THCS Workforce HIPAA Training


Published on

I created and presented this many times in order to train a workforce of more than 1500!

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Big fear has been that you can’t call a patient name in the waiting room. Not true. HIPAA isn’t supposed to turn your office into Baskin-Robbins. Sign-in sheets should help keep the patient information private while still allowing the office to function – no doc name in multiple physician offices, no chief complaint, no demographics.
  • You don’t have to play hide and seek with the patients. Charts hanging on the doors are OK. Names should be hidden. Turn the chart around. Use holders that are opaque if large enough to conceal the name.
  • THCS Workforce HIPAA Training

    1. 1. Jeff Kerber Director, HIPAA Compliance Texoma Health Care System 903-416-5520 903-867-1617 (Pager) jkerber @ thcs .org Health Insurance Portability and Accountability Act: Workforce Training
    2. 2. Today’s Agenda <ul><li>Introduction to HIPAA </li></ul><ul><li>Protected Health Information (PHI) </li></ul><ul><li>The Privacy Rule </li></ul><ul><li>Notice of Privacy Practices </li></ul><ul><li>Incidental Uses and Disclosures </li></ul><ul><li>Safeguarding Protected Health Information </li></ul><ul><li>THCS System-wide policies </li></ul><ul><li>Next Steps </li></ul>
    3. 3. What Is HIPAA? <ul><li>H ealth I nsurance P ortability and A ccountability A ct </li></ul><ul><ul><li>HIPAA is a law (Public Law 104-191) signed by President Clinton in August 1996 with the purposes of: </li></ul></ul><ul><ul><li>Improving the portability and continuity of health insurance coverage for groups and individuals </li></ul></ul><ul><ul><li>Combating waste, fraud, and abuse in health insurance and health care delivery </li></ul></ul><ul><ul><li>Simplifying the administration of health insurance </li></ul></ul><ul><ul><li>Promoting “Administrative Simplification ” This is the section that pertains to the THCS workforce. </li></ul></ul>
    4. 4. HIPAA Timeline ??? 8/1998 Unique Identifier ??? 5/1998 Elect. Sign. 04/21/2005 02/2003 5/1998 Security 04/14/2003 12/2000 08/2002 8/1998 Privacy 10/2003 8/2000 5/1998 Transactions/ Code Sets Compliance Final Preliminary Standard
    5. 5. Data Elements of P rotected H ealth I nformation <ul><li>Name </li></ul><ul><li>Address </li></ul><ul><li>Phone / Fax </li></ul><ul><li>Dates </li></ul><ul><ul><li>Birth </li></ul></ul><ul><ul><li>Death </li></ul></ul><ul><ul><li>Admission </li></ul></ul><ul><ul><li>Discharge </li></ul></ul><ul><li>Social Security # </li></ul><ul><li>Email Addresses </li></ul><ul><li>Account #s </li></ul><ul><li>Device identifiers </li></ul><ul><li>Any unique identifying #, code, or characteristic </li></ul>
    6. 6. The Privacy Rule <ul><li>Why did congress pass this law? </li></ul><ul><li>What does the law require THCS and its workforce to do? </li></ul><ul><li>Why should you care? </li></ul>
    7. 7. Ripped From the Headlines
    8. 8. The Need for a Privacy Law <ul><li>Documented abuses of individual’s privacy </li></ul><ul><li>New information and communication technology (internet) </li></ul><ul><li>Concerns raised by mapping of the human genome </li></ul><ul><li>Increasing commercial use of health data </li></ul><ul><li>Lack of a comprehensive Federal Law concerning privacy </li></ul>
    9. 9. The Need (Lack of Trust) <ul><li>A recent poll found that only 1/3 of U.S. adults say they trust health plans and government programs to maintain confidentiality all or most of the time. </li></ul><ul><li>1 in 5 American adults believe that a health care provider, insurance plan, government agency, or employer has improperly disclosed their personal medical information. Half say it has caused them personal embarrassment or harm. </li></ul>
    10. 10. The Need (Consumer Anxiety) <ul><li>15% of Americans adults say they have done something out of the ordinary to keep PHI confidential. </li></ul><ul><ul><li>Paying out-of-pocket </li></ul></ul><ul><ul><li>Doctor-hopping </li></ul></ul><ul><ul><li>Giving inaccurate or incomplete information </li></ul></ul><ul><ul><li>Asking their doctor to misrepresent patient info </li></ul></ul><ul><ul><li>Avoiding care altogether </li></ul></ul>
    11. 11. Penalties for Non-compliance <ul><li>Criminal convictions </li></ul><ul><ul><li>$50,000 and/or imprisonment for wrongful disclosure </li></ul></ul><ul><ul><li>$100,000 and/or imprisonment for false pretense </li></ul></ul><ul><ul><li>$250,000 and/or imprisonment intent to sell </li></ul></ul><ul><li>Civil monetary penalties </li></ul><ul><li>Non-compliant providers will be unable to conduct business with payers, other providers, the government, or any other HIPAA defined business partner. </li></ul>
    12. 12. Texoma Healthcare System’s Notice of Privacy Practices (NPP)
    13. 13. NPP Details <ul><li>Definition </li></ul><ul><li>Acknowledgement </li></ul><ul><li>Use and Disclosure of PHI </li></ul><ul><ul><ul><li>For Treatment </li></ul></ul></ul><ul><ul><ul><li>For Payment </li></ul></ul></ul><ul><ul><ul><li>For Health Care Operations </li></ul></ul></ul>
    14. 14. NPP Details <ul><li>Use and Disclosure of PHI </li></ul><ul><ul><ul><li>Hospital Directory </li></ul></ul></ul><ul><ul><ul><li>Disaster Relief </li></ul></ul></ul><ul><ul><ul><li>Appointment Reminders </li></ul></ul></ul><ul><ul><ul><li>Treatment Alternatives, Health related Benefits and Services </li></ul></ul></ul><ul><ul><ul><li>Fundraising Activities </li></ul></ul></ul><ul><ul><ul><li>Individuals involved in your Care </li></ul></ul></ul><ul><ul><ul><li>As required By Law </li></ul></ul></ul><ul><ul><ul><li>Public Health Risks </li></ul></ul></ul>
    15. 15. NPP Details <ul><li>Special Situations </li></ul><ul><ul><ul><li>Health Oversight Activities </li></ul></ul></ul><ul><ul><ul><li>Lawsuits and Disputes </li></ul></ul></ul><ul><ul><ul><li>Law Enforcement </li></ul></ul></ul><ul><ul><ul><li>Coroners, medical examiners, funeral directors </li></ul></ul></ul><ul><ul><ul><li>Organ and Tissue Donation </li></ul></ul></ul><ul><ul><ul><li>Research </li></ul></ul></ul><ul><ul><ul><li>To avert a Serious Threat to Health Safety </li></ul></ul></ul><ul><ul><ul><li>Military and Veterans </li></ul></ul></ul><ul><ul><ul><li>National Security and Intelligence Activities </li></ul></ul></ul><ul><ul><ul><li>Protected Services for the President and Others </li></ul></ul></ul><ul><ul><ul><li>Inmates </li></ul></ul></ul><ul><ul><ul><li>Workers’ Compensation </li></ul></ul></ul><ul><ul><ul><li>Public Health Risks </li></ul></ul></ul>
    16. 16. NPP Details <ul><li>Patient Rights regarding PHI </li></ul><ul><ul><ul><li>Right to inspect and Copy </li></ul></ul></ul><ul><ul><ul><li>Right to Request Amendment </li></ul></ul></ul><ul><ul><ul><li>Right to an Accounting of Disclosures </li></ul></ul></ul><ul><ul><ul><li>Right to Restrictions </li></ul></ul></ul><ul><ul><ul><li>Right to Request Confidential Communications </li></ul></ul></ul><ul><ul><ul><li>Right to receive a copy of our current NPP </li></ul></ul></ul><ul><li>Changes to This Notice </li></ul><ul><li>Complaints </li></ul><ul><li>Other Uses of PHI – Authorization Required! </li></ul>
    17. 17. Incidental Uses and Disclosures <ul><li>Conversations at a nursing station </li></ul><ul><li>Discussing a patient’s condition over the phone with the patient, physician, or family member </li></ul><ul><li>Discussions with patient in joint treatment areas, semi-private rooms </li></ul><ul><li>Names written on a white board </li></ul>
    18. 18. Safeguarding PHI <ul><li>Password protection </li></ul><ul><li>Securing files and charts </li></ul><ul><li>Data on local hard drives </li></ul><ul><li>Backing up information on network drives </li></ul>
    19. 19. HIPAA Myths <ul><li>Waiting Rooms </li></ul><ul><li>Sign in Sheets </li></ul><ul><li>Calling Patient Names </li></ul>
    20. 20. HIPAA Myths <ul><li>Exam Rooms and Patient Rooms </li></ul><ul><li>Chart holders/Patient Names </li></ul><ul><li>Names on doors </li></ul>
    21. 21. Disposal of PHI
    22. 22. Hospital Wide Policies <ul><li>Minimum Necessary (Policy) </li></ul><ul><li>Progressive Discipline (820) (Policy) </li></ul>
    23. 23. Next Steps <ul><li>Email the THCS Corporate Privacy Officer with your questions and concerns to “HIPAA Communication” or </li></ul><ul><li>Review new HIPAA policies and procedures on the THCS intranet and in your departments </li></ul>
    24. 24. Most of HIPAA Compliance takes place between the ears . The best technological solution can be defeated by something as simple as a post-it note or idle gossip. Compliance will require a renewed culture of privacy !
    25. 25. Questions? Jeff Kerber Director, HIPAA Compliance Texoma Health Care System 903-416-5520 903-867-1617 (pager) jkerber @ thcs .org