2 HIPAA Training: Ensuring Privacy for our Patients The purpose of the HIPAA Privacy Rule is to prevent inappropriate use and disclosure of individual health information, most commonly referred to as protected health information (PHI). It is not a one-time implementation project. HIPAA entails ongoing responsibilities that must be incorporated into Health Care Facilities' culture and business processes.
3 The HIPAA Training will Help You Understand: What is HIPAA/The Privacy Law? Who has to follow the HIPAA LAW? When do we start? Why is HIPAA important? What are an entity s responsibilities? Where can you get help with HIPAA? What does this mean for you?
4 What is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act a federal law that: Protects the privacy of a patient s personal and health information Provides for electronic and physical security of personal and health information Simplifies billing and other transaction Who has to follow the HIPAA Law? EVERYONE
5 Q? What Health Information Is Protected by the Privacy Rule? A: With certain exceptions, the Privacy Rule protects a subset of individually identifiable health information, known as protected health information or PHI, that is held or maintained by covered entities or their business associates acting for the covered entity. The Privacy Rule does not protect individually identifiable health information that is held or maintained by entities other than covered entities or business associates that create, use, or receive such information on behalf of the covered entity.
6 Who is Covered by the Privacy Rule? Health Plans. Individual and group plans that provide or pay the cost of medical care are covered entities. Health plans include health, dental, vision, and prescription drug insurers, health maintenance organizations ( HMOs ), Medicare, Medicaid, Medicare+Choice and Medicare supplement insurers, and long-term care insurers (excluding nursing home fixed-indemnity policies). Health Care Providers. Every health care provider, regardless of size, who electronically transmits health information in connection with certain transactions, is a covered entity. Health Care Clearinghouses. Health care clearinghouses are entities that process nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa. In most instances, health care clearinghouses will receive individually identifiable health information only when they are providing these processing services to a health plan or health care provider as a business associate.
7 A Covered Entity is one of the following: A Health Care Provider This includes providers such as: Doctors Clinics Psychologists Dentists Chiropractors Nursing Homes Pharmacies...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard. A Health Plan This includes: Health insurance companies HMOs Company health plans Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs A Health Care Clearinghouse This includes entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
8 Q? Does the Privacy Rule permit a covered entity to use or disclose protected health information pursuant to an Authorization form that was prepared by a third party? A:Yes, A covered entity is permitted to use or disclose protected health information pursuant to any Authorization that meets the Privacy Rule s requirements at 45 CFR The Privacy Rule requires that an Authorization contain certain core elements and statements, but does not specify who may draft an Authorization (i.e., it could be drafted by any entity) or dictate any particular format for an Authorization. Thus, a covered entity may disclose protected health information as specified in a valid Authorization that has been created by another covered entity or a third party, such as an insurance company or researcher.
9 The training focus is on learning what responsibilities you have in order to ensure compliances with HIPAA Privacy and HIPAA Security Regulations. HIPAA PRIVACY Protected Health Information Minimum Necessary Patient Rights Notice of Privacy Practices Privacy Policies Privacy Officer Reporting Privacy Concerns HIPAA SECURITY Electronic Protected Health Information User Identity Password Management Appropriate Use of Computing Devices Security Policies Security Officer Reporting Security Concerns
10 When do we start? NOW!
12 Privacy what is it? Our right to keep information about ourselves from others if we choose. We expect that Healthcare providers and workers will protect the privacy of the information they learn about us. But Sometimes our privacy is violated, even by those we most trust to protect it!
13 For example The Situation: One of the Country singer s medical records were sold to the National Enquirer and Star tabloids by a hospital employee for $2,610. The Result: The public s trust in the hospital was damaged, and a valued patient s reputation was compromised.
