2014 Core Training 1

Similar documents
How To Protect Your Health Information At Uni Of California

PHI- Protected Health Information

HIPAA Training for Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers

Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA PRIVACY AND SECURITY TRAINING P I E D M O N T COMMUNITY H EA LT H P L A N

HIPAA Self-Study Module Patient Privacy at Unity Health Care, Inc HIPAA Hotline

Patient Privacy and HIPAA/HITECH

HIPAA and You The Basics

Annual Compliance Training. HITECH/HIPAA Refresher

HIPAA and Health Information Privacy and Security

HIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant

HIPAA 101: Privacy and Security Basics

HIPAA Compliance for Students

HIPAA and Privacy Policy Training

MCCP Online Orientation

The Basics of HIPAA Privacy and Security and HITECH

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

HIPAA Training Study Guide July 2015 June 2016

HIPAA Privacy & Security Training for Clinicians

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

HIPAA Policy, Protection, and Pitfalls ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS

Policies and Procedures for Electronic Protected Health Information (ephi) and Personally Identifiable Information (PII)

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

Donna S. Sheperis, PhD, LPC, NCC, CCMHC, ACS Sue Sadik, PhD, LPC, NCC, BC-HSP Carl Sheperis, PhD, LPC, NCC, MAC, ACS

Page 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;

Statement of Policy. Reason for Policy

A Privacy and Information Security Guide for UCLA Workforce. HIPAA and California Privacy Laws

8.03 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA: Privacy/Info Security

HIPAA Privacy and Security

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

PCI Data Security. Information Services & Cash Management. Contents

Please use your cell phone to access this website: pollev.com/ucsfprivacy

The Department of Health and Human Services Privacy Awareness Training. Fiscal Year 2015

HIPAA ephi Security Guidance for Researchers

8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice

Information Security and Privacy. WHAT is to be done? HOW is it to be done? WHY is it done?

HIPAA PRIVACY OVERVIEW

OCR UPDATE Breach Notification Rule & Business Associates (BA)

HIPAA Orientation. Health Insurance Portability and Accountability Act

NC DPH: Computer Security Basic Awareness Training

Identity Theft Prevention Program Compliance Model

HIPAA Compliance Annual Mandatory Education

Lessons Learned from HIPAA Audits

Department of Health and Human Services Policy ADMN 004, Attachment A

Privacy for Beginners: What Every Healthcare Worker Needs to Know About HIPAA and Privacy

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

Target Audience: All Non-Management CHS Employees, Students, Volunteers, and Physicians

Privacy & Information Security Training. For Health Science Workforce Members

Order. Directive Number: IM Stephen E. Barber Chief Management Officer

PRIVACY AND SECURITY SURVIVAL TRAINING

HIPAA Privacy & Security Rules

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

HIPAA Education Level One For Volunteers & Observers

HIPAA Privacy and Security

BSHSI Security Awareness Training

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

ALTA OFFICE SECURITY AND PRIVACY GUIDELINES ALTA

Presented by Jack Kolk President ACR 2 Solutions, Inc.

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Reporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule

PRIVACY AND INFORMATION SECURITY INCIDENT REPORTING

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box Portland, OR Fax

Clinician s Guide to HIPAA Privacy. I. Introduction What is HIPAA? Health Information Privacy Protected Health Information

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules

HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA Security Education. Updated May 2016

Transcription:

2014 Core Training 1

Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System policies and procedures related to privacy & security Your Responsibilities for: Protecting confidential and sensitive information Good computer practices Reporting privacy breaches and security incidents 2

Key Privacy Laws/ Regulation HIPAA (the Health Insurance Portability & Accountability Act) Is the Federal law, passed in 1996, which requires us to protect the privacy of PHI (protected health information) that is electronic (ephi) and physical. PHI includes at least one of the following 18 identifiers: Name Postal address All elements of dates except year Telephone number Fax number Email address URL address IP address Social security number Account numbers License numbers Medical record number Health plan beneficiary number Device identifiers and their serial numbers Vehicle identifiers and serial number Biometric identifiers (finger and voice prints) Full face photos and other comparable images Any other unique identifying number, code, or characteristic 3

Key Privacy Laws/ Regulation In 2013 HIPAA was updated with: The Final Omnibus Rule, and The HITECH Act. This update to HIPAA includes: Increased fines and penalties for privacy violations Additional responsibility for not just employees, but also business associates to protect PHI Patient Rights Updates to the Security Rule and Breach Notification requiring organizations to share when a breach has occurred, not just if it caused harm to the individual 4

HIPAA Penalties Expanded penalties include: HIPAA Civil Penalties $100 $1,500,000/year fines; and more fines if multiple year violations HIPAA Criminal Penalties $50,000 $250,000 fines & Imprisonment up to 10 years State Laws Fines and penalties apply to individuals as well as health care providers, up to a maximum of $250,000 May impact your professional license & Imprisonment up to 10 years Huntsville Hospital Health System Up to and including termination 5

Our Responsibilities: and Protected Health Information 6

Our Responsibilities We are required by HIPAA to keep PHI secure by: Communicating privacy rights with our patients Patient s Rights with PHI include: Access and the ability to receive a copy of one s own PHI (paper or electronic formats) Request amendments to information Request restriction of PHI uses and disclosures Restrict disclosure to health plans for services self paid in full ( self pay restriction ) Request alternative forms of communications (mail to P.O. Box not street address, no message on answering machine, etc.) Accounting of the disclosures of PHI 7

Our Responsibilities We are required by HIPAA to keep PHI secure by: Ensuring you only view, use, and share PHI when required for your job. The NPP allows PHI to be used and disclosed for purposes of Treatment, Payment, or Operations (TPO) Use: Accessing, Viewing, and Using PHI within the department or with business associates Disclosure: The release, transfer, provision of access to, or divulging in any other manner of PHI outside the department. Ensuring Minimum Necessity for accessing PHI, that means users access the minimum amount of information necessary to perform their duties Protecting access to confidential/ sensitive information Reporting privacy breaches immediately to the Privacy Officer 8

Our Responsibilities: to Patients HIPAA requires we communicate patient s right to privacy by: OFFERING a Notice of Privacy Practice (NPP), which Advises Patients of their privacy rights And is posted in public registration areas & our website ATTEMPT to get a signature on the Patient Acknowledgement Agreement (PAA), acknowledging receipt of the NPP This is required, except in emergency situations And if not we must document the reason why 9

Our Responsibilities: to Patients HIPAA requires we get the proper release for PHI: GETTING WRITTEN PERMISSION if we release PHI for a reason other than TPO (Treatment, Payment or Operations) Exception is for immunization records for children, in states that require those records 10

Our Responsibilities: to Patients SPECIAL DIRECTIONS for Facility Directory During registration are asked about being in the directory Only the location and general condition my be disclosed if someone asks for the patient by name If the patient objects, DO NOT acknowledge that the patient is in the facility. SPECIAL DIRECTIONS for Fundraising Additional rules apply for those involved in fundraising, see Policies Policy 124 11

Privacy & Security: Our Individual Roles 12

Our Role in Protecting PHI We are each responsible to protect PHI: Follow policies and procedures Protect the privacy and security of information Asking your Supervisor or Manager for guidance All Policies and Procedures for the Health System are listed on Pulse/Hotlist/HIPAA 13

Our Role: Protecting Physical PHI Handling PHI Double check the address, or fax number when mailing or faxing Only fax PHI to a secure fax (inside a secure area) Use the approved Huntsville Hospital Health System cover sheet containing a confidentiality statement. Check printers, faxes, and copier machines when you are finished Don t leave PHI on your desk, lock it up Double check when handing documents to patients/family members 14

Our Role: Protecting Physical PHI Taking PHI offsite You must first obtain approval from your supervisor. Never leave PHI unattended in your bag, briefcase or car (even if it s locked in the trunk!) All devices that access ephi or Huntsville Hospital Health System email must be password protected Access PHI remotely Disposal of paper documents Shred PHI First! Then use the Trash: Recycle and trash bins are NOT all secure Shred bins only work when papers are put inside the bins 15

Our Role: Protecting Audible PHI Avoid Discussing PHI in public areas Be aware of your surroundings when talking Do not leave PHI on answering machines Don t speak too loudly, or to the wrong person Ask yourself, What if my information was being discussed like this? 16

Our Role: Protecting ephi For electronic protected health information Avoid unauthorized computer access by: Protecting your user ID Protecting your password Logging out of programs that access PHI when not in use 17

Our Role: Protecting ephi For electronic protected health information All devices used to access ephi must be password protected, including: Your HH email Personal laptop ipad/tablet iphone/smartphone Did You Know?? Even if you don t intentionally save PHI onto your device, your Huntsville Hospital Health System email files may download to your device without your knowledge. 18

Our Role: Protecting ephi Encrypt all emails with PHI going to email addresses that do not end with: @ theheartcenter.md compone.org dmhnet.org hhsys.org firstcomm.org hgala.org namci.com namci.org How To Encrypt email; always start with: [Encrypt] or Secure: in the subject line of the email 19

Our Role: Protecting ephi Practice Safe Emailing Do not open, forward, or reply to: Suspicious emails Suspicious email attachments Or unknown website addresses NEVER provide your username and password to an email request Delete spam and empty the Deleted Items folder regularly It is your responsibility when communicating to send all PHI securely 20

Our Role: Protecting ephi Do not share patient PHI on social media, that means anything from your work at the Health System Even if information is public Information obtained from your patient/provider relationship is confidential 21

What to do: Reporting a Suspected Breach of PHI? 22

Our Role: Reporting a Breach PRIVACY BREACH: Report when PHI is: Physically lost or stolen Misdirected to others outside of HH Health System, including: PHI verbal messages left for the wrong person Misdirected mail, fax or email containing PHI When user does not use secure email with PHI Posted to Huntsville Hospital Health System intranet, internet, websites, Facebook, Twitter IMMEDIATELY REPORT TO: Privacy Officer at (256) 265-4477/9257 Your Supervisor IT Security at (256) 265-4555 23

Our Role: Reporting a Breach PRIVACY BREACH: Report when: PHI is part of a Security Incident: When an electronic device is lost/stolen When any unusual or suspected information is missing The loss and/or theft of any form of ephi Unusual computer activity IMMEDIATELY REPORT TO: Privacy Officer at (256) 265-4477/9257 Your Supervisor IT Security at (256) 265-4555 24

Our Role: Reporting a Breach FAX PRIVACY BREACH: Report if: You send a fax containing PHI to the wrong phone or fax number You receive a fax in error Immediately: Alert the sender Do not use or disclose the information IMMEDIATELY REPORT TO: Privacy Officer at (256) 265-4477/9257 25

Our Role: Reporting a Breach IMMEDIATELY REPORT any known/suspected PRIVACY BREACHES to the Privacy Officer at (256) 265-4477 or 9257 In every circumstance, you will need to provide the following information: Date and time the breach was discovered Name and contact information of the person who discovered the breach The specific information disclosed The number of individuals who had their information disclosed How the breach happened Actions taken following detection The department contact for follow-up 26

In Review 27

In Review: It s Our Job to Protect PHI It is the Law to Protect our Patient s privacy HIPAA law was developed to protect the privacy of our patient s health information It is only appropriate to share, use, access PHI when it is needed to do our job. We must follow Health System policies Protecting verbal, written, and electronic information Use safe computing and email practices Report suspected privacy & security incidents Privacy Breaches Security Breaches Privacy Officer at (256) 265-4477/9257 IT Security at (256) 265-4555 And if you don t know, Ask! 28

The Course is Finished! What happens at Huntsville Hospital, Stays at Huntsville Hospital. Time to Take the Test 29

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information