HIPAA Employee Compliance Program TRAINING MANUAL



Similar documents
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA Compliance Annual Mandatory Education

8.03 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Security Rule Compliance

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

The Basics of HIPAA Privacy and Security and HITECH

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

COMPLIANCE ALERT 10-12

Department of Health and Human Services Policy ADMN 004, Attachment A

BUSINESS ASSOCIATE AGREEMENT

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

HIPAA Education Level One For Volunteers & Observers

HIPAA and Network Security Curriculum

RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania (215) (215) (Fax) childproviderlaw.

MCCP Online Orientation

HIPAA Compliance for Students

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013

Healthcare Applications and HIPAA. BA590-IT Governance Final Term Project Prof. Mike Shaw

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

SCDA and SCDA Member Benefits Group

HIPAA Awareness Training

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

PRIVACY AND SECURITY SURVIVAL TRAINING

HIPAA Privacy FAQ s. 3. Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do?

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

HIPAA Orientation. Health Insurance Portability and Accountability Act

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

C.T. Hellmuth & Associates, Inc.

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

SAMPLE BUSINESS ASSOCIATE AGREEMENT

HIPAA MANUAL. Most health plans and health care providers that are covered by the new Rule must comply with the new requirements by April 14, 2003.

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

BUSINESS ASSOCIATE ADDENDUM

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Business Associate Agreement

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc HIPAA Hotline

New Privacy Laws Impacting the Health Care Work Place

How To Understand And Understand The Benefits Of A Health Insurance Risk Assessment

BUSINESS ASSOCIATE AGREEMENT

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

HIPAA Privacy & Security Rules

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

HIPAA. HIPAA and Group Health Plans

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

Standard Operating Procedure Information Security Compliance Requirements under the cabig Program

ELECTRONIC HEALTH RECORDS

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

troinet.com When It Comes to HIPAA Compliance, Ignorance of the Law Is No Excuse

Business Associate Agreement Involving the Access to Protected Health Information

HIPAA and HITECH Compliance for Cloud Applications

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

HIPAA Information Security Overview

HIPAA Compliance: Efficient Tools to Follow the Rules

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

APPENDIX E DATA REPORTING REGULATIONS

H 6191 SUBSTITUTE A AS AMENDED ======= LC02663/SUB A/2 ======= STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D.

BUSINESS ASSOCIATES [45 CFR (e), (e), (d) and (e)]

The HIPAA Security Rule Primer Compliance Date: April 20, 2005

Data Breach Notification Burden Grows With First State Insurance Commissioner Mandate

2014 Core Training 1

HIPAA: In Plain English

Dissecting New HIPAA Rules and What Compliance Means For You

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR Court Reporters and HIPAA

HIPAA Training for Hospice Staff and Volunteers

HIPAA Security Training Manual

Transcription:

HIPAA Employee Compliance Program TRAINING MANUAL Training Manual to Assist Employees in HIPAA Compliance January 2013

Program For HIPAA Compliance Plan Goal The purpose of this manual is to instruct our employees on the compliance rules and regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In this manual we will outline the key elements of HIPAA. Congress has stated that the goal of HIPAA is to improve the efficiency and effectiveness of the health care system in the United States. The HIPAA Act revolves around three sets of standards: 1. Compliance with HIPAA guidelines by protecting patient's medical privacy; 2. Maintain our patient information and billing processes in compliance with national standards; 3. Provide appropriate security of our patient records. These principles are the outline for our compliance program. By adhering to these three sets of standards, we will achieve compliance with the HIPAA Act. Introduction to HIPAA The Health Insurance Portability and Accountability Act was enacted by Congress to include a series of "administrative simplification" provisions that required the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transaction. The goal of this act is to improve the efficiency and effectiveness of the health care system in the United States. Sue to countless variations in the way health care companies and individuals process patient records, claims, services, etc., the HIPAA Act was established to ensure consistency throughout the industry. These nations standards will make it easier for health plans, physicians, hospitals and health care providers to process claims and other transactions electronically. Another key component of HIPAA, requiring security and privacy standards, has been created in order to protect Personal Health Information. HHS has issued the following regulations: Electronic health care transactions Medical privacy Security requirements Unique identifier for employers Unique identifier for providers Unique identifier for health plans Enforcement procedures

One of the main objectives of the privacy guidelines is to ensure fair and equal health care. Uniform national standards will save billions of dollars each year for health care businesses by lowering the cost of developing and maintaining software and reducing the time and expense spent on health care transactions. The initial planning and implementation of the HIPAA Act will take time and resources. Definitions under HIPAA The definitions described below have been defined by the Department of Health and Human Services (H1-IS) in the sense that they are used in the HIPAA regulations. Privacy - The patient's right over the use and disclosure of his or her own personal health information. Privacy includes the right to determine when, how and to what extent personal information is shared with others. The HIPAA privacy rule grants new rights to patients to gain access to and control the use and disclosure of their personal health information. Security - Specific measures a health care entity must take to protect personal health information from unauthorized breaches of privacy. The security rules outline a detailed and comprehensive set of guidelines to guard against unauthorized disclosure of personal health information either stored, transmitted electronically, or put on paper. Personal Health Information -Health information, in any form, i.e. paper, verbal, or electronic that personally identifies a patient. HIPAA Schedules Basic Guideline In the United States, health plans, hospitals, pharmacies, physicians, and other health care entities use a variety of systems to process and track health care information. In order to ensure that a claim is paid, much time and expense is spent formatting and coding that is required by each insurer. Congress has included provisions in HIPAA to require HHS to adopt national standards for certain electronic health care transactions and security. HIPAA has set a three-year deadline for Congress to enact comprehensive privacy legislation to protect medical records and other personal health information.

Covered Entities The HIPPA Act requires that health plans, health care clearing houses, and those health care providers who conduct certain financial and administrative transaction electronically (i.e. authorizations, claims, etc.) to comply with each set of final standards. Other businesses may voluntarily adopt the standards, but the law does not require them to do so. Compliance Schedule October 16, 2002 - Deadline for electronic transaction rule April 14, 2003 - Deadline for health information privacy rule Changing and Developing Standards Any changes to the final rule must be made in accordance with the Administrative Procedure Act (APA). Rules changes will be published in the Federal Register through a Notice of Proposal Rulemaking and will invite comment from the public. After reviewing and addressing those comments, HHS will issue a final rule to implement appropriate modifications. Enforcement: Penalties and Fines If HIPAA Standards are not adopted, businesses can receive stiff fines and penalties. The law gives the Secretary of Health and Human Services the authority to impose monetary penalties for failure to comply with the standard. The secretary is required, by statute, to impose monetary penalties of not more than $100.00 per violation on any person or entity who fails to comply with the standard, except that the total amount imposed on any one person in each calendar year any not exceed $25,000.00 for violations of one requirement.

HIPPA Compliance Employee Commitment to Compliance I have read and understand our office's Employee HIPAA Compliance Manual. I agree to do within my area of responsibility, to maintain and update my knowledge about federal and state laws and program requirements. I will comply with these requirements to the best of my ability. I will let the Compliance Officer know if there is any area where I feel out office is not in compliance with these laws and program requirements. Our Employee Compliance Program involves the following principles: We seek to maintain up-to-date knowledge of federal and state law pertaining to protection of our patient's Personal Health Information, We educate our employees and keep them up-to-date about federal and state law as it applies to Personal Health Information. Our policy is to comply with all federal and state law governing Personal Health Information. As an employee, I recognize that Personal Health Information must be treated with the utmost attention, accuracy, honesty, and integrity. We seek to educate and carry out these policies at all times. All employees, managers, clinicians, physicians, nurses, and where appropriate, contractors, business associates and other agencies are all responsible for ensuring that all policies are adhered to at all times. I agree with our policy and will comply with all regulatory laws pertaining to Personal Health Information. I understand that our office has an open door policy and I may discuss any problems I feel may occur with Personal Health Information without worry of recourse with my supervisor, or any other member of management at any time. Employee Signature Date Signed Printed Name Human Resource Manager Signature Date Signed

HIPAA Privacy Guide Quick Reference 1. Lower your voice for all verbal communications that might disclose Personal Health Information. 2. Use discretion when disclosing information in a public area that may be considered personal, e.g. treatment plans, test required or taken, test results, medications, medical devices, etc. 3. Do not allow the viewing, intentionally or unintentionally, of computer screens by unauthorized persons. 4. Exit all programs that might contain Personal Health Information when leaving a computer workstation for a period of time. 5. Be certain that "sign in" sheet do not require "reason for visit" information. 6. All chart holders must effectively obscure patient information. 7. All email, written, and faxed Personal Health Information must be secured and locked. 8. Never leave files or folders open or unattended. Filing cabinets containing Personal Health Information must be secured and locked. 9. Do not share computer passwords. Log off or sign in before beginning to work on a computer. 10. Take every precaution to control disclosure of Personal Health Information.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information