Pacific Medical Centers HIPAA Training for Residents, Fellows and Others



Similar documents
Department of Health and Human Services Policy ADMN 004, Attachment A

Health Information Privacy Refresher Training. March 2013

University of California Policy

HIPAA Compliance Annual Mandatory Education

Rehabilitation, Sports & Spine Center, P.S. Notice of Privacy Practices. l. Use and Disclosures of Protected Health Information

Compliance HIPAA Training. Steve M. McCarty, Esq. General Counsel Sound Physicians

HIPAA PRIVACY AND SECURITY AWARENESS

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

TJ RAI, M.D. THERAPY MEDICATION WELLNESS PRIVACY POLICY STATEMENT

Guilford Medical Associates, P.A.

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account

Health Insurance Portability and Accountability Policy 1.8.4

Applicability: UW Medicine. Policy Title: Use & Disclosure of Protected Health Information Permitted for Law Enforcement Purposes.

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL Phone Fax

HIPAA Privacy & Security Training for Clinicians

MCCP Online Orientation

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

Gaston County HIPAA Manual

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

HIPAA Privacy Policies & Procedures

HIPAA and Privacy Policy Training

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES

Patti Levin, LICSW, Psy.D. Clinical Psychologist

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

HIPAA Privacy Keys to Success Updated January 2010

HIPAA Orientation. Health Insurance Portability and Accountability Act

THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) EMPLOYEE TRAINING MANUAL

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

PRIVACY PRACTICES OUR PRIVACY OBLIGATIONS

NOTICE OF PRIVACY PRACTICES (NPP)

By the end of this course you will demonstrate:

NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

Notice of Privacy and Electronic Communication Practices

HIPAA Notice of Privacy Practices

HIPAA NOTICE TO PATIENTS

HIPAA Privacy Overview

JEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

9129 Monroe Rd. Suite 100, Charlotte, NC 28270

TEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003

HIPAA The Law Explained. Click here to view the HIPAA information.

NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

HIPAA Employee Training Guide. Revision Date: April 11, 2015

Harris County - Texas HIPAA Notice of Privacy Practices

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? 6/28/2012

ATLANTIS CHIROPRACTIC, INC.

HIPAA Notice of Privacy Practices Effective Date: 09/23/13

HIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015

TABLE OF CONTENTS. University of Northern Colorado

Understanding Your Health Record Information

NOTICE OF PRIVACY POLICY. Effective:, 2013

HIPAA Happenings in Hospital Systems. Donna J Brock, RHIT System HIM Audit & Privacy Coordinator

Health Insurance Portability and Accountability Act (HIPAA)

Privacy Notice Document (HIPAA)

MCDONOUGH CENTER FOR FAMILY DENTISTRY, LLC

NOTICE OF PRIVACY PRACTICES

CITIZENS MEDICAL ALERT SERVICE AGREEMENT

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

NOTICE OF PRIVACY PRACTICES

ELECTRONIC HEALTH RECORDS

APPENDIX 1: Frequently Asked Questions

Workplace Policies. Computer Software (Unauthorized Copying)

NOTICE OF PRIVACY PRACTICES

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

USES AND DISCLOSURES OF HEALTH INFORMATION

Information with a person who is involved in your medical care or payment for your care, such as your family or a

River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices

MILWAUKEE ROOFERS HEALTH FUND

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Introduction to HIPAA Privacy

Population Health Management Program Notice of Privacy Practices

General Compliance. General Compliance Training. Course Overview. General Compliance. The intent of the Compliance Program is to:

PHI Air Medical, L.L.C. Compliance Plan

NOTICE OF PRIVACY PRACTICES FOR OUR PATIENTS POTOMAC PHYSICIAN ASSOCIATES, P.C.

HIPAA Policies and Procedures

NOTICE OF PSYCHOLOGIST S POLICIES AND PRACTICES TO PROTECT THE PRIVACY OF YOUR HEALTH INFORMATION

NOTICE OF PRIVACY PRACTICES

SELF-LEARNING MODULE (SLM) 2012 HIPAA Education Privacy Basics and Intermediate Modules

Releasing Information

HIPAA PRIVACY OVERVIEW

Evolution of HB 300. HIPAA passed in 1996 Originally, HIPAA only directly impacted certain covered entities :

University Healthcare Physicians Compliance and Privacy Policy

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

Delaware Valley Dermatology Group, LLC 3411 Silverside Road Suite 107, Webster Building Wilmington, DE Phone: Fax:

NOTICE OF PRIVACY PRACTICES ILLINOIS EYE CENTER

NOTICE OF HIPAA PRIVACY AND SECURITY PRACTICES

Neera Agarwal-Antal, M.D. HIPAA Policies and Procedures

ADVOCATE HEALTH CARE NOTICE OF PRIVACY PRACTICES

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

NOTICE OF PRIVACY PRACTICES FOR ONSLOW AMBULATORY SERVICES, INC.

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

Dr. Adam Apfelblat 5140 Highland Road Waterford Phone: (248) Fax: (248)

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING

HIPAA-ACKNOWLEDGEMENT OF RECEIPT Notice of Privacy Practices

Transcription:

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please contact the clinic director or the PMC Privacy Office at (206) 621-4678. Complete policies and procedures can be viewed on The Pac, PMC s intranet site or obtained from the clinic director. Uses and Disclosures of Protected Health Information (PHI) Requiring Authorization Uses and Disclosures of PHI without Authorization to External Parties Use and Disclosure of PHI without Authorization for Legal Purposes PMC needs an individual s valid authorization for use and disclosure of PHI. There are circumstances when an individual s authorization is not necessary for use and disclosure of PHI. Best to involve the clinic s Health Date Services Department or clinic director when dealing with authorizations. PMC must report: 1. Cases of abuse or neglect of any child under the age of eighteen to the appropriate authorities at the first opportunity (but within 48 hours). 2. Disease, injury, disability to public health authorities to protect the public health or if authorized by law. Complaints Related to Pacific Medical Centers Privacy Practices Patients, their families or PMC workforce members have the right to make a complaint related to PMC privacy practices in writing, by phone or in person. To file a complaint or comment, individuals can contact: 1. Any clinic employee 2. The PMC Privacy Officer at (206) 621-4678 3. Washington State Department of Health

Consent for Treatment, Payment and Healthcare Operations (TPO) 1. PMC will obtain an individual patient s consent prior to using or disclosing his/her PHI for treatment, payment or healthcare operations for it s own use except when The provider has a direct or indirect treatment relationship with the individual patient Another health care staff member is assisting the provider in the delivery of health and the provider reasonably believes that the staff member will not use or disclose the PHI and will protect that information A consent for TPO will not be in effect if an authorization is required or when another condition must be met to permit use or disclosure of PHI PMC may disclose PHI for treatment or payment activities to another covered entity or health care provider of the covered entity 2. PMC may disclose PHI to another covered entity for health care operations activities if: They have a relationship with the individual patient The PHI pertains to the relationship The disclosure is for the purpose of a. QA and improvement activities b. Population-based activities for improving health or reducing costs c. Case management or care coordination d. Training programs e. Accreditation, licensing or credentialing activities OR For fraud and abuse detection or compliance activities Copying and Printing PHI Guidelines pertaining to copying or printing original or duplicate copies of PHI. 1. There should be a legitimate business or patient care purpose for reproducing PHI. 2. Reproduced copies of PHI should be stored in a secure location. 3. Printing and copying should occur in private areas not accessible to the public. 4. Reproduced copies should be promptly removed from copiers and printers. 5. Disposal of reproduced copies should follow the Disposal of PHI policy. Disposal of Protected Health Information (PHI) PMC is obligated to protect the confidentiality of PHI 1. Workforce members must dispose of PHI in the appropriate containers at each clinic. Clinic employees can assist in determining how to dispose of any PHI. 2. Electronic media that contains PHI must be sent to Information Services for proper disposal.

Use of Email for Business Purposes 1. For new patients registered after April 14, 2003, do not send confidential or patient identifiable information by email across external or public networks (e.g. Internet). 2. For existing PMC patients where email communications are currently occurring such communications can continue to occur as long as the following disclaimer statement is included for all external emails sent: CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s), and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email, and destroy all copies of the original message. 3. Internal email containing PHI within PMC intranet is permissible (from one pacmed.org address to another pacmed.org address). Protected Health Information (PHI) Facsimile (Fax) Policy PMC will protect the confidentiality and integrity of PHI as required by law, professional ethics and accreditation requirements. 1. All PHI received by fax will be handled confidentially. 2. Personnel may transmit PHI by fax when urgently needed for patient care after verification. 3. Routine disclosures of PHI to legitimate users should be made through the Health Data Services Department. 4. Information faxed must be limited to that which is minimally necessary to meet the requestor s needs. 5. PHI not to be faxed or photocopied without a written patient authorization (unless required by law) Behavioral health information Social Work counseling/therapy Domestic violence counseling Sexual assault counseling HIV test results Records related to STDs Alcohol and drug abuse records 6. Fax cover sheets must be used when sending faxes that contain PHI to a new or non-routine recipient. When faxing for a specified, on-demand request, the person transmitting the documents should first call the requestor prior to transmission, and request that the receiver pick up the PHI in a timely manner. 7. After transmission, the user should document what was sent and sign the cover sheet. This is filed in the patient s medical record. 8. Notify the clinic manager of all misdirected faxes.

Notice of Privacy Practices PMC must provide patients with a written notice about its practices related to health information. 1. From April 14, 2003 forward all patients will receive a copy of the Notice of Privacy Practices at check in. 2. This information will also be available for viewing in the clinics. 3. The notice is comprised of the following sections: 1. Right to Notice, 2. Distribution of Notice of Privacy Practices, 3. Revisions to Notice of Privacy Practices, 4. Electronic Notices, 5. Joint Notices By Separate Covered Entities, 6. Required Elements of Notice, 7. Documentation of Notice. Use and Disclosure of Protected Health Information (PHI) for Involvement in Individual s Care and Notification 1. PMC may orally disclose PHI to immediate family members and anyone else the individual is known to have a close personal relationship with when the individual provides permission. 2. PMC may use or disclose PHI related to a patient s location, general condition or death to assist with notification of family, personal representative or another person responsible for the care of the individual. 3. When the individual is present, and capable of making health care decision, PMC may use or disclose PHI if: The individual s agreement is obtained or The individual was provided with an opportunity to object and does not do so or It is reasonably inferred, based on professional judgment that the individual does not object to the disclosure. 4. Disclosure of PHI which is directly relevant to a person s involvement in an individual s care will be permitted under the following circumstances: When the opportunity to agree or object cannot be provided either because of incapacity, emergency circumstances or in the absence of the individual and The PMC provider, in their professional judgment, determines that disclosure is in the best interest of the individual In the case of STD, a written Prohibition on Redisclosure statement will accompany the disclosure of the information 5. PMC may use or disclose PHI to a public or private entity authorized by law to assist in disaster relief efforts, to help in the notification to family, personal representative or another person responsible for the care of the individual.

Enforcement, Sanctions, and Penalties for Violations of an Individual s Privacy Violations of PMC Privacy Polices by a workforce member are subject to formal discipline. 1. A violation occurs when a workforce member: Accesses, reviews, or discloses a patient s clinical information for any reason not related to their job Discusses with or reveals to any individual(s) clinical information for nonwork related purposes or Violates the provisions of the PMC s Privacy Policies 2. Sanctions include First offense and second offense: Depending on the facts may result in oral or written warning Third offense: May result in termination Some offenses may include immediate termination. Intent and severity of offense and consequences will be considered. Disciplinary sanctions will be reported to the appropriate licensing board as required. 3. Other penalties: Legal action by the individual Personal lawsuits according to Washington State law State and Federal criminal investigation and prosecution with substantial fines and prison sentences upon conviction Civil monetary penalties that DHHS may impose Training PMC has a responsibility to train all workforce members to their responsibilities to protect the confidentiality of an individual s PHI. 1. All workforce members will have general awareness training at the beginning of their employment. (The University of Washington HIPAA training residents and fellows complete satisfies this requirement.) 2. Additional training will be provided to each new workforce member on policies and procedures specifically related to their job. 3. PMC will maintain documentation of all training done for all workforce members for 6 years from the date of its creation or the date when it was last in effect, whichever is later.

Verifying Requestors PMC has a responsibility to verify the identity and authority of individuals requesting access to HIPAA. 1. Verification Requirements PMC must verify the identity of any individual or organization and their authority for access to PHI if not known to them and obtain any required documentation, statement or representations (oral/written) from the requestor. Verification requirements will be met if professional judgment is used in making a disclosure. 2. Verification Guidelines Best to involve the clinic s Health Date Services Department or clinic director when verifying requestors.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information