View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
HIPAA stands for Health Insurance Portability and Accountability Act of 1996 and is composed of three components: Insurance portability, fraud enforcement, and administrative simplification. This session will focus on the Security Rule section of HIPAA and the responsibilities of units or entities to protect and safeguard the confidentiality of PHI that is either created, maintained, and transmitted in electronic form.
Increase your knowledge and understanding of what is protected health information (PHI) and how to maintain its security.
Enhance your awareness of your role in assisting in following the HIPAA Security Rule.
Learn about privacy and the security of information created, maintained, and transmitted in electronic format.
Inform the workforce about their reporting responsibilities for HIPAA violations and the possible penalties for violation of HIPAA law for both you and the this hospital.
Protect the confidentiality and security of PHI.
Not only will the information you learn today help you here in your job, but it will also help you become an informed consumer of health care services.
Why did the need for accountability and administrative simplification come about?
The increasing use of the internet, involving the storing and transferring of electronic information, advances in genetic science, and the concern about WHO would have access to WHAT information, and HOW it would be used generated concern.
Follow the fundamentals of secure password management
Remember Security impacts privacy
Adhere to Policies and Procedures regarding safeguarding buildings, systems, and information
Report any suspected violations of policies and procedures to your Unit Security Officer, and
Employ daily work habits that protect the security and privacy of information you have access to in your responsibilities
These are practices that we all can support and implement to safeguard the security and confidentiality of EPHI at our organization.
The following are key practices to remember and implement to do your part in safeguarding the security and confidentiality of Electronic Protected Health Information:
It is YOUR responsibility to safeguard information
We must ALL protect the security and integrity of PHI information by implementing a process to assist with anticipating reasonable threats or hazards and protect against use or disclosure of EPHI that is not permitted or required under the Privacy Rule. In addition, we must as an organization ensure and monitor compliance with the Security Rule by our faculty, staff, and students.
What does access mean? Access is when someone has the ability or the means by which to communicate Protected Health Information (PHI) through the use of a system resource that creates, maintains, or transmits information in an electronic format. An example of this would be PHI that is stored on your local hard drive as an email or in a local database as well as those stored on a shared system.
If you see a medical record in public view where patients or others can see it, cover the file, turn it over, or find another way to protect it.
When you talk about patients, try to prevent others from overhearing the conversation. Whenever possible, hold conversations about patients in private areas. Do not discuss patients while you are in elevators or other public areas.
When medical records are not in use, store them in offices, shelves or filing cabinets.
Remove patient documents from faxes and copiers as soon as you can.
When you throw away documents containing PHI, follow the procedures for disposal of documents with PHI.
According to An, Ranji, and Salganicoff (2008), privacy is a major challenge to consider when adopting broad health IT within the public arena.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established guidelines and regulations for the use and disclosure of information about patients’ records (An, et al., 2008).
HIPAA also has safeguards for unauthorized access to information. HIPAA also requires that electronic health transactions be standardized to improve the efficiency and effectiveness in the United State’s health care system via strengthening the use of electronic data (An, et al., 2008).
It is your job to safeguard patient information.
Reference: An, J., Ranji, U., & Salganicoff, A. (2008). Health information technology (Issue Module). Retrieved from The Kaiser Family Foundation website: http://www.kaiseredu.org/topics_im.asp?id=655&imID=1&parentID=70
According to Kongstvedt (2007), in 2003 The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing the Privacy and Security Rules enforcement of HIPAA. The OCR's enforcement activities have obtained significant results that have improved the privacy practices of covered entities. The corrective actions obtained by OCR from covered entities have resulted in systemic change that has improved the privacy protection of health information for all individuals they serve.
Reference: Kongstvedt, P. R. (2007). Essentials of managed health care . Sudbury, MA: Jones and Bartlett.
You overhear two hospital employees discussing a patient in the elevator. What do you do?
A. Remind them to respect patient confidentiality and/or obtain their names from their name badges and inform your supervisor. B. Join in the conversation only if you know about the patient. C. Ignore the employees and forget what you've heard them talking about.
You forget your password and need access to patient information to do your job. What do you do? A. Call Information Services help desk or your network administrator to reinstate your password. B. Share your coworker's password until you have time to obtain another password. C. None of the above. Correct answer: A
You walk up to a computer workstation and notice that the previous user has not logged out. What do you do? A. Send email from the user's account. B. Log the user out and sign in your own USER ID and password. C. Save time by accessing the information you need to do your job on the current screen. Correct answer: B
You walk away from my computer on your desk without logging out. Another employee starts using your computer and, using your access, inappropriately looks up patient information out of curiosity. Are you held accountable? A. Yes. B. No. C. Only if the patient complains. Correct answer: A