Recommended
More Related Content
What's hot
What's hot (12)
Similar to 5 hipaa training
Similar to 5 hipaa training (20)
More from JasonPickerill1
More from JasonPickerill1 (20)
Recently uploaded
Recently uploaded (20)
5 hipaa training
- 1. What Every Healthcare Worker Needs to Know About HIPAA and Privacy
- 2. What is HIPAA? • Health Insurance Portability and Accountability Act (HIPAA) is broad federal legislation that includes rules to protect the privacy and confidentiality of patient information. • Does not replace existing confidentiality laws • Establishes a minimum requirement
- 3. Protected Health Information • HIPAA regulates the use and disclosure of what is known as protected health information or “PHI.” • PHI is any information that can be used to identify the past, present, or future healthcare of an individual or the payment for that care.
- 4. Protected Health Information This is virtually all information about a patient, whether written on paper, saved on a computer, or spoken aloud. This includes their: • Name • Address • Age • Social Security number • Other personal information • License plate numbers • Fax machine numbers
- 5. HIPAA Confidentiality HIPAA privacy also protects the following: • The reason the patient is sick or in the hospital • The treatments and medication he or she receives • Caregivers’notes • Information about past health conditions
- 6. Use of Protected Health Information • In general, a healthcare provider can access and use PHI without specific patient authorization, if it is to be used for treatment, payment, or healthcare operations (TPO). • Before looking at a patient’s health information, ask yourself, “Do I need to know this to do my job?”
- 7. Use of Protected Health Information A healthcare provider can also disclose PHI without patient authorization for: • As required by law • Public Health Activities • Law Enforcement • Other national priorities - funeral directors, organ donation, research, prevent a disaster, special government functions, workers compensation
- 8. Use of Protected Health Information • Minimum Necessary Standard – Always use or disclose only the Minimum amount of information necessary to honor the request • If you are not sure whether you should disclose any form of PHI, ASK your supervisor, department compliance representative or the compliance officer • Once the disclosure is made it’s too late to get it back.
- 9. What Every Healthcare Worker Needs to Know About HIPAA Security
- 10. Use of Electronic Protected Health Information(ePHI) 49 • HIPAA security rules apply only to ePHI stored, maintained or transmitted in an electronic format • ePHI is the same information as PHI; anything that could identify the patient, their medical condition or method of payment • Security rules require additional compliance
- 11. 50 • Appropriately use computers and other technology. Workforce members cannot use their computers or access to review personal or family PHI. • If you use a laptop, palmtop computer, PDA or removable storage media it is your responsibility to: – Obtain approval before transferring ePHI to a portable device – It is your responsibility to protect ALL ePHI from theft both electronic and physical Use of Electronic Protected Health Information (ePHI)
- 12. Use of Electronic Protected Health Information (ePHI) 51 • Monitor the use of cellular phones – information and images (ePHI) can be sent over Internet. This ePHI in not encrypted • It is not allowed to send ePHI over the email system. • Use E-mail and Internet access appropriately – workforce members should remember that e-mails sent to or from RFA computers are not considered private. RFA can and does audit e-mail and Internet usage
- 13. Use of Electronic Protected Health Information (ePHI) • Password control. Sign-off application after you are finished. • You are your password. Protect it. Never share it. • If you believe your password has been compromised, call the HELP desk immediately. Tell them your concern and ask for a new password. 52
- 14. What Does HIPAA Mean To Me? 53 • Our patients have a right to expect we will keep their information confidential. This information includes anything that could identify Or be used to find out the identity of the patient or their medical condition. • As employees, volunteers and physicians, we come in contact with many forms of patient information, i.e. surgical lists, laboratory draw lists, patient census listings, etc. We need to understand what are acceptable uses of this information. • Follow the “need to know” rule. Ask yourself “do I need to see patient information to perform my job”. If the answer is “Yes”, you have nothing to worry about. If the answer is “no”, STOP.
- 15. What Does This All Mean To Me? • The cafeteria, the elevator or any of the social media sites are notthe place to discuss the medical condition or other aspects of a patient’s care. • Information you have access to must not be the subject of conversation with family, friends or neighbors. • Most disclosures of PHI do not need an authorization by the patient PHI can be disclosed without an authorization for reasons of TPO and any of the 12 permitted uses under the Privacy Rules. Any other disclosure requires an authorization by the patient. • The minimum necessary standard needs to be applied to all disclosures except for treatment purposes, disclosures to the patient or as required by law.
- 16. What Does This All Mean To Me? • Never send ePHI to anyone unless you have verified who will receive the information and how the information will be used. If it doesn’t seem right to you, it probably isn’t. • Remember follow the “need to know” rule. Ask yourself “do I need to see patient information to perform my job”. If the answer is “Yes”, you have nothing to worry about. If the answer is “no”, STOP. • Use e-mail and Internet services in the proper manner.
- 17. What Does This All Mean To Me? • Always protect your password. NEVER give your password or sign-on to anyone.If you think your password or sign-on has been compromised, notify the Administrator immediately. • Violations can also result in personal civil penalties of up to $25,000 per person and criminal penalties of up to $250,000 and/or 10 years in prison. • Violations of confidentiality and privacy policies can result in disciplinary action up to and including discharge.
- 18. What Does This All Mean To Me? • If you know of any violation of our existing confidentiality policies or the Privacy Policy, it is your obligation to bring the violation to the attention of your supervisor, Administrator, or Compliance Officer. Compliance is the responsibility of every employee!