HIPAA Training

Similar documents
HIPAA and HITECH: Privacy and Security of Protected Health Information

The Privacy & Security of Protected Health Information

MCCP Online Orientation

HIPAA Privacy Training for Non-Clinical Workforce

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

Privacy and Security For Teammates

Information Privacy and Security

Privacy and Security Compliance: The. Date Presenter Name of Member Organization

HIPAA Health Insurance Portability and Accountability Act of 1996

Title: HIPAA PRIVACY ADMINISTRATIVE

Advanced HIPAA Communications and University Relations

Compliance Program, Code of Conduct, and HIPAA

Protecting Patient Privacy It s Everyone s Responsibility

HIPAA Privacy Rule. Best PHI Privacy Practices

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

HIPAA THE PRIVACY RULE

Breach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook

Health Information Privacy Policies and Procedures

System Office New Hire Orientation

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

HIPAA PRIVACY TRAINING

A general review of HIPAA standards and privacy practices 2016

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

CLINICIAN S GUIDE TO HIPAA PRIVACY

HIPAA Education Program

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

HIPAA Notice of Privacy Practices

Compliance & Privacy For Teammates

Returning Volunteer Application

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015

Compliance & Privacy For Teammates

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

Health Insurance Portability and Accountability Act (HIPAA)

East Carolina University 2010 Annual HIPAA Privacy Training

What is your start date? (Date in which you plan to begin seeing patients in the hospital). Specialty SECTION I. IDENTIFICATION DATA

Reporting a Privacy Breach to the Commissioner

Compliance Program Updated August 2017

PRIVACY POLICIES AND PROCEDURES

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.

Internship Application x2645

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

PREA AUDIT: AUDITOR S SUMMARY REPORT 1 COMMUNITY CONFINEMENT FACILITIES

2018 Employee HIPAA Orientation (EHO) Handbook

HIPAA Privacy & Security Training

Compliance & Privacy Post Test

MURRAY MEDICAL CENTER HIPAA NOTICE OF PRIVACY PRACTICES

PRIVACY BREACH MANAGEMENT POLICY

Chapter 9 Legal Aspects of Health Information Management

Section: Medical Staff Office Page: 1 of 2

Protecting PHI for Clinical Staff and Students

AUDIT DEPARTMENT UNIVERSITY MEDICAL CENTER HIPAA COMPLIANCE. For the period October 2008 through May JEREMIAH P. CARROLL II, CPA Audit Director

HIPAA Privacy Policies & Procedures Table of Contents

NOTICE OF PRIVACY PRACTICES

New Employee Orientation HIPAA Privacy. Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer

HIPAA Compliance and Health IT

HIPAA Privacy & Security Training

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

PATIENT INFORMATION Please Print

Notice of Privacy Practices

STANDARDS OF CONDUCT A MESSAGE FROM THE CHANCELLOR INTRODUCTION COMPLIANCE WITH THE LAW RESEARCH AND SCIENTIFIC INTEGRITY CONFLICTS OF INTEREST

NOTICE OF PRIVACY PRACTICES

Your Role in Protecting Patient Privacy 2018

VHA Privacy Policy Training FY VHA Privacy Office

STUDENT VOLUNTEER APPLICATION *Minimum Age for volunteers is 16*

HIPAA HAZARDS & SOCIAL MEDIA SNAFUS NARHC MARCH 20, 2018 MARGARET SCAVOTTO, JD, CHC MPA ST. LOUIS, MO

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

NOTICE OF PRIVACY PRACTICES

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

Southwest Acupuncture College /PWFNCFS

WAKE FOREST BAPTIST HEALTH NOTICE OF PRIVACY PRACTICES

IVAN FRANKO HOME Пансіон Ім. Івана Франка

REVISED NOTICE OF PRIVACY PRACTICES ORIGINAL DATE: JANUARY 1, 2003 REVISED: JANUARY 16, 2014 REVISED: NOVEMBER 27, 2017 PLEASE REVIEW IT CAREFULLY

The Purpose of this Code of Conduct

Notice of Privacy Practices

Understanding the Privacy and Security Regulations

NOTICE OF PRIVACY PRACTICES

HOSTING RESEARCH VOLUNTEERS AT MAIMONIDES MEDICAL CENTER. Instructions and Forms

Medical Records Ch. 13. Dr. Thorson

HIPAA for CNAs. This course has been awarded one (1.0) contact hour. This course expires on May 31, 2020.

SUMMARY OF NOTICE OF PRIVACY PRACTICES

EMPLOYEE HANDBOOK EMPLOYEE HANDBOOK. Code of Conduct

Patient Privacy Requirements Beyond HIPAA

Resident/Fellow Training Orientation Policies

Piedmont Healthcare, Inc. Code of Conduct

PERSONALLY IDENTIFIABLE INFORMATON (PII)

Parental Consent For Minors to Receive Services

JOINT NOTICE OF PRIVACY PRACTICES

1303A West Campus Drive

Alignment. Alignment Healthcare

If you have any questions about this notice, please contact our privacy officer Dr. Jev Sikes at

CAPITAL SURGEONS GROUP, PLLC

DO ASK BUT DON T TELL HIPAA PRIVACY RULE

PRIVACY BREACH MANAGEMENT GUIDELINES. Ministry of Justice Access and Privacy Branch

Transcription:

2011-2012 HIPAA Training New Hire Orientation and General Training 1

This training is to ensure all Health Management workforce members (associates, contracted individuals, volunteers and students) understand our HIPAA policies and procedures to maintain the privacy and security of patient information. 2 11/9/2009 2

HIPAA is a broad law dealing with the privacy and security of health information: The Privacy Rule tells hospitals and physicians when and how they can use or disclose patient health information. The Security Rule tells hospitals and physicians how to protect health information from being inappropriately accessed, edited, or destroyed. 3 11/9/2009 3

Who are your HIPAA Officers? The HIPAA Privacy Officer is your HIM Director The HIPAA Security Officer is your Risk Manager 4 4

The first essential element of HIPAA: PHI Protected Health Information (PHI) is ALL PERSONAL HEALTH, BILLING AND DEMOGRAPHIC INFORMATION, IN ANY FORMAT (Oral, Paper, Picture or Electronic) CREATED OR HELD BY A COVERED ENTITY (hospital or physician, payer) (includes past, present and future healthcare) 5 11/9/2009 5

Minimum Necessary or need to know All members of the workforce contribute to the care of the patient. That doesn t mean everyone needs to see health information about patients. If you do not need to know confidential information to provide care (clinical or financial) you are NOT permitted to access it. This includes your PHI. 6 11/9/2009 6

Disciplinary Actions for Violations of HIPAA Policies & Procedures There are three different groups of disciplinary action depending on the violation. The following examples show what can happen if you do not protect our patients information correctly: 7 11/9/2009 7

Not signing off computer (with PHI) when leaving a work area. Inadvertent disclosure of PHI to the wrong patient Failure to follow o appropriate a guidelines es for the use of fax, mailing, E-mail, computer or other transmission of patient information causing a disclosure to an unintended recipient. 8 11/9/2009 8

Sharing your password with a coworker. Unauthorized access of information on a patient t you have no job-related responsibility for, including your friends, family, co-workers AND your own information! 9 11/9/2009 9

Using a co-worker s password without their knowledge. Disclosure of PHI which you have accessed, without authorization and when NOT involved in the care of the patient. Releasing any PHI for personal gain or releasing PHI with intent to harm the reputation of the individual or our organization. Accessing HIV test results, records of sexual or domestic abuse, drug and alcohol test results or other highly protected information when not involved in the care of those patients. 10 11/9/2009 10

Our #1 Biggest Risk: Nosy Associates Aco-worker accesses information. The only reason was for curiosity regarding: A co-worker who is a patient A physician i who is a patient t A neighbor who is a patient Health Management has a zero tolerance for associates who access patient information without authorization! 11 11/9/2009 11

Actions that could cause a HIPAA violation Taking pictures of any patient s image, body part or X-ray with personal cell phone cameras (this will be grounds for termination) Unauthorized access of sensitive health information (HIV, Abuse, Psych records) Access of the associate s own patient t record in the computer system Sharing or stealing another co-worker s password for the computer systems Not verifying who you disclose patient information to (financial or clinical) and not confirming that the person requesting the information is authorized to receive it 12 11/9/2009 12

Where can I find our HIPAA policies and procedures? HIPAA Policy & Procedure Manuals are located: 1. On-line at your facility s Intranet site 2. On the home office intranet: t hma-info.com 13 11/9/2009 13

Steps you should take to protect patient privacy include: Respect the patient s information and condition the same way you would expect others to respect and care for yours. Close treatment room doors or use privacy curtains when discussing the care of a patient. Ensure that medical records are not left where others can see or gain access to them. Keep laboratory, radiology and other test results private. Make sure computer screens containing PHI are not visible to others not involved with the patient. 14 11/9/2009 14

Destruction of paper containing patient t information Shred all patient information when it is to be discarded. Do not place anything with a patient s name or identifiers in the regular trash. Patient name bands Telemetry strips What about IV bags with med labels? If you can, peel off label. Label must be shredded or blacked-out with a marker. 15 11/9/2009 15

Visitor Identification All associates should question visitors or other persons who are in restricted areas and are not escorted by an associate of the facility or are not displaying i proper identification. ifi i Vendors and contractors will be wearing their company ID in addition to hospital identification noting that they have permission to be in the building. All associates, volunteers and other workforce members must wear their identification badge as issued by the hospital. 16 11/9/2009 16

IMPORTANT!! Every associate, physician and VIP admitted to our hospital will have their records reviewed for inappropriate access. Associates are not permitted to snoop in each other s patient information when they come into the hospital for care. Audit trails will document who was where in our systems and will document what the associate was accessing. This is performed by our HIPAA Officers (Privacy & Security). Your User ID will link to every item opened, read or printed. 17 11/9/2009 17

The types of information that you are not permitted to access, acquire, use or disclose without authorization from the patient t include: 18 Medical information Name, address, phone number Social Security Number, date of birth Photo of any part of the patient s body, including X-ray images, whether or not they contain the patient s name Any information or data that could be used to identify the patient 11/9/2009 18

Notification to Patients Federal law now requires us to tell patients if someone has snooped into their information protected by HIPAA. We must also notify patients any time their protected health information was inappropriately disclosed d outside of the facility, or if it was stolen or breached. We are required to notify the patient in writing and report all breaches of PHI to the Federal Government. 19 11/9/2009 19

Under the Notification Rule, a breach means the acquisition, access, use or disclosure of PHI which violates the HIPAA Privacy Rule and compromises the security or privacy of the PHI. 20 11/9/2009 20

At any one time, if there are more than 500 patients who have their records snooped into or, if their protected health information is disclosed in any way outside of our facility, we must notify every patient and the Federal Government immediately. We may also need to notify the local media if 500 or more of the patients are from the same state. 21 11/9/2009 21

Who do we need to notify if a breach of PHI is detected? All of the affected patients. t The Federal Government. Local media if 500 or more patients in the same area are affected. 22 11/9/2009 22

Examples of Breaches Lost laptop p or PDA PHI left behind in the cafeteria, lounge, or public area Snooping in patient records without a need to know the information Cell phone pictures taken by associates that identify a patient or characteristics of a patient (x-ray or body part) PHI faxed to the wrong fax number, or emailed to the wrong address Information intended for one patient handed to another patient (not verifying your work). 23 11/9/2009 23

Reporting deadlines for breach notifications Once we discover a breach of PHI, we have no more than 60 days (45 days in Florida) to comply with the Rule s notification requirement. You should immediately report all suspected PHI breaches to the Privacy Officer. The Privacy Officer will need to conduct a full investigation. Determination will need to be made if a breach occurred and notification is required. 24 11/9/2009 24

What can you do to prevent a breach of PHI? Take 5 seconds to confirm the name of the patient and the document you want to generate or use is correct! Verify the fax # or address you are about to use is correct Double check that you have entered the numbers or letters correctly. Verify all auto dial numbers in the fax machines are entered correctly and you select the intended preprogrammed fax number. Use Fax coversheets; they are important safeguards 25

Increased HIPAA enforcement actions could directly affect you! If you are found to be responsible for any type of a HIPAA violation that the State Attorney General believes has threatened or in some way harmed a patient who is a resident of your State, you can be held responsible for your actions. The State Attorney General can bring a civil action in federal court against you! 26 11/9/2009 26

Conclusion We must all remember to protect the privacy and security of patient information at all times. We are all patients from time to time. How would you feel if your own health information was used or disclosed in a way that was harmful to you or your family? If you have a question about HIPAA, ask your supervisor or your Privacy Officer. 27 11/9/2009 27

Reporting known or suspected HIPAA violations We expect all associates to adhere to the HIPAA policies, i but we know there may be times when the policy is being abused. You should report HIPAA violations or suspected violations to your supervisor or to your Privacy Officer. You may report anonymously, if you wish. Health Management Compliance Helpline: 1-888-462-0380 Health Management Associates, PO Box 770621, Naples, FL 34107 You will not be retaliated against if you report a privacy violation. It is part of your job to report instances where you suspect policies are being broken. 28 11/9/2009 28

Thank you for your attention. Please follow the instructions below: Please complete the Affirmation Statement at the end of this training! 29 11/9/2009 29

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback