rheumatology

Advanced HIPAA Communications and University Relations

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

HIPAA Privacy Policies & Procedures Table of Contents

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

Breach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook

Privacy Practices Home Visit Doctor, LLC July 2017

Notice of Privacy Practices

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE


HIPAA Privacy Test Overview

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.

Rights and Responsibilities

Southwest Idaho Ear, Nose and Throat, P.A. Notice of Privacy Practices

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology

INFORMED CONSENT FOR TREATMENT

What is Social Networking?

What is Social Networking?

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

School Based Health Services Consent Form

NOTICE OF PRIVACY PRACTICES

ETHICAL BEHAVIOR AND CONSUMER RIGHTS (EBR)

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director

Oklahoma Surgicare NOTICE OF PRIVACY PRACTICES. Effective Date: 02/17/2010

Johns Hopkins Notice of Privacy Practices for Health Care Providers

NOTICE OF PRIVACY PRACTICES

HIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.

INLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS. Our shared commitment to honesty, integrity, transparency and accountability

Career. Exploration Program

Evaluation ethics Evaluation resources from Wilder Research

The HIPAA Privacy Rule and Research: An Overview

HIPAA. Implementation of. The Health Insurance Portability and Accountability Act of 1996 at Nash Health Care Systems

Notice of privacy practices

NOTICE OF PRIVACY PRACTICES

Patient Appointment Agreement

Transcription:

Health Insurance Portability and Accountability Act Awareness Training for Volunteers

Southeastern Health Southeastern Health has a strong tradition of protecting the privacy of patient information. Confidentiality has always been part of the hospital culture. However, now there is a new law that sets a national standard to protect medical records and other personal health information. It is called the Health Insurance Portability and Accountability Act or HIPAA. 2

Training Objectives To have every Volunteer: Understand what HIPAA is. Know the meaning of Protected Health Information (PHI). Understand the significance of Treatment, Payment and Operations (TPO) and why it is important to remember. Understand what is new with patient rights. Know the consequences for non-compliance with the law. Recognize the importance of making a renewed commitment to patient confidentiality!! 3

What is HIPAA? HIPAA is a law passed by congress in 1996. HIPAA sets national standards for the protection of patient information, with a compliance deadline of April, 2003. HIPAA applies to ALL health care providers: hospitals, physicians, insurance companies, labs, home care companies and surgery centers. HIPAA covers ALL forms of protected health information oral, written and electronic. Why are we, as volunteers, involved with HIPAA training? It is everyone s responsibility to take the confidentiality of patient information seriously. Anytime volunteers come in contact with patient information (or any personal health information) written, spoken or electronically transmitted, they become involved with some facet of the HIPAA regulations! It is for this reason that the law requires awareness training for all healthcare personnel, including volunteers. 4

What is Protected Health Information (PHI)? According to HIPAA all of the following information can be used to identify a patient: Addresses Dates Telephone or fax numbers Social Security Numbers Medical Records Numbers Patient Account Numbers Insurance Plan Numbers Vehicle Information License Numbers Medical Equipment Numbers Photographs Fingerprints Email addresses Internet addresses This information is referred to as individually identifiable health information (IIHI). Removing a patient name from a chart is no longer sufficient to de-identify the patient. HIPAA refers to this information as protected health information or PHI. Any health information that identifies someone or can be used to identify someone MUST BE PROTECTED. 5

Sharing patient information HIPAA, under the Consent Rule, allows for the provider of care to use health information for Treatment, Payment and Operations (TPO). Before HIPAA it was common to use patient information for other purposes and to share more than the minimum necessary information. Now patients need to give prior authorization for the use of their health information for non-tpo purposes. Under the Minimum Necessary Rule volunteers should only have access to the information they need to fulfill their assigned duties. What is TPO? HIPAA allows us to share patient information for: Treatment Payment Operations Providing care to patients Getting paid for caring for patients Normal business activities such as quality improvement, training, auditing, customer service and resolution of grievances. If use of the information does not fall under one of these categories you must have the patient s signed authorization, before sharing that information with anyone! 6

If personal health information (PHI) is involved And ask yourself Ask yourself - does my sharing this information involve TPO for that patient? (Treatment, Payment, Operations) If the answer is NO Don t pass it along unless you have been authorized to do so!! This includes information you may see or hear about hospitalized volunteers, friends and acquaintances. Sharing information for non-tpo purposes requires authorization from the patient involved. 7

Scenarios #1 During the course of your regular volunteer duties you enter a patient room to find a fellow volunteer who has been hospitalized. OK to: NOT OK to: OK to: Converse with the volunteer as you would normally do with other patients as part of your routine duties. Talk about the hospitalized volunteer, including sharing the information with the Volunteer Office, unless the patient has authorized the release of that information. Mention if he/she chooses to have the Volunteer Office notified it would be best if he/she called the office directly. #2 You work where you have access to the patient census. While performing your regular duties you come across the name of a fellow volunteer or acquaintance. OK to: NOT OK to: NOT OK to: OK to: Continue with your regular duties disregarding the information you happened upon. Assume, because he/she is a volunteer, or a personal friend, it is OK to notify the volunteer office or others you know! Scan the census looking for people you know! Only use patient census for minimum necessary to do your job, i.e. responding to a request for a patient room number. #3 - You are having lunch in the cafeteria with a group of volunteer friends and someone makes the statement Did you know that Mary is in the hospital? OK to: NOT OK to: Politely stop the conversation and remind your fellow volunteer that sharing personal health information for non TPO purposes is not something we do. A reminder to all that we need to be HIPAA- Wise would be a very appropriate comment. Talk about any person s health information, without authorization, EVEN WHEN AMOUNG FRIENDS. 8

What are the consequences of not complying with the law? It has always been against hospital policy to improperly share, use or dispose of patient information in the wrong way. Under HIPAA, there are now fines and penalties for this. We treat privacy seriously, which is why every volunteer and team member is required to sign a confidentiality form. A breach of privacy may result in termination. Wrongful and willful disclosure of health information carries fines and can involve jail time. Why should we do this? It is the right thing to do. It is in keeping with the values of our organization. Think how you would feel if it was information about you or a loved one. People in health care think they already do a good job protecting patient information, but HIPAA requires MORE protection. We have to protect all health information! 9

What is new with Patient Rights? Under HIPAA, patients have a right to know how their health information may be used or disclosed, and that they have certain privacy rights. These rights, some new and some revised, are communicated to our patients through a document called Notice of Privacy Practices (NPP). NEW rights allow patients to: Obtain a list of who we have shared their health information with for the past six years Request to amend their medical record Request other communications such as asking to be notified of lab results only at work and not at home REVISED rights allow patients to: Review and copy their medical record Request restrictions on the use or sharing of their information, such as opting out of the hospital directory. Before HIPAA, it was not uncommon for patient s private information to be given to other companies for the purpose of marketing products or services. Now, HIPAA states you must get the patient's signed authorization before doing this. 10

Providing for the security of patient information With Computers We have to make sure all health information, no matter where it is, is secure. This includes information stored on computers. Everyone who uses a computer has a duty to keep health information secure. HIPAA says we must protect all patient information on computers by: Properly signing-on with individual IDs and passwords Signing-off of computers if walking away from the desk Keeping IDs and passwords CONFIDENTIAL Protecting computer screens from unwanted viewing Through Proper Disposal of Information We have to handle and dispose of patient information carefully, such as using a shredder instead of throwing patient information away. The procedure for the proper disposal of health information will be part of service-specific training! RULE OF THUMB.NEVER dispose of patient information in any open area trash bin. When in doubt, ASK. With the use of e-mail and faxes HIPAA says we must protect all patient information transmitted electronically. Volunteers involved with these tasks will receive special training. 11

Reporting Violations It is EVERYONE s responsibility to report violations, or wrong doings. Whether someone received patient information improperly, or shared patient information in the wrong way, everyone has a responsibility to report violations. When in doubt ASK!! Your (one-up person) department supervisor /liaison or your Manager/Volunteer Supervisor is a good place to start for answers to your questions or for reporting issues. You can reach either the: IT Security Specialist (910-671-5684) or Privacy Officer/HIPAA Hotline (910-671-5723) 12

What s next? This awareness training is intended to give you a general overview of HIPAA, and will satisfy your core training requirement. If you routinely have access to patient information, as a result of your regularly assigned duties, you will likely receive further training on how new HIPAA related policies and procedures might affect your work. Changes will be ongoing! This is just the first phase of the act. You will be kept apprised on updates through newsletters, your service area, volunteer staff and annual education. Help us to keep the HIPAA Awareness level HIGH!! Be HIPAA wise and model the correct behavior. 13

Remember to.. ALWAYS STOP, and ask yourself, should I be sharing this patient information? If it doesn t pertain to TPO, don t discuss it!!! Think of patient information about fellow volunteers, neighbors and acquaintances as protected information, not for sharing!!! Dispose of patient information by placing in appropriate shredding bins never in an open wastebasket. Turn computer screens off if leave the station for any reason. Report all abuses enforcing the regulations is everyone s responsibility! I am HIPAA Wise! 14

HIPAA Awareness Training Quiz 1. The compliance deadline for HIPAA is. (P.4) 2. PHI stands for: P H I. (P.5) 3. The following information can be used to identify patients: (P.5) A) Address B) License Plate Number C) Account Number D) All of the above 4. Without prior authorization, patient information can ONLY be shared if it pertains to: T P O (P.6) 5. Wrongful disclosure of health information carries fines and can involve jail time. True False (P. 9) 6. Under HIPAA, patients can choose to NOT be listed in the patient directory. True False (P.10) 7. Placing patient information in a wastebasket is OK as long as it is behind a desk. True False (P. 11) 8. Reporting HIPAA violations is everyone s responsibility. True False (P. 12) 9. The phone number for the Chief Privacy Officer is. (P.12) I have read the HIPPAA privacy guide. I accept the I Am HIPAA Wise oath by agreeing to follow Southeastern Health s privacy and confidentiality policies. Volunteer Name Date 15

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback