Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

Similar documents
Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015

Breach Reporting and Safeguarding PHI Outpatient Services August, UAMS HIPAA Office Anita Westbrook

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI)

HIPAA Privacy Regulations Governing Research

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

Title: HIPAA PRIVACY ADMINISTRATIVE

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

HIPAA Privacy & Security Training

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION

Information Privacy and Security

HIPAA and HITECH: Privacy and Security of Protected Health Information

Privacy and Security Compliance: The. Date Presenter Name of Member Organization

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

Privacy and Security For Teammates

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

HIPAA Privacy Rule. Best PHI Privacy Practices

HIPAA Privacy & Security Training

Compliance Program, Code of Conduct, and HIPAA

Commission on Dental Accreditation Guidelines for Filing a Formal Complaint Against an Educational Program

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

Health Insurance Portability and Accountability Act. Awareness Training for Volunteers

Advanced HIPAA Communications and University Relations

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

HIPAA Policies and Procedures Manual

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

HIPAA COMPLIANCE APPLICATION

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

The Impact of The HIPAA Privacy Rule on Research

HIPAA Training

HIPAA Privacy Training for Non-Clinical Workforce

CLINICIAN S GUIDE TO HIPAA PRIVACY

Health Information Privacy Policies and Procedures

WHAT IS HIPAA? HIPAA is the ELECTRONIC transmission of Three programs have been enacted to date Privacy Rule April 2004

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

INFORMATION ABOUT Children s Mercy Hospitals and Clinics for our Affiliates

MCCP Online Orientation

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL

WHAT IS AN IRB? WHAT IS AN IRB? 3/25/2015. Presentation Outline

INFORMATION ABOUT CHILDREN S MERCY HOSPITALS AND CLINICS

HIPAA Compliancy Group, LLC. 2017

HIPAA PRIVACY TRAINING

Guidelines for Requesting an Increase in Enrollment in a Predoctoral Dental Education Program

COMMISSION ON DENTAL ACCREDITATION GUIDELINES FOR PREPARING REQUESTS FOR TRANSFER OF SPONSORSHIP

COMMISSION ON DENTAL ACCREDITATION REPORTING PROGRAM CHANGES IN ACCREDITED PROGRAMS

System Office New Hire Orientation

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

Access to Patient Information for Research Purposes: Demystifying the Process!

Updated FY15 Dignity Health General Compliance Education for Staff Module 2

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

Guidelines for Requesting an Increase in Authorized Enrollment in Orthodontics and Dentofacial Orthopedics Residency and Fellowship Programs

HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD

HIPAA is the Health Insurance Portability and Accountability Act

The Privacy & Security of Protected Health Information

The Queen s Medical Center HIPAA Training Packet for Researchers

The HIPAA privacy rule and long-term care : a quick guide for researchers

POLICY ON ENROLLMENT INCREASES IN ADVANCED DENTAL SPECIALTY PROGRAMS

COMMISSION ON DENTAL ACCREDITATION POLICY ON REPORTING AND APPROVAL OF SITES WHERE EDUCATIONAL ACTIVITY OCCURS

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.

Valley Regional Medical Center HIPAA AND HITECH EDUCATION

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

Telecommuting Policy - SAMPLE

HIPAA: Privacy Officers 1. Samuel Knapp, Ed.D. Previous articles in the Pennsylvania Psychologist have given an overview of the

Professional Compliance Program Grievance Report

UNIVERSITY OF ILLINOIS HIPAA PRIVACY AND SECURITY DIRECTIVE

HIPAA Privacy & Security

Patient-Level Data. February 4, Webinar Series Goals. First Fridays Webinar Series: Medical Education Group (MEG)

HIPAA 201: Student Self-Learning Module & Test

The University of Toledo. Corporate Compliance and HIPAA Training. Presented by: The Compliance and Privacy Office

Alignment. Alignment Healthcare

Protecting Patient Privacy It s Everyone s Responsibility

HIPAA Health Insurance Portability and Accountability Act of 1996

Office of Compliance & Ethics General Compliance Training JHS Annual Mandatory Education

Compliance & Privacy For Teammates

The HIPAA Privacy Rule and Research: An Overview

EMPLOYEE HANDBOOK EMPLOYEE HANDBOOK. Code of Conduct

INFORMATION TECHNOLOGY, MOBILES DIGITAL MEDIA POLICY AND PROCEDURES

Please Turn Off or Silence Cell Phones & Pagers

Ethics for Professionals Counselors

University Social Media Accounts

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

System-wide Policy: Use and Disclosure of Protected Health Information for Research

The Purpose of this Code of Conduct

Compliance & Privacy For Teammates

Section: Medical Staff Office Page: 1 of 2

Social Media IUSM-GME-PO-0031

WRAPPING YOUR HEAD AROUND HIPAA PRIVACY REQUIREMENTS

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

Roles & Responsibilities of Investigator & IRB

North Town Nursery. Policy on Camera, Mobile Phone and Recording Device Use. Signed:.Head teacher. Signed: Chair of Governors. Date: September 2016

Health Insurance Portability and Accountability Act (HIPAA)

STANDARDS OF CONDUCT SCH

DESK OPERATIONS COORDINATOR HIRING DOCUMENT

What is your start date? (Date in which you plan to begin seeing patients in the hospital). Specialty SECTION I. IDENTIFICATION DATA

Membership Application February 2013

THE MONTEFIORE ACO CODE OF CONDUCT

Returning Volunteer Application

Transcription:

HIPAA and Social Media and other PHI Safeguards Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

Social Networking

Let s Talk Facebook More than 750 million users Average user has 130 friends

Facebook When can you discuss patient information on Facebook? Never. What about information that doesn t identify the patient? Never.

Twitter 100 million active users 55% access Twitter via mobile devices

Blogs Over 156 million public blogs Healthcare blogs

UAMS Policy 3.1.38 Safeguarding PHI Social Networking: Electronic Public Displays of patient information without Patient Authorization are prohibited. This includes the posting of photographs, video or any information about a UAMS patient through electronic means including, but not limited to, social networking sites; blogs; pinning; pinging; and tweeting. The only exception is a posting in response to a UAMS patient that gives no further information about the patient.

Patient Identifiers There are 18 identifiers, and they apply to patients, relatives, employers or household members of the patients Name Address (street address, city, county, zip code (more than 3 digits) or other geographic codes) Dates directly related to patient Telephone Number Fax Number Email addresses Social Security Number Medical Record Number Health Plan Beneficiary Number Account Number Certificate/License Number Any vehicle or device serial number Web URL Internet Protocol (IP) Address Finger or voice prints Photographic images Any other unique identifying number, characteristic, or code (whether generally available in the public realm or not) Age greater than 89 (due to the 90 year old and over population is relatively small)

UAMS Policy 3.1.23 Reporting HIPAA Violations Any known or suspected violations of the HIPAA regulations or related UAMS policies and procedures must be reported in accordance with this Policy. UAMS workforce who report in good faith such known or suspected violations shall not be subjected to retaliation, intimidation, discrimination, coercion, or harassment as a result of their report. Violations of this policy, including failure to report, will be grounds for disciplinary action up to and including termination. Any sanctions that are applied will be documented.

What Should You Do? Keep patient-related communications OFF the internet! Obtain written HIPAA-compliant Authorizations from patients if you are going to put their information online (contact the HIPAA Office for assistance). If you see a posting online that violates UAMS policy, get screen shots and any other information that helps us mitigate and respond to the violation, and report to the HIPAA Office or your supervisor immediately.

Reasonable Safeguards 3.1.38 UAMS must take reasonable steps to make sure PHI is kept private Communicate Quietly Make it a habit always lower your voice when discussing patient information. Try to discuss patients privately. Stop the conversation if someone walks up while giving report or rounding. 11

Printed PHI Don t leave PHI lying around where others can see it. Don t put PHI, including patient stickers and medication labels, in the regular trash. Shred or place in the privacy bins. Obliterate patient information on IV bags or cover with the white labels from the Omnicel before placing in the regular trash. Do not remove PHI from UAMS 12

Electronic PHI Be aware of your computer screen Position your monitor or Computer on Wheels (COW) so the screen cannot easily be seen by passersby Minimize the screen if someone walks up Log off or lock your computer prior to stepping away from it Never share your password or use someone else s sign on information 13

Photography consent required Written patient consent is required for photos/video taken for the purpose of treatment, payment, and other health care operations such as teaching within UAMS. Written authorization is required for photos/video to be disclosed outside UAMS. Exception - When a parent requests UAMS staff to make photographs solely for their personal use (such as a baby book), UAMS is not required to obtain written consent prior to taking the photograph. Do not take photos with personal digital devices.

Why would the HIPAA Office call me? Access to patient records is monitored If your name is on an audit report, and the appropriateness is not readily apparent to the auditors, you or your supervisor will be contacted This is routine follow-up and is done for physicians, students and staff. 15

Why would the HIPAA Office call me? Access of patient records outside the performance of your job is prohibited This includes your own records and the records of: Family Friends and acquaintances Co-workers Violations of UAMS HIPAA Policies are taken so seriously that your supervisor will be notified and must impose disciplinary action. 16

Your HIPAA Office ams.edu PA HIPAA Office: (501) 603-1379 HIPAA Hotline: (501) 614-2187 Email: hipaa@uams.edu Website: http://hipaa.uams.edu

18

Questions? Harley HIPAA

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback