1 / 31

HIPAA Level One Training

Level 1. HIPAA Level One Training. Objectives. Define HIPAA Training Requirements Define PHI PHI Identifiers Requesting Restrictions Discarding PHI Email, Internet & Fax Policies Minimum Necessary Policy Media Guidelines Complaints/Violations Sanctions. HIPAA.

sheila
Télécharger la présentation

HIPAA Level One Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Level 1 HIPAALevel One Training HIPAA Level One

  2. Objectives • Define HIPAA • Training Requirements • Define PHI • PHI Identifiers • Requesting Restrictions • Discarding PHI • Email, Internet & Fax Policies • Minimum Necessary Policy • Media Guidelines • Complaints/Violations • Sanctions HIPAA HIPAA Level One

  3. Level I Training Requirements • The entire workforce must be trained in level I including students, volunteers, and agency staff HIPAA Level One

  4. Training Requirements Level Two All staff defined by the minimum Necessary policy must attend. This includes all patient care staff, compliance officers, admitting, physicians, billing staff, and medical records staff, etc. HIPAA HIPAA Level One

  5. HIPAAHIPAA Training Requirements Level ThreeBoard, med exec, VP, CEO, COO, CNO, etc. HIPAA Level One

  6. HIPAA POLICE What is HIPAA? • Health Insurance Portability and Accountability Act of 1996 • Strongest confidentiality protection ever enacted • Affects any information transmitted orally, written or electronically • HIPAA is enforced by The Office of Civil Rights – “The HIPAA Police” HIPAA POLICE HIPAA Level One

  7. Acronyms HIPAA – Health Insurance Portability and Accountability Act NPP – Notice of Privacy Practice PHI – Protected Health Information TPO – Treatment, Payment or Health Care Operations HIPAA Level One

  8. The Three R’s of HIPAA HIPAA Level One

  9. What Is PHI?(Protected Health Information) A person’s personal & protected health information that is used to render care and bill for services provided. Individually identifiable health information that is transmitted or maintained by electronic media or in any other form or medium. Applies to all patients, both living and deceased. HIPAA Level One

  10. Protected Health Information (This list is not inclusive.) • PATIENT NAME • SOCIAL SECURITY NUMBER • BIRTHDATE • ADDRESS • ACCOUNT NUMBER • MEDICAL RECORD NUMBER • DIAGNOSES • EMAIL ADDRESS • EMPLOYER • MEDICAL TESTS • PRESCRIPTIONS • TELEPHONE NUMBER HIPAA Level One

  11. Notice of Privacy Practices NOTICE OF PRIVACY PRACTICES IS GIVEN TO EVERY PATIENT PRIOR TO SERVICES RENDERED. HIPAA Level One

  12. Notice of Privacy Practices • Identifies uses and disclosures of PHI by the facility • Rights of the Patient • Inspect and copy their PHI • Amend their PHI • Receive an accounting regarding disclosure of PHI • Request restrictions to PHI • Request confidential communications of PHI • Obtain a paper copy of this notice • Report a complaint HIPAA Level One

  13. Things to Remember All patients, employees, & volunteers sign confidentiality agreements. Patients have a right to control who will have access to their medical information. It is a breach of confidentiality to take pictures of patients or facility events that include patients. Taking pictures for treatment purposes to be included in the medical record does not require documentation Every person views a patient record must record that he/she has seen the file HIPAA Level One

  14. More Things to Remember • Privacy policies apply even after employment or student experience ends. • Patients have a right to request restrictions, however, do not automatically agree to requested restrictions. Restrictions must go through process of approval HIPAA Level One

  15. Minimum Necessary Policy Before you ask someone for patient information, always ask yourself, “Do I need to know this to do my job?” If the answer is “Yes”, then no need to worry. If the answer is “No”, thenSTOP! “HIPAA requires that each health care provider make reasonable efforts to limit the use or disclosure of Protected Health Information (“PHI”) to the minimum necessary to accomplish the intended purpose.” HIPAA Level One

  16. Use and Disclosure of PHI • Permitted for TPO • Treatment • Payment • Health Care Operations • Additional permitted disclosures (Not all inclusive) • Law Enforcement • Judicial and Administrative Proceedings • Health Oversight Activities • Business Associates HIPAA Level One

  17. Use and Disclosure of PHI Patient Directory Information • If someone inquires about a patient by name, the facility will provide the location and their “general condition”. • Celebrities and other public officials are subject to the same standards • Patient has the right to opt out of the patient directory information. • “general conditions” include: Good, Fair, Serious, Critical • Clergy will be given patient name & religious affiliation. HIPAA Level One

  18. Use and Disclosure of PHI Disclosure of PHI to Individuals Other than Patient • ANY & ALL information regarding a patient is considered PHI. • When patients provide information to their providers, they expect that only people who are caring for them will have access to it and that it will only be used in providing care for them. • Even releasing unsolicited information that a person is a patient at an HHS facility or clinic is considered a violation. HIPAA Level One

  19. Use and Disclosure of PHI • Only patient directory information can be provided to visitors unless they are actively participating in the care of the patient, such as immediate family members, etc. When in doubt, ask the patient or the patient’s representative for approval. • What patients discuss with you about their condition may not be inappropriately passed on. • Limit all patient related conversations in public areas (halls, nursing stations, elevators, cafeteria, restrooms) • If you overhear conversation regarding a patient, let them know you can hear them and remind them of HIPAA policy. HIPAA Level One

  20. Use and Disclosure of PHI • To Someone Involved in Individual’s Care • Family Member, relative, close friend, or other person identified by patient or patient’s representative • Disclose PHI relevant to involvement with individual’s care • Obtain individual’s agreement • Emergency exception – using professional judgment • Disaster Relief Purposes • To public or private entity for disaster relief efforts. Check with facility privacy officer for protocol. HIPAA Level One

  21. Use and Disclosure of PHI • Minors • Parents / Guardians access to minors PHI unless State law is more stringent • Loco Parentis – Acting as parent (State Laws apply) • Emancipated minors have control of their PHI • State Laws that are more stringent supercede HIPAA Laws HIPAA Level One

  22. Protected Health Information Protecting confidential information is a responsibility that the entire workforce shares, including volunteers, regardless of whether or notthey are caring for patients. HIPAA Level One

  23. How To “Trash” Your Work! • All trash that contains PHI including brief handwritten notes is PRIVATE and must be DESTROYED. • If you see/find PHI in the trash, you are REQUIRED to report this to your supervisor or facility privacy officer. • PHI also includes patient information that has been stored on computer disks. These computer disks CAN NOT be thrown in the trash. They must be destroyed if no longer needed. • Cross-cut shredder • Locked box HIPAA Level One

  24. How To “Trash” Your Work ITEMS YOU THROW AWAY EVERY DAY THAT MAY CONTAIN PHI 1.     __________________________ 2.     __________________________ 3.     __________________________ 4.     ___________________________ 5.     ___________________________ 6.     ____________________________ 7.     ____________________________ 8.     _____________________________ 9.     _____________________________ 10. ___________________________ HIPAA Level One

  25. Email Confidential Notice Confidentiality Statement For Email: All out-going e-mails should contain the following confidentiality notice at the end of the message: IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this message in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this message. If you have received this communication in error, please notify the sender immediately and destroy the transmitted information. HIPAA Level One

  26. Fax Confidentiality Notice IMPORTANT – This facsimile is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you have received this facsimile in error, you are hereby notified that we do not consent to any reading, dissemination, distribution or copying of this facsimile. If you have received this communication in error, please notify the sender immediately by telephone at (___) _______-_______ and destroy the transmitted information. Violators may be prosecuted. HIPAA Level One

  27. Reporting Suspected Violations Patient - Patient Complaint Form Work Staff – • Contact your facility privacy official • Call 1-888-55-ISSUE I’ve been violated! HIPAA Level One

  28. PENALTIES FOR VIOLATING • Civil • Innocently • Unintentionally • Criminal • Knowingly • With Intent *These penalties apply to the employee or the facility or both HIPAA Level One

  29. ~CIVIL PENALTIES~ • $100 for each violation • Up to $25,000/yr for all violations of an identical regulation HIPAA Level One

  30. ~CRIMINAL PENALTIES~ Knowingly releasing patient information in violation of HIPAA $50,000 fine or 1 yr. jail sentence or both Gaining access to health information under false pretenses $100,000 or 5 yr. jail sentence or both Releasing patient information with harmful intent $250,000 or 10 yr. jail sentence or both HIPAA Level One

  31. The End HIPAA Level One

More Related