Diorio peter pp1

744 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
744
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Diorio peter pp1

  1. 1. Patient Privacy Program Peter P. Diorio September 1, 2011
  2. 2. Patient Privacy Program <ul><li>Summary of the patient privacy program </li></ul><ul><li>Overview of HIPAA (What is HIPAA?) </li></ul><ul><ul><ul><li>Privacy- Under HIPAA laws healthcare providers must use methods that ensure that a patient’s medical records and protected health information remains private and secure at all times </li></ul></ul></ul><ul><ul><ul><ul><ul><li>General demographic information </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Protected health information </li></ul></ul></ul></ul></ul>
  3. 3. Patient Privacy Program <ul><li>Key Provisions </li></ul><ul><ul><ul><li>Patients may have access to their records and correct errors </li></ul></ul></ul><ul><ul><ul><li>Patients have the right to be informed of how their personal information is used </li></ul></ul></ul><ul><ul><ul><li>Patient information cannot be used for marketing purposes without the patient’s explicit consent </li></ul></ul></ul><ul><ul><ul><li>Insurers and providers must take steps to ensure communication with a patient is confidential </li></ul></ul></ul><ul><ul><ul><li>Patients may file formal privacy related complaints to HHS Office of Civil Rights </li></ul></ul></ul><ul><ul><ul><li>Insurers and providers must have HIPAA – privacy policies and procedures in place </li></ul></ul></ul>
  4. 4. Patient Privacy Program <ul><ul><ul><li>Key Provisions (continued) </li></ul></ul></ul><ul><ul><ul><ul><li>Employees must be HIPAA trained at hire and on an annual basis </li></ul></ul></ul></ul><ul><ul><ul><ul><li>A HIPAA/Privacy officer must be designated and available </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Patient information may be used without consent for the purposes of providing treatment; obtaining payment; or performing tasks relative to the business </li></ul></ul></ul></ul>
  5. 5. Patient Privacy Program <ul><li>Insurance Portability </li></ul><ul><li>Administrative Simplification </li></ul><ul><ul><li>Policy and procedure compliance </li></ul></ul><ul><ul><li>Designated privacy officer </li></ul></ul><ul><ul><li>Management oversight </li></ul></ul><ul><ul><li>Identify employees who will have access to PHI </li></ul></ul><ul><ul><li>Employees can only access otherwise restricted information as a part of their job function </li></ul></ul>
  6. 6. Patient Privacy Program <ul><li>Administrative Simplification (continued) </li></ul><ul><ul><li>Access authorization (establishment, modification, termination) </li></ul></ul><ul><ul><li>Ongoing training </li></ul></ul><ul><ul><li>Emergency contingency planning </li></ul></ul><ul><ul><li>Disaster recovery of data </li></ul></ul><ul><ul><li>Back-up of data </li></ul></ul><ul><ul><li>Internal Audit </li></ul></ul><ul><ul><li>Security breaches </li></ul></ul>
  7. 7. Patient Privacy Program <ul><li>Safeguards </li></ul><ul><ul><li>Security is assigned to one person or department </li></ul></ul><ul><ul><li>Controls on introduction and removal of hardware and software </li></ul></ul><ul><ul><li>Equipment disposal </li></ul></ul><ul><ul><li>Monitor and control access to equipment </li></ul></ul><ul><ul><li>Access to hardware and software should be limited </li></ul></ul><ul><ul><li>Policies of workstation use </li></ul></ul><ul><ul><li>Monitors should not be in direct view of the public </li></ul></ul>
  8. 8. Patient Privacy Program <ul><li>Safeguards </li></ul><ul><ul><li>Encryption must be utilized </li></ul></ul><ul><ul><li>Ensure data has not been changed or erased </li></ul></ul><ul><ul><li>Continuously monitor unauthorized access to all records and files </li></ul></ul>
  9. 9. Patient Privacy Program <ul><li>Employee Responsibility </li></ul><ul><ul><li>Provide feedback for program improvement </li></ul></ul><ul><ul><li>Comply with HIPAA laws and organizational policy and procedures </li></ul></ul><ul><ul><li>Attend scheduled training </li></ul></ul><ul><ul><li>Report violations of the program and HIPAA laws to the designated security officer </li></ul></ul>
  10. 10. References <ul><li>Mercy Hospital (n.d.). HIPAA confidentiality and privacy training for healthcare staff. Retrieved from http://www6.miami.edu/nursing/Clinical_Information/new/mercy_hospital/IPPA_Confidentiality_and_Privacy_Training.pdf </li></ul><ul><li>Pozgar, G.D. (2007). Legal aspects of healthcare administration. Jones and Bartlett. Sudbury MA </li></ul>

×