Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

Similar documents
WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

Compliance Program, Code of Conduct, and HIPAA

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office

Information Privacy and Security

HIPAA Health Insurance Portability and Accountability Act of 1996

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

HIPAA Privacy Training for Non-Clinical Workforce

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

HIPAA PRIVACY TRAINING

HIPAA 201: Student Self-Learning Module & Test

Health Information Privacy Policies and Procedures

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

CAPITAL SURGEONS GROUP, PLLC

VHA Privacy Policy Training FY VHA Privacy Office

Title: HIPAA PRIVACY ADMINISTRATIVE

Notice of Privacy Practices

MCCP Online Orientation

A general review of HIPAA standards and privacy practices 2016

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

PATIENT BILL OF RIGHTS & NOTICE OF PRIVACY PRACTICES

HIPAA and HITECH: Privacy and Security of Protected Health Information

Advanced HIPAA Communications and University Relations

Southwest Acupuncture College /PWFNCFS

The Privacy & Security of Protected Health Information

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

NOTICE OF PRIVACY PRACTICES

Compliance Program And Code of Conduct. United Regional Health Care System

Privacy and Security For Teammates

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

HIPAA Policies and Procedures Manual

HIPAA THE PRIVACY RULE

R. Gregory Cochran, MD, JD

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

Greenwood Connections Notice of Privacy Practice

STANDARD ADMINISTRATIVE PROCEDURE

SUMMARY OF NOTICE OF PRIVACY PRACTICES

FCSRMC 2017 HIPAA PRESENTATION

East Carolina University 2010 Annual HIPAA Privacy Training

CLINICIAN S GUIDE TO HIPAA PRIVACY

INFORMED CONSENT DOCUMENT. Project Title: The Contraceptive Choice Center: an innovative health services delivery and payment model

Notice of Privacy Practices

HIPAA Privacy Rule. Best PHI Privacy Practices

Chapter 9 Legal Aspects of Health Information Management

Patient Privacy Requirements Beyond HIPAA

If you have any questions about this notice, please contact our privacy officer Dr. Jev Sikes at

HIPAA Privacy Rights and Operations Guide HIPAA Security Summary For the Practice of: Vail Aspen Breckenridge Dermatology

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

COMPLIANCE PROGRAM. Our commitment to ethical conduct and compliance depends on all employees having a clear understanding of Corporate expectations.

HIPAA PRIVACY NOTICE

Parental Consent For Minors to Receive Services

Valley Regional Medical Center HIPAA AND HITECH EDUCATION

always legally required to follow the privacy practices described in this Notice.

HIPAA Education Program

HIPAA Privacy Test Overview

HIPAA Notice of Privacy Practices

Protecting Patient Privacy It s Everyone s Responsibility

HIPAA Training

Compliance Program Updated August 2017

HIPAA Privacy & Security Training

Lutheran Brethren Homes, Inc. NOTICE OF PRIVACY PRACTICES

PARAGOULD DOCTORS CLINIC PRIVACY NOTICE

CHI Mercy Health. Definitions

A Better You Counseling Services, LLC 1225 Johnson Ferry Road, Ste 170 Marietta GA

Notice of Privacy Practices

Notice of Privacy Practices

Alignment. Alignment Healthcare

HIPAA and Mandatory Reporting Hiding in Plain Sight

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

HIPAA Privacy & Security Training

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

JOINT NOTICE OF PRIVACY PRACTICES

SUMMARY OF JOINT NOTICE OF PRIVACY PRACTICES (HOSPITAL AND MEMBERS OF ITS MEDICAL STAFF)

Privacy and Security Compliance: The. Date Presenter Name of Member Organization

Opp Health and Rehabilitation, LLC 115 Paulk Avenue P.O. Box 730 Opp, AL Phone Number: (334)

Information Sharing and HIPAA Compliance

Faculty Profile. PART I Privacy Training for Health Professionals. Disclaimer. Always Be Prepared 7/11/2013. Why should you care about Privacy?

PEDIATRIC HEALTH ASSOCIATES HIPAA NOTICE OF PRIVACY PRACTICES

HIPAA NOTICE OF PRIVACY PRACTICES

New Patient Information

2514 Stenson Dr Cedar Park TX Fax

RECEIPT OF NOTICE OF PRIVACY PRACTICES WRITTEN ACKNOWLEDGEMENT FORM. I,, have received a copy of Dr. Andy Hand s Notice of Privacy Practice.

INLAND EMPIRE HEALTH PLAN CODE OF BUSINESS CONDUCT AND ETHICS. Our shared commitment to honesty, integrity, transparency and accountability

Slide 1 WHO IS THE CLIENT? WHO CONTROLS THE RECORD? ETHICS AND HIPAA. Slide 2. Slide 3. The Four As of Ethical Practice

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.

