1 Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer
2 HIPAA Privacy & Security Training Module 1
3 This module will address primary responsibilities in maintaining the privacy and security of sensitive information and protected health information (PHI) at GRMC During this training you will learn: HIPAA Privacy & Security Rules Patient identifiers under HIPAA How to recognize situations in which confidential and protected health information can be mishandled Ways to protect PHI That employees will be held responsible if they mishandle confidential or protected health information
4 Forms of Sensitive Information Sensitive information exists in various forms. printed spoken electronic It is the responsibility of every employee to protect the privacy and security of sensitive information in ALL FORMS.
5 Examples of Sensitive Information Social Security Numbers Credit Card Numbers Driver s License Numbers Personal Information Individually Identifiable Health Information The improper disclosure of sensitive information present the risk of identity theft, invasion of privacy, and can cause harm and embarrassment to staff and patients at GRMC.
6 What is the Health Insurance Portability & Accountability Act The Health Insurance Portability & Accountability Act, more commonly known as HIPAA, is a federal law designed to protect a subset of Sensitive Information known as protected health information (PHI). The law was: Established in 1996 Implemented April 14, 2003 Last amended January 25, 2013 This module focuses on two primary areas under HIPAA: HIPAA Privacy Rule HIPAA Security Rule
7 Section I Part A HIPAA Privacy Rule Overview
8 HIPAA Privacy Rule Basically, the HIPAA Privacy Rule states that covered entities have a duty to protect PHI. A covered entity is: A health plan A health care clearinghouse A health care provider who transmits any health information in electronic form in connection with a covered transaction. * This definition is not identical for the State of Texas. Under new regulations, Texas captures many more organizations and entities under a broader definition.
9 Protected Health Information (PHI) defined Protected Health Information or PHI is generally defined as: Any information that can be used to identify a patient whether living or deceased and which relates to the patient s past, present, or future physical or mental health condition, including health care services provided and payment for those services. Employees may access PHI only when necessary to perform their job-related duties
10 Any of the following are considered identifiers under HIPAA Patient names Geographic subdivisions (smaller than state) Telephone numbers Fax numbers Social Security numbers Vehicle identifiers addresses Web URLs and IP addresses Dates (except year) Names of Relatives Full face photographs/images Healthcare record numbers Account numbers Biometric identifiers (fingerprints) Device identifiers Health plan beneficiary number (example: MCR number) Certificate/license numbers Any other unique number or characteristic that can be linked to an individual
11 HIPAA Violation In general, HIPAA violations are enforced by the Department of Health and Human Services. However, regulations now permit states to bring civil actions AND monetary awards to be shared with harmed individuals. A healthcare facility and an employee were sued by a patient who alleged the facility sent documents containing her protected health information to a shared office fax machine in her place of business without her consent, causing her great embarrassment. Although the PHI was related to the employee s disability claims, it was sent to the wrong fax machine located in a common area of her office Confirm authorization instructions and verify telephone numbers before faxing.
12 Employee Access Having so much information on a computer system allows for better continuity of care but also opens up the opportunity for inappropriate access Employees must follow the hospital s policies and procedures regarding Confidentiality / HIPAA guidelines and always use good judgment when accessing patient information
13 Access Must Be Authorized An employee may only access or disclose a patient s PHI when this access is part of the employee s job duties. If an employee accesses or discloses PHI without a patient s written authorization or without a job related reason for doing so, the employee violates hospital policy and HIPAA.
14 Unauthorized Access It is never acceptable for an employee to look at PHI just out of curiosity, even if no harm is intended. It is never acceptable for an employee to access his/her own health information. This is against hospital policy. It makes no difference if the information relates to a VIP or a close friend or family. All information is entitled the same protection and must be kept private. These rules apply to all employees and health care professionals. Be aware that accessing PHI of someone involved in a divorce, separation, breakup, or custody dispute may be an indication of intent to use information for personal advantage, unless the access is job related. Such behavior will be considered by GRMC when determining disciplinary action.
15 HIPAA Violation A former UCLA Health System employee became the first person in the United States to receive jail time in a federal prison for a misdemeanor HIPAA offense. The employee used his access to the University s electronic medical records to view medical records of his supervisors, co-workers, and high profile patients. While none of the information was used or sold, the access was illegal because the employee lacked a valid reason for looking at the records. The ex-employee pled guilty to four misdemeanor counts of violating HIPAA. His sentence was four months in prison and a $2,000 fine.
16 Breaches A breach occurs when PHI or sensitive information is: Lost or stolen (i.e., losing a mobile phone or laptop computer which contained PHI) Improperly disposed of (i.e., documents containing PHI were not shredded) Accessed by people or programs that are not authorized to have access (i.e., someone hacking our computer system) Communicated or sent to others who have no official need to receive it (i.e., faxing PHI to the wrong individual)
17 What if there is a breach? Part of your responsibility as a hospital employee is to report privacy or security concerns involving PHI to the Compliance/HIPAA Officer. Debby Hernandez serves as the Compliance/HIPAA Officer and may be reached at (830) The Compliance/HIPAA Officer is ultimately responsible for investigating HIPAA complaints. Employees, volunteers, or contractors of GRMC may not threaten or take any retaliatory action against an individual for filing a HIPAA complaint. The Hospital is required to take reasonable steps to lessen effects of any breach, which may include notifying the individual whose information was breached and reporting the breach to the Secretary of Health & Human Services.
18 Penalties for breaches Breaches of the HIPAA Privacy and Security Rules may result in serious consequences. In addition to possible disciplinary actions imposed by GRMC, breaches may also result in civil and criminal penalties. Guadalupe Regional Medical Center may also be required to notify potentially affected individuals of breaches involving their PHI.
19 Breach Notification Requirements Improper disclosures or breaches of protected health information may require notification to authorities. Depending on the nature of the breach, notifications may have to be made to: The Department of Health and Human Services, All individuals whose information was breached, and The media
20 Quick Review Sensitive information exists in many forms: printed, spoken, and electronic. Sensitive information includes Social Security numbers, credit card numbers, driver s license numbers, personnel information, and PHI. Two primary HIPAA regulations are the Privacy Rule and the Security Rule An employee must have a patient s written authorization or a job-related reason for accessing or disclosing patient information. Breaches of privacy and security information may result in civil and criminal penalties, as well as hospital disciplinary procedures. Employees must report breaches to the HIPAA Officer.
21 Section I Part B HIPAA Privacy Rule Program Components
22 HIPAA Program Components HIPAA address several areas under the Privacy Rule. I will highlight a few of the areas, including: Individual Patient Rights Minimum Necessary Rule Special Circumstances as indicated in the Guadalupe Regional s Notices of Privacy Practices
23 Patient Rights HIPAA not only provides requirements for healthcare organizations (covered entities) with regards to protecting PHI, but it also created several patient rights under the Privacy Rule. Under this rule, patients have the right: To receive GRMC s Notice of Privacy Practices To Inspect and Copy their medical records To Amend their records if they feel information is incorrect or incomplete To an Accounting of Disclosures To Request Restrictions To Request Confidential Communications To Be Notified Of A Breach In Their Health Information To File a Complaint in the event the rights have been denied or PHI is not protected
24 Minimum Necessary Rule Under the HIPAA Privacy Rule, when the use or disclosure of PHI is permitted, only the minimum necessary information may be disclosed. However, this does not restrict the ability of physicians, nurses, and other healthcare providers to share information needed to treat patients, process payments, or carryout healthcare operations.
25 Disclosures of PHI HIPAA regulations permit use or disclosure of PHI for: Providing medical treatment Processing healthcare payments Conducting healthcare operations Employees may not otherwise access or disclose PHI unless: The patient has given written permission It is within the scope of the employee s job duties Permitted by law
26 Special Circumstances Guadalupe Regional identifies special circumstances that require the patient s permission and/or written authorization in order for information to be shared. The following is a listing of some common situations where patients will be asked for permission and/or written authorization to release information. Release of patient information on the hospital s directory Release of patients religious affiliation to members of the clergy Release of information to individuals involved in your care Release of PHI for marketing and fundraising use Release of a patient s psychotherapy notes Sale of PHI
27 Special Circumstances (Continued) Authorization for these special circumstances may be canceled at any time in writing. If a patient cancels the authorization, GRMC will no longer use or share information about you for the reasons listed or covered by your written authorization.
28 Marketing & Fundraising Without an authorization, GRMC may not use information about the medical treatment of an individual for targeted fundraising or marketing. The Notice of Privacy Practices and other general fundraising and marketing communications must advise patients of the right to opt out of being contacted for fundraising and marketing purposes.
29 Business Associates An outside company or individual is a HIPAA Business Associate of the Hospital if they provide services involving PHI that is maintained by the Hospital. Under HIPAA, a Business Associate must: Enter into a Business Associate Agreement with the hospital Use appropriate safeguards to prevent the use or disclosure of PHI other than as permitted by the contract Notify the hospital in the event of a breach Ensure that their employees and subcontractors received HIPAA training Protect PHI to the same degree as the hospital
30 Quick Review Under the HIPAA rule, patients have designated rights. The Hospital may use or share only the minimum necessary information to perform its duties. HIPAA permits disclosure of PHI for treatment, payment, and healthcare operations. The Hospital must obtain an individual s specific authorization for certain circumstances, including but not limited to marketing or fundraising.
31 Section II HIPAA Security Rule Overview
32 HIPAA Security Rule The HIPAA Security Rule concentrates on safeguarding protected health information (PHI) by focusing on the confidentiality, integrity, and availability of PHI. Confidentiality means that the data or information is not made available or disclosed to unauthorized persons or processes. Integrity means that the data or information has not been altered or destroyed in an unauthorized manner. Availability means that the data or information is accessible and usable upon demand only by an authorized person.
33 Security Standards/Safeguards The Hospital is required to have administrative, technical, and physical safeguards to protect the privacy of PHI. Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure in computer systems (including social networking sites such as Facebook, Twitter and others). Limit accidental disclosures (such as discussions in waiting rooms and hallways); and Include practices such as document shredding, locking doors and file storage areas, and use of passwords and codes for access.
34 HIPAA Violation A physician at Westerly Hospital in Rhode Island was fired for posting information on Facebook about a patient she treated. Although the posting did not reveal the patient s name, there was enough information that others could easily identify him or her. The information also indicated the patient had problems with alcohol and marijuana abuse. Hospital employees should never disclose work related sensitive information through social media such as Facebook and Twitter.
35 Malicious Software Viruses, worms, spyware, and spam are examples of malicious software, sometimes known as malware. To minimize the spread of malicious software, employees should: Use the hospital s anti-virus and anti-spyware software. Use safe internet browsing habits Minimize personal use of the internet
36 Safe Use An employee whose work involves the transmission of sensitive information or PHI must encrypt the data UNLESS the data is transmitted within the hospital network. Employees sending transmissions containing PHI (outside of the hospital network) should consult with the Compliance/HIPAA Officer for approval and/or to ensure proper safeguards are in place. Do not open attachments if the message looks suspicious. When in doubt, throw it out Do not respond to spam delete the .
37 Password Control Use strong passwords where possible (at least 6 characters, containing a combination of alpha-numeric). Change your passwords frequently to prevent hackers from using automated tools to guess your password (at minimum bi-annually). It is a violation of hospital policy to share your password with anyone. Electronic audit records track information based on activity associated with User IDs. The Compliance/HIPAA Officer uses audit reports based on User IDs. If you share your password to an individual and that individual accesses information inappropriately, it will be YOUR ID associated with the access.
38 Mobile Devices If you use mobile computing devices such as laptop PCs, PDAs such as ipads, iphones, Blackberrys, smart phones, or regular cell phones to store and send information, do not send PHI. Employees are required to utilize the following security controls when storing and transmitting sensitive information. Strong power on passwords (numeric, pattern, etc) Automatic log-off Screen lock at regular intervals while the device is inactive. Laptop PCs which are used as part of your job related activities must have encryption is place. Never leave mobile devices unattended in an unsecured area. Immediately report the loss or theft of any mobile device.
39 HIPAA Violation Martin Memorial Center in Florida took disciplinary action against several employees for taking pictures of a shark attack victim with their cellular phones. Penalties for employees who took the photos ranged from written warnings and demotions to suspension.
40 Portable Storage Devices Whenever possible, avoid using external storage devices to store Sensitive Information and PHI. If you must store Sensitive Information or PHI, ensure you have at minimum a password and auto lock on your storage device. Additional securities such as ENCRYPTION are also available on most phones. Use portable storage devices only for transporting information, and not to permanently store information. Once information has been used, erase it from the device. Ensure safe keeping of portable devices. Immediately report loss of any storage device to the Director of Information Technology at extension 7523.
41 Remote Access All computers and mobile devices used to connect to the hospital s network or systems from home or other off-site location should meet the same minimum safety standards that apply to your work PC. Anyone requesting Remote Access must receive approval by his/her Administrator and the Compliance/HIPAA Officer. To ensure safeguards are in place, employees should: Make use of the hospital s Virtual Private Network (VPN) at home or off-site and transmit PHI only to locations within the hospital s network, otherwise the data must be ENCRYPTED. Run Windows Update or the update features of the particular operating software. Keep anti-virus software up to date.
42 Communications in Public Areas Be aware of your surrounding when discussing Sensitive Information, including PHI. Do not discuss sensitive information or PHI in public areas. Use caution when conducting conversations in: Semi-private rooms Waiting Areas Corridors Elevators
43 Appropriate Disposal of Data Observe the following procedures for the appropriate disposal of sensitive information, including PHI. Paper should be properly shredded or placed in a secured bin for shredding later. Magnetic media such as disks, tapes, or hard drive must be physically destroyed or wiped using approved software or procedures. CD ROM disk must be rendered unreadable by shredding, defacing the recording surface, or breaking. For more information on appropriate disposal of data, contact the Director of Information Technology. Sensitive information and PHI should never be placed with the regular trash.
44 Physical Security Equipment such as PCs, servers, mainframes, fax machines, and copiers must be physically protected. Computer screens, copiers, and fax machines must be placed so that they cannot be accessed or viewed by unauthorized personnel. Computer systems with access to patient information must be LOGGED OFF or SUSPENDED when left unattended. Servers and mainframes must be in a secure area where physical access is controlled
45 Disciplinary Actions Employees who violate the Guadalupe Regional Medical Center s HIPAA and confidentiality policies or guidelines will be subject to disciplinary action as well as possible criminal or civil penalties.
46 Employee Responsibilities Comply with hospital policies and guidelines. Access information only as necessary for your authorized job responsibilities. Keep your passwords confidential. Immediately report HIPAA Privacy and Security concerns. Avoid storing sensitive information on mobile devices and portable media, and if you must, make sure the device is encrypted. Always keep portable devices physically secure to prevent theft and unauthorized access. Follow procedures for proper disposal of PHI. Do not hold discussion of PHI in public areas.
HIPAA Developed by The University of Texas at Dallas Callier Center for Communication Disorders Purpose of this training Everyone with access to Protected Health Information (PHI) must comply with HIPAA
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help
HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you
Catholic Health HIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT and HITECH Health Information Technology for Economic and Clinical Health Act 1 Objectives of HIPAA & HITECH Training Understand
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
HIPAA Privacy and Security Course ID: 1020 - Credit Hours: 2 Author(s) Kevin Arnold, RN, BSN Accreditation KLA Education Services LLC is accredited by the State of California Board of Registered Nursing,
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
HIPAA/ HITECH HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY ACT Health Information Technology for Economic and Clinical Health Act Revised 4/4/14 1 Your Accountability Quality Care Compliance Reputation
HIPAA Privacy & Security Rules HITECH Act Applicability If you are part of any of the HIPAA Affected Areas, this training is required under the IU HIPAA Privacy and Security Compliance Plan pursuant to
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.
HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the
PROTECTING PATIENT PRIVACY and INFORMATION SECURITY 2 PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY 3 INTRODUCTION As an agency employee, student,
HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus firstname.lastname@example.org Office of General Counsel University of Texas System April 10,
HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc email@example.com 202-667-0016 - HIPAA Hotline Self-Study Module Requirements Read all program slides and complete test. Complete
HIPAA PRIVACY AND SECURITY AWARENESS Covering Kids and Families of Indiana April 10, 2014 GOALS AND OBJECTIVES The goal is to provide information to you to promote personal responsibility and behaviors
NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
HIPAA Privacy and Security Cindy Cummings, RHIT February, 2015 1 HIPAA Privacy and Security The regulation is designed to safeguard Protected Health Information referred to PHI AND electronic Protected
JOINT NOTICE OF OUR HEALTH INFORMATION PRACTICES THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Jennings
Privacy & Security of Patient Information 2010 S&W PRIVACY UPDATE This module is intended to review the policies and procedures of Scott and White that address the HIPAA Privacy Regulations. The module
Welcome to the HIPAA, Privacy & Security Training Module THIS TRAINING MODULE IS APPROVED FOR NON-COMMERCIAL USE ONLY. Copyright protected by the University of North Carolina at Chapel Hill, 2013-15 During
PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING PURPOSE The purpose of this policy is to describe the procedures by which Workforce members of UCLA Health System and David Geffen School of Medicine
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability
Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate
Annual Compliance Training HITECH/HIPAA Refresher January 2015 Sisters of Charity of Leavenworth Health System, Inc. All rights reserved. 1 Annual Refresher Training Welcome to the SCL Health System Compliance
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
New York State Office of Mental Health Bureau of Education and Workforce Development HIPAA Awareness Training This training material was prepared for internal use by the New York State Office of Mental
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
HIPAA Security Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH What is this? Federal Regulations August 21, 1996 HIPAA Became Law October 16, 2003 Transaction Codes and Identifiers
INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL 1 INTRODUCTION The County of Imperial Information & Technical Services (ITS) Security Policy is the foundation of the County's electronic information
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
HIPAA - Privacy And Security Audit For Provider Practices THIS IS A MODEL AUDIT. IT WILL NEED TO BE CHANGED TO MEET THE PARTICULAR NEEDS AND CIRCUMSTANCES OF ANY TRUSTED SOURCES DEVELOPING AN AUDIT. The
I II Compliance Compliance I Compliance II SECTION ONE COVERED ENTITY RESPONSIBILITIES AREA ONE Notice of Privacy Practices 1 Is your full notice of privacy practices given to every new patient in your
Information Security and Privacy WHAT is to be done? HOW is it to be done? WHY is it done? 1 WHAT is to be done? O Be in compliance of Federal/State Laws O Federal: O HIPAA O HITECH O State: O WIC 4514
Network Security for End Users in Health Care Virginia Health Information Technology Regional Extension Center is funded by grant #90RC0022/01 from the Office of the National Coordinator for Health Information
Information Security Handbook for Employees Providing our patients with excellence in healthcare includes protecting their information This handbook was prepared by Tom Walsh Consulting, LLC for the Kansas
Health Insurance Portability and Accountability Act (HIPAA) Compliance Training 1 Objectives By the end of this lesson, you should be able to: Define protected health information (PHI) covered under HIPAA
HIPAA Notice of Privacy Practices Date of Last Revision: 09/20/2013 Effective Date: Immediately THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
Contents HIPAA Overview... 2 Who must comply?... 2 Privacy Standard... 3 Protected Health Information (PHI)... 3 Minimum Necessary Rule... 4 Requests for PHI... 5 Acceptable PHI Releases... 5 Special Circumstances...
Compliance HIPAA Training Steve M. McCarty, Esq. General Counsel Sound Physicians 1 Overview of HIPAA HIPAA contains provisions that address: The privacy of protected health information or PHI The security
MERCY HEALTH MEDICAL TRANSPORTATION SERVICES PRIVACY NOTICE Revised Notice Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
A White Paper for Health Care Professionals Preparing for the HIPAA Security Rule Introduction The Health Insurance Portability and Accountability Act (HIPAA) comprises three sets of standards transactions
The Health Insurance Portability and Accountability Act (HIPAA) and Client Privacy Statement This notice describes how your medical information may be used and disclosed and how you can get access to this
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able
NC DPH: Computer Security Basic Awareness Training Introduction and Training Objective Our roles in the Division of Public Health (DPH) require us to utilize our computer resources in a manner that protects
NOTICE OF PRIVACY PRACTICES COMPLETE EYE CARE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. firstname.lastname@example.org www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
Notice of Privacy Practices Pueblo Radiology Medical Group, Inc. Pueblo Radiology Associates, Inc. Central Coast Radiology Associates, Inc. Santa Barbara Women s Imaging Center Effective Date: September
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
LAWRENCE COUNTY MEMORIAL HOSPITAL Lawrenceville, Illinois NOTICE OF PRIVACY PRACTICES Effective April 14, 2003 Revised May, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU WILL BE USED AND
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
HIPAA Training: Ensuring Privacy for our Patients The purpose of the HIPAA Privacy Rule is to prevent inappropriate use and disclosure of individual health information, most commonly referred to as protected
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of
HIPAA Security Training Manual The final HIPAA Security Rule for Montrose Memorial Hospital went into effect in February 2005. The Security Rule includes 3 categories of compliance; Administrative Safeguards,
HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns Boulder County Public Health Volunteer/Intern Services 3450 Broadway Boulder, CO 80304 1 Boulder