HIPAA: Privacy/Info Security



Similar documents
Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HIPAA Privacy & Security Rules

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc HIPAA Hotline

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA Training for Hospice Staff and Volunteers

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N

Health Insurance Portability and Accountability Act (HIPAA)

The Basics of HIPAA Privacy and Security and HITECH

Department of Health and Human Services Policy ADMN 004, Attachment A

2014 Core Training 1

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Contents

HIPAA and Privacy Policy Training

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING

HIPAA and Health Information Privacy and Security

SCDA and SCDA Member Benefits Group

8.03 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA Compliance for Students

HIPAA Training for Staff and Volunteers

Health Information Privacy Refresher Training. March 2013

PHI- Protected Health Information

RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania (215) (215) (Fax) childproviderlaw.

HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns

NC DPH: Computer Security Basic Awareness Training

HIPAA Notice of Privacy Practices

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

Health Insurance Portability and Accountability Act (HIPAA) Compliance Training

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

Annual Compliance Training. HITECH/HIPAA Refresher

KESWICK MULTI-CARE CENTER, INC. NOTICE OF PRIVACY PRACTICES

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

Population Health Management Program Notice of Privacy Practices

HIPAA Security Training Manual

HIPAA 101: Privacy and Security Basics

Privacy Compliance Health Occupations Students

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

HIPAA Compliance Annual Mandatory Education

NOTICE OF PRIVACY PRACTICES

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

The HIPAA privacy rule established federal law to help protect the use and disclosure of patient information. The privacy rule prohibits a covered

The Family Counseling Center of Fulton County NOTICE OF PRIVACY PRACTICES

Population Health Management Program Notice of Privacy Practices from Evolent Health

HIPAA Privacy & Security Training for Clinicians

Notice of Privacy Practices

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

Awareness Training for VIM Volunteers and Staff

NOTICE OF PRIVACY POLICY. Effective:, 2013

Detailed Notice of Privacy Practices Effective Date: September 20, 2013

Patient Privacy and HIPAA/HITECH

HIPAA Education Level One For Volunteers & Observers

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules

HIPAA PRIVACY OVERVIEW

Instructions for Completing Required Documentation for Clinical Rotations

Protecting Patient Privacy It s Everyone s Responsibility

Reproductive Medicine Associates of New Jersey, LLC

NOTICE OF PRIVACY PRACTICES

SDC-League Health Fund

Privacy Notice Document (HIPAA)

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

Overview of the HIPAA Security Rule

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL Phone Fax

Effective Date of This Notice: September 1, 2013

Texas House Bill 300 & HIPAA. A MainNerve Whitepaper

Notice of Privacy Practices

HIPAA Privacy Overview

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.

We are required to provide this Notice to you by the Health Insurance Portability and Accountability Act ("HIPAA")

MCCP Online Orientation

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

Transcription:

HIPAA: Privacy/Info Security Jeff Jones HIPAA Privacy Officer HIPAA Information Security Officer KY Region

What you should know Discussion Topics Protected Health Security Awareness Information(PHI) Disclosure & Use Security Training Information Security Authorization Form Officer Minimum Necessary Security Mistakes Patient Notice Penalties Privacy Officer

What Does HIPAA Do? Imposes new restrictions on the use and disclosure of PHI. Gives patients greater access to their medical records. Gives patients greater protection of their medical records.

What is PHI? Protected Health Information: Individually Identifiable Health Information (IIHI) relating to the past, present or future health condition of the individual and is transmitted or maintained in any form (electronically, orally or on paper). Examples: Name, address, dates of service, date of birth, social security number, etc.

What is Disclosure and Use? Use: Shared, examined, applied or analyzed within an entity that holds the information. Disclosure: Released, transferred, or made accessible to anyone outside the entity holding the information.

When Can PHI be Used/Disclosed? PHI can be use or disclosed for: Treatment, Payment, Healthcare Operations With authorization from the individual Disclosure to the patient Incidental uses

When is Authorization Required? Generally speaking, for uses other than: Treatment Payment Hospital Operations

What is an Authorization Form? An authorization is a written document, signed by the patient, that specifically allows the covered entity to disclose PHI with patient s permission.

When is Authorization Not Required? To maintain a patient directory To inform family members of patient location, general condition, or death Public health activities Coroners, medical examiners, funeral directors, organ donations To avert a serious threat to health and safety

What is Minimum Necessary? Make sure the least amount of health information is shared to accomplish the task. Identify those who regularly access PHI and the types of PHI necessary for proper TPO of the patient.

What is the Notice of Privacy Practices? The Patient Notice is a required document that outlines the common uses of PHI. Must contain patient s rights and the covered entity s legal duties. Must be made available in print. Must be displayed at the site of service and posted on a web site.

Security Awareness: What is it? Recognizing what types of security issues may arise in the workplace; and Knowing what actions to take in the event of a security breach.

Security Awareness/Training The HIPAA Security Rule requires that everyone in the workforce is trained. Members of the workforce include volunteers!!!

What s a Person to do? Always Report Anything Unusual. Notify your supervisor if you suspect a security incident. Never share your user ID or password with anyone.

Top 10 Workplace Security Mistakes 1. Hidden under the keyboard Keeping a computer password on a yellow post-it note. 2. I ll do it my way Not listening to or following security procedures. 3. On, gone, not locked Walking away from the computer, leaving it unlocked or not turned off. 4. Gee, what s in this attachment Unknown email attachments can cripple by carrying viruses. 5. Weak passwords Passwords based on information easily accessible to others.

Top 10 Workplace Security Mistakes 6. Loose lips Talking in public about things you shouldn t. 7. Laptops with legs Laptops left unsecured and unattended are vulnerable to theft. 8. Law enforcement Managers and supervisors need to ensure ongoing compliance. 9. The threat within Statistically, most security breaches originate inside the organization. 10. Update now Security updates don t do any good unless they are loaded on your computer.

How do We Comply? HIPAA requires that we assign a Privacy Officer and Information Security Officer This person will be responsible for overseeing all privacy policies and procedures. This person will be the contact person for receiving complaints. Institute a training program for Volunteers.

What if We Don t Comply? Civil penalties from $100 to $25,000 Criminal penalties up to $250,000 and 10 years in prison

Summary Remember: It s all about protecting patient s right to privacy and security. Put yourself in the patient s place.

Please print out this page, sign and date it, then turn it into your instructor. Health Insurance Portability & Accountability Act Instruction Session I completed the instruction session on the Health Insurance Portability & Accountability Act (HIPAA) on. I understand the privacy and confidentiality policies of the clinical facilities I will be attending for my clinical experiences. I know the condition information terminology, the policies regarding privacy patients and the disclosure of protected information. I also know the safeguards to confidentiality and the penalties for violation of HIPAA. Signature Date

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information