NOTICE OF PRIVACY PRACTICES

Notice of. Privacy Practices. Dartmouth-Hitchcock Affiliated Covered Entity

Notice of Privacy Practices for Protected Health Information (PHI)

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

Advanced Oral & Maxillofacial Surgery, Ltd. NOTICE OF PRIVACY PRACTICES

- Cardiac Catherization - Cardiac Angioplasty - Cardiac Bypass - MUGA - CT Scan

HIPAA Notice of Privacy Practices DFD Russell Medical Center Effective April 14, 2003 Updated April 10, 2013

HITECH Act. Overview and Estimated Timeline

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

Objectives. By the end of this educational encounter, the clinician will be able to:

Pediatric Dental Specialists

CENTRAL TEXAS MEDICAL CENTER

Transcription:

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

Training Statement: This training program is designed to educate you on WCEMS legal requirements to protect our patients rights and confidentiality, and how this pertains to you the Third Out Rider.

Objectives: Upon completion of this training, you will be able to: Describe why privacy/confidentiality that pertain to HIPAA are important Verbalize the consequences of a privacy/confidentiality/hipaa violation Understand the Third Out Rider s responsibility related to HIPAA compliance

Why HIPAA? As a provider of emergency medical services, protecting our patients privacy and maintaining confidentiality creates an environment of trust, generates good will, enhances the reputation and, overall, it is the right thing to do.

What is HIPAA? HIPAA- Health Insurance Portability Accountability Act is the Federal law that mandates how we are required to protect health information and how it is used and maintained by Williamson County EMS. Privacy Rule Regulations define the rights of individuals and the responsibilities of covered entities regarding Protected Health Information (PHI). Security Rule Regulations define the process and technology standards for electronic protected health information (ephi). There were no major revisions to HIPAA until 2009 with the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

HITECH ACT Amendments: The HITECH Act Amendments did the following: Added a Federal Breach Notification Rule Granted patients new rights regarding PHI Applied the Security Rule to Business Associates Increased HIPAA penalties Mandated changes to Business Associate Agreements (BAA) and Notice of Privacy Practices(NPP)

What does HIPAA Provide? Gives patients more control over their Protected Health Information(PHI) Protects the patients PHI from intentional and unintentional misuse and exposure Provides for civil and criminal penalties for violators of the Privacy Rule Establishes a National Standard for handling and disclosure of PHI

Patients Have The Right To be informed of and receive the WCEMS Notice of Privacy Practices (NPP) To access PHI To request an Accounting of disclosures of PHI To request Restrictions on uses and disclosures of PHI To request an Amendment of PHI To request Confidential Communications

Notice of Privacy Practices (NPP) Patients have the right to receive notice of their legal rights under HIPAA and an explanation of how their PHI is used, disclosed and protected All individuals with whom WCEMS has a direct treatment relationship must be given a NPP. This includes transported patients, individuals refusing treatment, and generally anyone we collect PHI from as the result of an encounter For emergency treatment situations, we must provide the notice as soon as reasonably practicable after the emergency Williamson County EMS maintains a website, so we are required to post the NPP on our main webpage

Right to Access Patients have the right to inspect or obtain a copy of their PHI held by WCEMS or our Business Associates (BA)

Accounting of Disclosures Patients have a right to receive an accounting of certain limited disclosures of their PHI made by WCEMS or our BA during the six (6) years prior to the date of the accounting request

Request Restrictions WCEMS must grant patients right to request restrictions on uses or disclosures of PHI for purposes of Treatment, Payment or Healthcare Operations and for purposes of notifying family members, friends and others involved in their care Very rare request in EMS

Request Amendment WCEMS must grant patients the right to request that their PHI be amended We may accept or deny the amendment request based on whether or not we believe the record is complete and accurate Very rare request in EMS

Confidential Communications We must allow patients to request alternative means or location for receiving communications of their PHI We must accommodate reasonable requests

Minimum Necessary The minimum necessary rule means we must take reasonable efforts to Use Disclose, and Request only the minimum amount of PHI needed to accomplish the intended purpose of any permitted disclosure

What is Considered PHI? Information must meet two criteria: 1. Individually identifiable information; and 2. Health information

1. Individually Identifiable Information that actually identifies the individual e.g., Name, SSN, Medicare Number, etc. OR There is reasonable basis to believe the information can be used to identify the individual e.g., an address, license plate number, date of service Any information which may make a person identifiable

2. Health Information The information must also relate to: The past, present, or future physical or mental health or condition of an individual; The provision of health care to an individual; or The past, present, or future payment for the provision of healthcare to an individual

PHI Can Be in Any Form Electronic Anything digital Photos Videos Files Emails Social Networks Paper As long as it is readable Verbal Any conversations involving PHI Be aware of your surroundings when discussing incident information

Examples of PHI Incident information in an electronic health record (EHR) program, servers, or other location; WCEMS utilizes ESO Solutions Dispatch information Physician certification statements, signature forms, Memorandum of Transfer forms Medical or payment information

The Security Rule This applies to all PHI in electronic form e-phi WCEMS has implemented Security Standards, Administrative, Physical and Technical Safeguards for compliance with this rule

Violating HIPAA With recent revisions to the Federal laws under the HITECH Act, HIPAA adds a new dimension to Privacy and Confidentiality and also adds new, very severe consequences for a privacy/confidentiality violation

Violating HIPAA How does WCEMS become aware of a HIPAA violation? 1. All access to PHI is tracked 2. Random audits are conducted 3. Complaint from family, friends, coworkers 4. Complaint from patient

Examples of HIPAA Violations Talking to someone on the phone about your experience and mentioning the name, address or other identifiable information Posting any information which could potentially identify a patient on social media Taking and keeping photos of incident scene or patient on your personal device

Penalties for Violating HIPAA The penalties for non-compliance of this legislation are severe. On the civil side, penalties range from $100 for each violation up to a maximum of $1.5 million for violations of the same HIPAA provision in a year. Criminal penalties are as follows: Knowing disclosure: up to $50,000 fine; up to 1 year imprisonment False pretenses: up to $100,000 fine; up to 5 years imprisonment Intent to sell: up to $250,000 fine; up to 10 years imprisonment

HIPAA and You! The patient controls who obtains information about them! Ask before discussing patient information with family, friends and neighbors! Dispose of PHI appropriately!

HIPAA and You! Use reasonable accommodations to protect patient privacy and provide as much discretion as possible under the circumstances. While we are obligated to protect our patients privacy, information heard while assessing, treating, obtaining information or giving report to the receiving facility would be considered an incidental disclosure and not a violation of HIPAA.

HIPAA and You! It is YOUR responsibility to notify your EMS crew member or the HIPAA Compliance Officer of any concerns you might have or to report a HIPAA violation you suspect during your ride out. Who is the HIPAA Compliance Officer? Theresia Carter 512-943-1265

HIPAA and You! HIPAA relates to the behavior of the Third Out Rider All PHI encountered must be kept confidential During observation/ride out hours, and During non-observation/ride out hours! Representation of the Department Personal behavior with a negative reflection of the WCEMS or the County is not tolerated.

HIPAA and You! MOST IMPORTANTLY Violation of HIPAA allows for immediate termination of employment per federal standards For the Third Out Rider, this means immediate termination of observation/ride out privileges

Privacy Williamson County EMS may use or disclose PHI only for TPO reasons. The three TPO reasons are: 1. Care & Treatment (T) 2. Payment of Care (P) 3. Managerial Operational Issues (O)

Privacy Access to all records are logged and maintained to remain compliant with HIPAA laws.

Confidentiality WCEMS must have a compliance program in place. This program shall have: Policies and procedures in place related to the use and transmission of PHI; Develop and implement a privacy notice and authorization to release information form; A system of safeguards to protect PHI; A process to receive complaints and concerns; Policy for mitigation of any violation and log; Designate a Privacy Officer; and Conduct education and training.

Confidentiality Respect for a patient s privacy is evident when every effort is made to safeguard the patient s privacy, for example, shielding from on lookers. Or Not discussing patient information in a public location. Ask the patient s permission to discuss prior to interviewing patient in public or around other individuals.

Compliance What is compliance? It encourages concerns to be reported It requires concerns to be addressed Communication is the key to an effective Compliance Program

Compliance Compliance is everyone s responsibility! You must report problems to your EMS crew You may offer suggestions on how to resolve the issue at hand

Compliance Non-Retaliation Policy Williamson County will not take any disciplinary action, or other type of retaliation, against any Third Out Rider for reporting, in good faith, a concern, issue, problem violation of law/regulation or the Code of Conduct.

Compliance Chain of Command EMS Crew HIPAA Compliance Officer Theresia Carter Deputy Director Mike Knipstein Director Kenny Schnell Most concerns can be addressed by your EMS crew. If you feel it has not been addressed, you can use the chain of command.

Compliance Questions or Concerns, contact- Theresia Carter at 512-943-1265, or Deputy Director Mike Knipstein at 512-943-1224

Lets Review Privacy The fact that you are a Third Out Rider with Williamson County EMS does not give you access to the PHI of a friend, child, spouse, exspouse or co-worker. Confidentiality All PHI is to be protected as if it was your own medical information. Compliance Report all violations promptly and prevent further risk of exposure until the HIPAA privacy/compliance officer can make corrections.

So who is responsible for HIPAA? EVERYONE IS RESPONSIBLE!

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback