HIPAA. August 12, 2008

Size: px

Start display at page:

Download "HIPAA. August 12, 2008"

Diane Burns
7 years ago
Views:

1 HIPAA August 12, 2008

2 What does HIPAA mean? Health Insurance Portability and Accountability Act Intended to improve portability of health insurance coverage Intended to reduce waste, fraud and abuse Intended to increase access to long-term care services and coverage Intended to simplify the administration of health insurance

portability of health insurance coverage Intended to reduce waste, fraud

3 Why does HIPAA apply to Imagine! Health Insurance-use use of group insurance- Medicaid Imagine! is a Covered Entity under definitions of HIPAA Imagine! transmits health/billing information electronically

4 HIPAA Basics Privacy Regulations intended to: Give consumers/guardians control over health information Create boundaries for use and disclosure of health information Create safeguards to ensure protection of consumer information Create accountability measures for violations of policies

disclosure of health information Create safeguards to ensure protection

5 What is PHI? Protected Health Information Any information that could be reasonably expected to identify the individual in services or their family or contact persons: Name Social Security Number/Medicaid Number Address/Phone Number Photograph address

6 HIPAA Basics All information maintained by Imagine! is considered to be individually identifiable All information, both written and verbal, needs to be safeguarded Imagine! must ensure that health information is used appropriately and not abused Imagine! must ensure that the minimum amount of information is disclosed

verbal, needs to be safeguarded Imagine!

7 How does Imagine! protect PHI? Collectively used printers and fax machines are to be located in areas not accessible to the general public Employee mailboxes have folders to be used to place documents with PHI Envelopes secure documents when going from building to building or to provider organizations Boxes for documents to be shred are located throughout the Imagine! offices

general public Employee mailboxes have folders to be used to place documents with PHI

8 PHI Protections Protecting PHI in the office: Ensure that documents with PHI are not left in public areas of Imagine! Copiers/printers/fax machines Pick up print jobs promptly Unclaimed print jobs will be shred during the day If you see print jobs with PHI, turn the document upside down, deliver to person who printed, if able Documents left exposed in work areas Close record, turn documents upside down, lock information in records room, lock information in filing cabinet or desk at end of work day

jobs with PHI, turn the document upside down, deliver to person who printed, if able Documents left exposed in work areas

9 Other Ways to Protect PHI Work areas Lists that are posted in work areas, should not include first and last names of individuals Photographs-releases, releases, use of first name or initials General Identifying information about an individual should not be discussed in public, public areas of the Imagine! offices or with those who are not entitled to PHI Discussions in public should not include consumer/family last names Discussions in public should not include other information that may breech confidentiality

discussed in public, public areas of the Imagine!

10 Other Ways to Protect PHI Main records (CCB) are not permitted out of the Imagine! Dixon building No main records may be out of the records room overnight Confidential information that will not be stored securely will be b shred All computers are to be password protected Screen savers are to activate after 5 minutes and are password protected Release of information forms will be used as required Limited information can be released per Imagine! Policy and Procedure Documents are not to be stored in vehicles; while traveling, documents should be secured in the trunk of the car or in a locking box If working at home, documents or electronic information should not be accessible by other members of the household

protected Screen savers are to activate after 5 minutes and are password protected Release of information forms will be used as required Limited information can be released per

11 Who has access? Release of information is not needed for: Individual receiving services Parent or guardian of the individual Authorized representative, if designated Employees of Imagine!, Department of Human Services, Department of Health, Division for Developmental Disabilities Approved service providers Imagine! Committee members, as needed

guardian of the individual Authorized representative, if designated Employees of

12 When can others have access? With a release from the consumer, parent of a minor or guardian With a Business Associate Agreement When ordered by the court (need to go through Case Management department) When there is a public health risk When civil or law enforcement needs information in connection with an allegation or crime Other

Associate Agreement When ordered by the court (need to go through Case Management

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you