14 An Overview of the Law HIPAA Health Insurance and Portability Act of 1996 Title I Portability Title II Administrative Simplification Title III Medical Savings Accounts Title IV Group Health Plan Provisions Title V Revenue Offset Provision PRIVACY EDI SECURITY Use and Disclosure of PHI Transactions Administrative Procedures Indivdual Rights Code Sets Physical Safeguards Administrative Requirements Identifiers Technical Security Services Technical Security Mechanisms
15 The Privacy Law Protects patients privacy Supports our value of respecting patients interests. Restores the public s faith in each of us as healthcare professionals, and in ACHN.
16 The Privacy Law Protects all health information created by a ACHN s healthcare provider. Defines who is allowed to see or use a patient s private health information
17 The Privacy Law Protects the information whether it is: Oral Written Electronic
18 Why is Patient Privacy important? Safeguards protected identifiable patient health information Provides patients with more control over what happens with their information Continues
19 Why is it Important?, continued Provides patients with informed choices about how their information is used Balances our need to use information to treat patients, with the patient s desire/need for privacy
20 What Does the Law Include? Protected Health Information (PHI) Protects information known as PROTECTED HEALTH INFORMATION (PHI) that exists in written, oral, and electronic formats.
21 Definition of Protected Health Information Any information created or received by a health care provider, health plan, public health authority, employer, life insurer Relates to the physical or mental health or condition of an individual; the provision of health care to an individual; or the payment for the provision of health care to an individual.
22 Protected Health Information Includes, But is Not Limited to: Medical Records Billing information (bills, receipts, etc.) Labels on IV bags Telephone notes (in certain situations) Test results Patient information on a palm device X-rays Clinic lists Example
23 Name Birth Date Fax Number Account Number Street Address Admission Date Electronic mail address Certificate/License Number License Plate Number City Discharge Date Social Security Number Protected Health Information Examples of PHI Vehicle and Serial Number Device Identifier and Serial Number Precinct Date of Death Medical Record Number Internet Protocol Number Full Face Photographic Images Zip Code Telephone Number Health Plan Beneficiary Number Biometrics Identifiers (i.e. finger prints) Any Other Unique Identifying Number, Characteristic, or Code
24 Q? What Patient Information Must We Protect? A: We must protect an individual s personal and health information that is: Created, kept, filed, used or shared Written, spoken, or electronic HIPAA says that this information is Protected Health Information (PHI) Examples of PHI (Protected Health Information) A person s name, address, birth date, age, phone and fax numbers, address
25 Medical records, diagnosis, xrays, photos, prescriptions, lab work and test results Billing records, claim data, referral authorizations, explanation of benefits Research records The ACHN May Create, Use and Share a Person s PHI for Treatment of the patient, including appointment reminders Payment of health care bills And for Certain Other Activities, including: Medical Staff activities Business and management operations Disclosures required by law Public Health and other governmental reporting For many other uses and disclosures of PHI, ACHN must get a signed authorization from the patient, (e.g., to disclose PHI to the media
26 What Are the Responsibilities of the ACHN? Provide patients with a notice of privacy practices. Protect the information from use or disclosure to those not allowed to see it by law or by the patient. Investigate complaints of breaches of confidentiality. Discipline breaches of confidentiality.
27 The Notice of Privacy Practices Describes the rights the person has to protect their information. Describes the duties we have to the patient to protect their information. Informs the patient about the complaint and investigation process. Must be given to a patient before the first treatment encounter and written acknowledgment obtained.
28 What are the Patient s Rights? To have their information protected To be provided with a notice of our privacy practices To have their questions answered To see their information if they wish (restrictions apply) To obtain copies of their records (for a fee) To request to change their records To limit (under specific circumstances) the use/disclosure of their information
29 Q? Does the HIPAA Privacy Rule require my doctor to send my medical records to the government? A: No. The Rule does not require a physician or any other covered entity to send medical information to the government for a government data base or similar operation. This Rule does not require or allow any new government access to medical information, with one exception: the Rule does give the Department of Health and Human Services Office for Civil Rights (OCR) the authority to investigate complaints that Privacy Rule protections or rights have been violated, and otherwise to ensure that covered entities comply with the Rule. For enforcement purposes, OCR may need to look at how a covered entity handled medical records and other personal health information, as is typical in many enforcement settings. This investigative authority is needed so that the Rule can be enforced, and to ensure the independent review of consumers concerns over privacy violations. Even so, the Privacy Rule limits disclosures to OCR to information that is pertinent to ascertaining compliance. OCR will maintain stringent controls to safeguard any individually identifiable health information that it receives. If covered entities could avoid or ignore enforcement requests, consumers would not have a way to ensure an independent review of their concerns about privacy violations under the Rule.
30 What Must I Do to Ensure Patient Privacy? Be aware of who is around you when you are discussing patient information Dispose of information appropriately Use cover sheets for faxing Share information only with those who are allowed to have it When in doubt, ask for help
31 What Does This Mean for You? Be careful with information to which you have access. Ask yourself: Am I allowed to have this information? Is it required for me to do my job? Is the person with whom I am about to share this information allowed to receive it? Do they need the information to do their job? If I were the patient, and this were my information, how would I feel about it being shared?
32 Health Information Technology Health information technology (health IT) involves the exchange of health information in an electronic environment. Widespread use of health IT within the health care industry will improve the quality of health care, prevent medical errors, reduce health care costs, increase administrative efficiencies, decrease paperwork, and expand access to affordable health care. It is imperative that the privacy and security of electronic health information be ensured as this information is maintained and transmitted electronically
33 You Should be Aware of Patient Privacy in Ensuring computer security Sending/receiving faxes Disposing of information Using/disclosing information Conducting everyday-work practices Each of these aspects of Patient Privacy are discussed in detail in the next few slides.
34 Ensuring Computer Security Never share passwords. Lock workstation/log off when leaving a workstation. Position workstation so screen does not face a public area if possible. Be careful when sending containing patient-identifiable information. Avoid it if possible. Refer to your ACHN s guidelines. Continues
35 Sending/Receiving Faxes Fax is the least controllable type of communication When faxing information: Use a cover sheet!! Verify you have the correct fax number, and The receiving fax machine is in a secure location, and/or the receiver is available immediately to receive the fax Continues
36 Sending/Receiving Faxes continued When receiving faxed patient information Immediately remove the fax transmission from the fax machine, and deliver it to the recipient. If information has been sent in error, immediately inform the sender, and destroy the faxed information (deposit in shredding bin, or other method).
37 Disposing of Information Do not place identifiable health information in regular trash! Rip, shred, or otherwise dispose of identifiable health information Check on ACHN policy/procedure on the correct method for disposal of protected health information.
38 Q? What is "protected health information" (PHI) and "electronic protected health information" (ephi) under HIPAA? A: Under the HIPAA Privacy Rule, protected health information (PHI) refers to individually identifiable health information. Individually identifiable health information is that which can be linked to a particular person. Specifically, this information can relate to: The individual's past, present or future physical or mental health or condition, The provision of health care to the individual, or, The past, present, or future payment for the provision of health care to the individual. Common identifiers of health information include names, social security numbers, addresses, and birth dates. The HIPAA Security Rule applies to individual identifiable health information in electronic form or electronic protected health information (ephi). It is intended to protect the confidentiality, integrity, and availability of ephi when it is stored, maintained, or transmitted.
39 Using and Disclosing Information The next few slides describe ways of using and disclosing information, including Authorizations TPH /TPO (explained in next slide) Incidental Use or Disclosure Authentication
40 Using and Disclosing Information You may use/disclose patient information without specific authorization from the patient for Treating a patient (Treatment) Getting paid for treating a patient (Payment) Other healthcare operations (Operations) Collectively known as TPO or TPH Continues
41 Authentication To the degree practicable you must ensure that the person to whom you give the information is the person allowed to receive it. In other words, be certain to ask for identification! Continues
42 About Authorizations What is an Authorization? Permission from the patient to release information Must be obtained where Protected Health Information is used for other than TPH (except psychotherapy) Is time limited May be revoked by the patient What is Needed for an Authorization? State to whom information will go State for what purpose the information will be used State what information will be sent
43 Q? When is an authorization required from the patient before a provider or health plan engages in marketing to that individual? A: The HIPAA Privacy Rule expressly requires an authorization for uses or disclosures of protected health information for ALL marketing communications, except in two circumstances: When the communication occurs in a face-to-face encounter between the covered entity and the individual; or The communication involves a promotional gift of nominal value. If the marketing communication involves direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is involved.
44 There are Times when Information May be Disclosed Without Authorization If Required by Law Court Order Subpoena Public-Health Reporting Incidental Disclosures Overhearing a patient s conversation with their doctor or nurse in a semi-private room These are discussed in more detail on the following slides
45 Disclosures Required by Law If the release complies with and is limited to what the law requires, you may give information to (see Authentication below) Public health authorities Health oversight agencies Employers responsible for workplace surveillance Must post notice of privacy practices Medical Examiners, and Funeral Directors Organ procurement organizations
46 Minimum Necessary The Privacy Law generally requires that we all take reasonable steps to limit the use or disclosure of, and requests for Protected Health Information (PHI) to the minimum amount of information necessary to accomplish the intended purpose. The next slide provides details on instances where minimum necessary does not apply.
47 Minimum Necessary Does not apply to: Disclosures to a health care provider for treatment purposes or made at the direction of an authorization by the patient. Disclosures to the patient themselves. Uses/disclosures required for compliance with standardized HIPAA transactions. Disclosures to DHHS required under the rule for enforcement. Uses/disclosures required by other law.
48 Accounting for Disclosures Upon request, covered entities must provide patients with a list of those to whom they have disclosed the patient s information except for Instances when the information is disclosed to the individuals themselves. When it was used/disclosed for TPO, or Under a specific authorization
49 How to Account for Disclosures Unless limited by the request, the accounting must cover the full six years prior to the request, but not earlier than April 14, 2003, and must include To whom information was disclosed When it was disclosed What was disclosed Why it was disclosed
50 Conducting Your Everyday-Work Practices Think about how and when you disclose patient identifiable data. Look for opportunities to reduce unnecessary uses and/or disclosures. What data do you create? What data do you send to others outside where you are working? For what purpose? What data do you receive from others? For what purpose? Continues
51 Conducting Your Everyday-Work Practices For Communicating information. Recording and keeping information. Transporting and disposing information. Watch where you talk about patients. Be careful with whom you speak Are they allowed to receive the information? Why? Talking at a party about a patient you have seen just because it is interesting should not be done. Remember is not always safe. Think twice before sharing information about patients.
52 Who is Responsible? We are all responsible! Anyone who cares for patients, is responsible for using identifiable information in order to perform their jobs Anyone who works that involve patient identifiable information
53 How to Get Help or Report a Privacy Concern or Breach Contact Your ACHN management The ACHN privacy officer Consult the appropriate ACHN policy.
54 Organizational and Administrative Requirements A Privacy Officer must be appointed to implement and develop privacy policies and procedures for the agency. ACHN must train all employees on privacy policies and procedures. Must amend all business associate to establish the permitted and required uses and disclosures of PHI. Must verify the identity and authority of person requesting PHI.
55 Guidelines for Recording and Keeping / Disposing of information You are responsible for protecting the information. Password protect files Encrypt when possible Dispose of information correctly Rip, shred, or otherwise destroy those 3x5 cards or notes about patients. Do not leave records and x-rays lying around conference rooms, lounges, etc.! If you find PHI lying around return it or destroy it.
56 Summery of HIPAA Privacy ACT
57 The Privacy Rule The HIPAA Privacy Rule establishes national standards to protect individuals medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
58 Who has to follow HIPAA? Everyone!
59 Why is HIPAA important? Protecting privacy is important! We all want our PHI to be private Our clients want their PHI to be private It s the right thing to do It s the law
60 What are the Penalties for Not Complying Failure to Comply (usually institutional) $100 per violation $25,000 maximum for all violations of a single requirement Wrongful Disclosure (individuals or institutions) $50,000 and/or imprisonment up to 1 year $100,000 and/or imprisonment up to 5 years, if under false pretenses $250,000 and/or imprisonment up to 10 years, if intent to sell information
61 How is Law Enforcement Affected? Protected Health Information may be released to law enforcement for the following purposes only: Responses to legal proceedings Information requests for identification and location Circumstances pertaining to victims of a crime Deaths suspected from criminal conduct Medical emergencies Again, release of information must be tracked carefully with documentation
62 HIPAA Requires the ACHN to: Give each patient a Notice of Privacy Practices that describes: How the ACHN can use and share his or her protected health information (PHI) A patient s privacy rights Asks every patient to sign a written acknowledgment that he/she received the Notice of Privacy Practices The Notice Explains What ACHN Can Do With PHI. You can contact Privacy Officer to ask questions or get a copy of the Notice
63 What can happen if we don t follow HIPAA? Someone who does not protect a person s personal and/or health care privacy could: Lose his/her job Pay fines Go to jail
64 Fines? Fines range from $50,000 to $250,000 per incident Penalties for Not Complying
65 Jail? Jail terms can be up to 10 years per incident Penalties for Not Complying
66 When do we have to protect PHI? NOW!
67 ACHN Board may create, use and share a person s PHI for: Treatment Billing and Payment Agency Business Management and Operations Disclosures Required by Law Public Health and Other Governmental Reporting
68 Minimum Necessary Scenarios Example, Myth / Facts & Qs
69 Example # 1 A patient that I cared for in the ICU was transferred to a medical unit. May I look in the patient s record to see how she is doing? May I call the unit and talk to the nurse who is now caring for her? As much as this may reflect your compassion and concern for patients whom you have taken care of in the past, you may not inquire into her status unless there is a job-related reason. For example, if you have to complete a note in her record after she has left your unit, you may access her record to complete your note. Minimum Necessary
70 Example #2: I happened to be using the copier in the office when a fax arrived. I did not read any of the details but recognized the client name on the incident report. I did not do anything with the information and kept it to myself. Did I do the right thing?
71 Myth One provider cannot send medical records of a patient to another provider without that patient s consent Fact: No consent is necessary for one provider to transfer a patients' office for treatment purpose. The privacy Regulation specifically states that a provider is permitted to use or disclose protected health information for treatment, payment, or health care operation, without patient consent.
72 Q? Can health care information be shared in a severe disaster? A: Providers and health plans covered by the HIPAA Privacy Rule can share patient information in all of the following ways: TREATMENT: Health care providers can share patient information as necessary to provide treatment. NOTIFICATION: Health care providers can share patient information as necessary to identify, locate, and notify family members, guardians, or anyone else responsible for the individual's care of the individual's location, general condition, or death. IMMINENT DANGER: Providers can share patient information with anyone as necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public -- consistent with applicable law and the provider's standards of ethical conduct. FACILITY DIRECTORY: Health care facilities maintaining a directory of patients can tell people who call or ask about individuals whether the individual is at the facility, their location in the facility, and general condition. Q? Is the HIPAA Privacy Rule suspended during a national or public health emergency? Answer: No; however, the Secretary of HHS may waive certain provisions of the Rule under the Project Bioshield Act of 2004 (PL )
HIPAA Training: i Ensuring Privacy for our Patients Privacy Training for Harvard Medical Students Goals By the end of this program you will be able to Explain the basic principles of the Privacy Rule Understand
APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY Who Presents this
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL
Original Effective Date: April 1, 2003 Effective Date of Last Revision: July 15, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
NOTICE OF PRIVACY PRACTICES Effective Date: September 20, 2013 Last Modified: May 12, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. EFFECTIVE September 15, 2014 This Notice of
JOINT NOTICE OF PRIVACY PRACTICES Cumberland County Hospital System d/b/a Cape Fear Valley Health System EFFECTIVE: September 23, 2013 THIS JOINT NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT
Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL 34239 Phone 941.954.9990 Fax 941.954.9995 NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY
AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law
Page 1 of 6 NOTICE OF PRIVACY PRACTICES Revised: June 15, 2014 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
PEPPERDINE UNIVERSITY HIPAA Policies Procedures and Forms Manual 1 Table of Contents I. INTRODUCTION... 4 A. GENERAL POLICY... 4 B. SCOPE... 4 II. DEFINITIONS... 5 III. GENERAL POLICIES AND PROCEDURES...
The Family Counseling Center of Fulton County NOTICE OF PRIVACY PRACTICES This notice describes the privacy practices of The Family Counseling Center of Fulton County and the privacy rights of the people
HIPAA NOTICE OF PRIVACY PRACTICES Human Resources Department 16000 N. Civic Center Plaza Surprise, AZ 85374 Ph: 623-222-3532 // Fax: 623-222-3501 TTY: 623-222-1002 Purpose of This Notice This Notice describes
University of California Policy HIPAA Uses and Disclosures Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance and Audit Services Effective
Alliance for Clinical Education (ACE) Student HIPAA Training Health Insurance Portability and Accountability Act of 1996 October 2003 1 Objectives Understand the HIPAA Privacy rules and regulations Understand
HIPAA In The Workplace What Every Employee Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security
NOTICE OF PRIVACY PRACTICES THIS NOTICE OF PRIVACY PRACTICES ( NOTICE ) DESCRIBES HOW WE MAY USE OR DISCLOSE YOUR HEALTH INFORMATION AND HOW YOU CAN ACCESS TO SUCH INFORMATION. PLEASE READ IT CAREFULLY.
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
Texas HB 300 HB 300: Background Texas House Research Organizational Bill Analysis for HB 300 shows state legislators believed HIPAA did not provide enough protection for private health information (PHI)
1 PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Privacy Notice is being
HIPAA Happenings in Hospital Systems Donna J Brock, RHIT System HIM Audit & Privacy Coordinator HIPAA Health Insurance Portability and Accountability Act of 1996 Title 1 Title II Title III Title IV Title
Effective as of August 6, 2004 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. We are required
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION PLEASE REVIEW IT CAREFULLY. DEFINITIONS PROTECTED HEALTH INFORMATION (PHI):
SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: firstname.lastname@example.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION
NOTICE OF PRIVACY PRACTICES TEMPLATE Sections highlighted in yellow are optional sections, depending on if applicable Original Date: ##/##/#### Revised per HIPAA Omnibus Rule ##/##/#### Revised Date Implementation:
Objectives At the conclusion of this presentation, students will be able to: Describe the federal requirements of the HIPAA/HITECH regulations that protect the privacy and security of confidential data.
HIPAA Privacy & Security Training for Clinicians Agenda This training will cover the following information: Overview of Privacy Rule and Security Rules Using and disclosing Protected Health Information
-4539 Telephone: (973) 397-6500 Mail Address: P.O. Box 1935 Morristown, NJ 07962-1935 NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU
Effective Date: 5/18/15 NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
Original effective date: 2003 Effective date of last Revision: July 17, 2013 CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES Caring Hospice Services of Connecticut Caring Hospice Services of New York
HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may
Notice of Privacy Practices KAISER PERMANENTE NORTHERN CALIFORNIA REGION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
Health Insurance Portability and Accountability Act HIPAA Privacy Standards Healthcare Provider Training Module Copyright 2003 University of California Click the arrow to start the YouTube video in a separate
A A E S C Albuquerque Ambulatory Eye Surgery Center NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
Notice of Privacy Practices KAISER PERMANENTE COLORADO REGION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. General Information To comply
HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N 1 COURSE OVERVIEW This course is broken down into 4 modules: Module 1: HIPAA Omnibus Rule - What you need to know to remain
Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of
, Gary lsh!urology ASSOCIATES OF HOUSTON, P.A. S. Hurwitz, M.D., F.A.C.S. Douglas S. Dow, M.D., F.A.C.S. Nathaniel L. Barnes, M.D., F.A.C.S. Thanh A. Nguyen, M.D., F.A.C.S. Matthew D. Hoggatt, M.D. Notice
Notice of Privacy Policies Form ***This notice describes how medical information about you may be used and disclosed and how you can get access to this information. PLEASE READ IT CAREFULLY!*** The tells
HIPAA Basics Health Insurance Portability and Accountability Act of 1996 HIPAA: What Is HIPAA? Protects the privacy of healthcare informa@on for all Americans, including the individuals you support Protects
GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM DATE: CHART#: GUARANTOR INFORMATION LAST NAME: FIRST NAME: MI: ADDRESS: HOME PHONE: ADDRESS: CITY/STATE: ZIP CODE: **************************************************************************************
Notice of Patients Rights and Privacy Protections under Federal Privacy Laws (HIPAA) The Health Insurance Portability and Accountability Act of 2013, commonly referred to as HIPAA, requires this office
Privacy Notice Document (HIPAA) THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Privacy
HIPAA PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. INTRODUCTION PLEASE REVIEW IT CAREFULLY Moriarty
HIPAA Notice of Privacy Practices Hilton-Diminick Orthodontic Associates, P.C. This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Important Notice
Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS 1 DISCLAIMER Please review your own documentation with your attorney. This information
Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. OUR PLEDGE
HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. About this notice
HIPAA Notice of Patient Privacy Practices Effective Date: January 1, 2014 THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information
MULTICARE ASSOCIATES OF THE TWIN CITIES, P.A. NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
TRAINING MANUAL HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA Table of Contents INTRODUCTION 3 What is HIPAA? Privacy Security Transactions and Code Sets What is covered ADMINISTRATIVE
HIPAA Policy 2014 The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security of patients health information and grants certain rights to patients. Clarkson
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Date: June 1, 2014 Salt Lake Community College
OUR LADY OF THE LAKE, HOSPITAL INC. AND OUR LADY OF THE LAKE PHYSICIAN GROUP, LLC NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
HIPAA Notice of Privacy Practices - Sample Notice Disclaimer: Template Notice of Privacy Practices (45 C.F.R. 164.520) The information provided in this document does not constitute, and is no substitute
HIPAA TRAINING A training course for Shiawassee County Community Mental Health Authority Employees WHAT IS HIPAA? HIPAA is an acronym that stands for Health Insurance Portability and Accountability Act.
Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 1 What Is HIPAA? HIPAA (pronounced hippa) is a federal law. It s a set of rules and regulations that affect
HIPAA Privacy Policies Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) The HIPAA Privacy Rule created a national standard to protect patient s medical records and other personal
NOTICE OF PRIVACY PRACTICES (NPP) This Notice contains information about how your medical information may be used and/or disclosed and how you can get access to this information. Please read this Notice
Page 1 of 6 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. If you have any questions about
Wyoming School Boards Association Insurance Trust ( The Plan ) HEALTH CARE PLAN PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS
JOINT NOTICE OF OUR HEALTH INFORMATION PRACTICES THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Jennings
River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
HIPAA Privacy and Security Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012 Goals and Objectives Course Goal: To introduce the staff of Munson Healthcare to the concepts
HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act Objectives Understand what information must be protected under the HIPAA privacy laws Understand the
Effective Date: THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. If you have any questions about
Atlanta Insomnia & Behavioral Health Services, P.C. 315 West Ponce de Leon Ave Suite 1051 Decatur, GA 30030 404-378-0441 Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES