SlideShare a Scribd company logo

Final copy 7

Download as PPTX, PDF
K
kitchen1234
EducationTechnologyBusiness
1 of 38
HIPPA SAFETY CONFIDENTIALITY
HIPPA VIOLATIONS & ITS IMPLICATIONS PRESENTED BY: A.DUENAS RN, CRM, CPN
STORING PATIENT INFORMATION ON LAPTOPS… • THE # 1HIPPA VIOLATION: IS A RESULT OF STORING PHI ON UNSECURED LAPTOPS . • IF PHI MUST BE ASSESED REMOTLY IT IS BEST TO CONSIDER UTILIZING A CLOUD STORAGE ,FOR SECURITY.
EMPLOYEES INAPPROPRIATELY ACCESSING, USING OR TRANSMITTING PHI… • MOST COMMON HIPPA VIOLATIONS INVOLVE HEALTHCARE EMPLOYEES ACCESSING FILES INAPPROPRIATELY, EIGHTER, OUT OF CURIOSITY, OR MALICIOUSLY. • USING CLEARENCE LEVELS AND USEING ID CODES FOR ACCESSING PHI WILL DISCOURAGE THIS BEHAVIOR.
THE LOSS OF BACKUP DISKS OR PORTABLE DRIVES… • LAST YEAR, AN ATLANTA-BASED HOSPITAL SYSTEM MISPLACED 1O BACKUP DISKS STORING THE PHI OF OVER 315K PATIENTS. • ACCOUNTABILITY LOGS AND THOROUGH RECORDS SHOULD BE KEPT WHEN DEALING WITH BACKUP DISK, AND THUMB-NAIL DRIVES SHOULD BE PASSWORD PROTECTED AND ENCRYPTED
COMPUTER HACKING… • IN 2012, THE UTAH DEPARTMENT OF HEALTH CONFIRMED THAT A SERVER WITH THE PHI OF MORE THAN 780K PATIENTS HAD BEEN HACKED INTO, LEAKING ADDRESSES, BIRTH DATES, SOCIAL SECURITY NUMBERS, DIAGNOSES CODES , ETC. • ENCRYPTION, FIREWALLS, AND OTHER SECURITY MEASURES ARE IMPERATIVE TO
FAILURE TO RELEASE PATIENT INFORMATION IN A TIMELY MANNER … • ANOTHER ADDITION OF THE FINAL OMNIBUSRULE IS THE REQUIREMENT OF MEDICAL FACILITIES TO RELEASE ELECTRONIC COPIES OF MEDICAL RECORDS TO PATIENTS UPON REQUEST. • SHOULD YOUR FACILITY BE UNABLE TO RESPOND TO THE REQUEST IN A TIMELY MANNER, YOU COULD NE FINED. • IF YOUR FACILITY IS NOT CURRENTLY EQUIPPED TO PROCESS ELECTRONIC FILES ,
ERRORS IN PAPER FILE STORAGE AND DISPOSAL… • SOME OF THE MOST COMMON HIPPA VIOLATIONS OCCUR AS A ESULT OF HUMAN ERROR. • ITS ALL TOO EASY FOR AN ADMINISTER TO INCORRECTLY FILE A PATIENTS RECORD., OR MISTAKENLY DISCARD A PRIVATE DOCUMENT WITHOUT SHREDDING IT. • BREECHES LIKE THESE CAN BE AVOIDED BY SWITCHING TO AN ELECTRONIC FILING
RELEASE OF INFORMATION AFTER AUTHORIZATION PERIOD HAS EXPIRED… • INSIST THAT YOUR STAFF TAKE THE TIME TO VERFIY THE EXPIRATION DATES ON HIPPA AUTORIZATIONS EACH TIME THAT A RELEASE OF IMFORMATION REQUEST COMES THROUGH • ALTHOUGH EVERYTHING ELSE MAY APPEAR TO BE IN ORDER, IF THE REQUEST FOR INFORMATION COMES IN AFTER THE EXPIRATION DATE, A NEW AUTHORIZATION FORM WILL NEED TO BE COMPLETED.
FAILURE TO ESTABLISH CONTRACTS WITH BUSINESS ASSOCIATES… • THE FINAL OMNIBUS RULE HAS EXTENDE THE UMBRELLA UNDER WITH AND ENTITYS “BUSINESS ASSOCIATE” MAY FALL. • SHOULD YOUR BUSINESS EMPLOY ANY OUTSIDE PARTY TO HANDLE, PROCESS, OR TRANSMIT PHI, YOU MUST IMMEDIATELY ESTABLISH A NEW CONTRACT WITH THE AGENCY. • IN THIS CONTRACT , YOUR BUSINESS
EXCLUTION OF “RIGHT TO REVOKE” CLAUSE… • YOUR PATIENTS HAVE THE RIGHT TO REVOKE THEIR HIPPA AUTHORIZATION, AND THIS RIGHT SHOULD CLEARLY BE STATED ON THE HIPPA FORM, LEST THE AUTHORIZATION BECOME INVALID.
INCOMPLETE HIPPA AUTHORIZATION FORMS… • BEFORE RELEASING ANY INFORMATION TO OUTSIDE PARTIES, IT IS IMPERATIVE THAT YOU DOUBLE AND TRIPLE CHECK TO ENSURE AUHORIZATIONS ARE COMPLETED FROM TOP TO BOTTOM. • THE FORM SHOULD CLEARLY LIST THE PATIENTS NAME, THE PARTY OR PARTIES WHOM INFORMATION MAY BE RELEASED WHICH SPECIFIC ASPECTS OF THEIR MEDICAL RECORDS CAN BE RELEASED, AND THE DATE THROUGH
RESOURCES… http://www.onesourcedoc.com/blog/bid/95955/Th e-Top-10-Most-Common-HIPAA-Violations
HIPPA AND INFORMATION TECHNOLOGY
THIS POWER POINT PRESENTATION CREATED BY NUR353 WORK GROUP C AND INCLUDES PARTICIPATION BY THE FOLLOWING MEMBERS: • Mary Edwards, RN
TRANSITION FROM PAPER TO ELECTRONIC: • A statement by the American Health Information Management Association suggests the complete transition from paper charting to an electronic medical record system to be a best practice. • The use of or consultation involving a nurse with informatics experience and a health information technology specialist is critical to making the transition to the electronic record a reachable goal. • Staff education to the electronic system and time to practice using the electronic health record will be essential steps in the transition to the electronic system.
HIPPA REQUIREMENTS OF ELECTRONIC MEDICAL RECORDS A healthcare facility is obligated to identify any possible threats to patient records, assess any specific vulnerabilities in filing systems and must determine a reasonable level of tactics for safeguarding patient information. Facilities are required to implement any and all defense mechanisms to ensure patient records are protected.
WHAT HEALTH INFORMATION IS PROTECTED? • Names • Dates relating to a patient, (i.e. birthdates, date of treatment, date of admission or discharge, and dates of death) • Telephone numbers, addresses, other contact information • Social Security Numbers • Medical record numbers • Photographs • Finger and voice prints • Any other identifying number • An individual’s health information (health information is protected even without the patient’s name on it if the information helps identify the patient)
WHO MUST COMPLY? • Health Care Providers • Health Care Clearinghouses, (i.e. billing services) • Health Plans • Any Health Care Provider who transmits health information in electronic form in connection with a transaction
WHO IS EXEMPT FROM THE PRIVACY RULE? Those covered by the privacy rule of the HIPPA act do not include group health plans administered or maintained by an employer with less than 50 employees. The privacy rule does not apply to workmen’s compensation or automobile insurance companies.
THERE ARE SEVERAL LAYERS TO MAINTAINING THE SECURITY OF THE ELECTRONIC MEDICAL RECORD • PHYSICAL SECURITY • NETWORK SECURITY • USER SECURITY • SYSTEM SECURITY
PHYSICAL SECURITY CONSIDERATIONS • Is it possible the computers that store the confidential information to be stolen? • Keep all computers used to store confidential information as well as the server in a locked and secure area of the healthcare facility. • Limit access to the area where the server is stored.
NETWORK SECURITY CONSIDERATIONS • Is it possible for unauthorized persons outside the healthcare facility to access patient records? • Can a hacker get access to the protected information? • Make use of multiple firewalls-using only one firewall is not enough protection to prevent hackers from gaining access to protected information. • Use Spyware software. • Use IT personnel or a technical expert to maintain the network system.
PROTECT THE PATIENT’S INFORMATION: • Be careful of entering identifiable patient information into emails. • Some emails can become public information and can be used in legal disputes. • When using fax machines be sure to protect the patient information by limiting who receives the information or limit the patient identifiable information that is contained in the fax. • Only disclose patient identifiable information on a need to know basis.
USER SECURITY CONSIDERATIONS • Require password protection to access confidential patient files. • Utilize a user managerial system to determine which staff members will have access to certain levels of private information. • Make use of the managerial system to require password changes every 90 days.
WHO’S LOOKING OVER YOUR SHOULDER? • Be sure no one else can view the computer screen as you work. • Only share the necessary patient information to complete the job. • Discuss patient information in private and not in hallways. • Keep papers with patient information secure. • Do not disclose patient information without proper authorization.
SYSTEM SECURITY CONSIDERATIONS • Work with a reputable Information Technology Company. • Update Security Systems frequently. • Backup electronic health records on a regular basis. • Store regular backups in a secure place.
REFERENCES • US Department of Health and Human Services: Health Information Privacy (2014). Summary of the hippa security rule. Retrieved March 30, 2014 from http://hhs.gov/ocr/privacy/hippa/understanding/srsummary.html • Gardner, L. A., & Sparnon, E. M., (2014). Work-arounds slow electronic health record use: a slow transition to electronic records creates a safety hazard. American Journal of Nursing, 114(4), 64-67. • Filipova, A. A., (2013). Electronic health records use and barriers and benefits to use in skilled nursing facilities. CIN: computers, informatics, nursing 31(7), 305-318.
HIPAA AND INFORMATION TECHNOLOGY
HIPAA AND INFORMATION TECHNOLOGY HIPAA of 1996 • States that after leaving an employer, health insurance coverage will continue. • Provides guidelines related to health information being sent electronically www.cdc.gov/mmwr/preview/mmwrhtml/m2e411.htm
HIPAA AND INFORMATION TECHNOLOGY Who is covered? • Healthcare providers • Health plans • Healthcare clearinghouse www.hhs.gov/ocr/privacy/
HIPAA AND INFORMATION TECHNOLOGY Important Dates April 14, 2001-HIPAA became effective August 14, 20002-HIPAA was modified April 14, 2003-Healthcare entities must be in compliance with regulations www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm
HIPAA AND INFORMATION TECHNOLOGY HIPAA Privacy Rule • “Protects the privacy of individually identifiable health information” • Enforced by the Office for Civil Rights www.hhs.gov/ocr/privacy/
HIPAA AND INFORMATION TECHNOLOGY Three Parts • Privacy Rule Federal protection Health information is protected. Health information can be shared to assist providing care or for insurance benefits www.hhs.gov/ocr/privacy/
HIPAA AND INFORMATION TECHNOLOGY Three Parts • Security Rule Administrative, physical, and technical safeguards www.hhs.gov/ocr/privacy/
HIPAA AND INFORMATION TECHNOLOGY Three Parts • Breach Notification Rule To assure confidentiality, integrity, and availability of health information www.hhs.gov/ocr/privacy/
HIPAA AND INFORMATION TECHNOLOGY References Center for Disease Control. (2003). HIPAA privacy rule and public health. Retrieved March 30, 2014 from www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm US Dept of Health & Human Services. Health information privacy. Retrieved March 30, 2014 from www.hhs.gov/ocr/privacy/
THANK YOU FOR WATCHING.

Recommended

Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act Kartheek Kein
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Compliancy Group
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityBen Quirk
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceTrueVault
 
HIPAA Compliance Checklist
HIPAA Compliance ChecklistHIPAA Compliance Checklist
HIPAA Compliance ChecklistLeigh-Ann Renz
 

Recommended

Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act Kartheek Kein
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Do You Know How to Handle a HIPAA Breach?
Do You Know How to Handle a HIPAA Breach?Compliancy Group
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityBen Quirk
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceTrueVault
 
HIPAA Compliance Checklist
HIPAA Compliance ChecklistHIPAA Compliance Checklist
HIPAA Compliance ChecklistLeigh-Ann Renz
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
HxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason WangHxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason WangHxRefactored
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesCMDLMS
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to YouWinston & Strawn LLP
 
HIPAA Presentation
HIPAA PresentationHIPAA Presentation
HIPAA PresentationLyubovKarnaukh
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa pptMari Mina
 
IM2459 Mobile Device Policy
IM2459 Mobile Device Policy IM2459 Mobile Device Policy
IM2459 Mobile Device Policy Agnesian HealthCare
 
UPMC Identity Data Breach
UPMC Identity Data BreachUPMC Identity Data Breach
UPMC Identity Data Breach Managed Outsource Solutions
 
Training powerpoint mha
Training powerpoint mhaTraining powerpoint mha
Training powerpoint mhaThereseS
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture ECMDLearning
 
Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpointkvanrandall
 
Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Vitor Lundberg
 
Patient confidentiality.ppt
Patient confidentiality.pptPatient confidentiality.ppt
Patient confidentiality.pptchwiso8418
 
Week 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalWeek 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalLucy Lacy
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...Michigan Primary Care Association
 
Unit 5 intro to writing
Unit 5 intro to writingUnit 5 intro to writing
Unit 5 intro to writingEverton Walker
 
Unit 6
Unit 6Unit 6
Unit 6Everton Walker
 

More Related Content

What's hot

HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
HxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason WangHxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason WangHxRefactored
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesCMDLMS
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowNetwork 1 Consulting
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa pptMari Mina
 
Training powerpoint mha
Training powerpoint mhaTraining powerpoint mha
Training powerpoint mhaThereseS
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture ECMDLearning
 
Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpointkvanrandall
 
Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Vitor Lundberg
 
Patient confidentiality.ppt
Patient confidentiality.pptPatient confidentiality.ppt
Patient confidentiality.pptchwiso8418
 
Week 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalWeek 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalLucy Lacy
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...Michigan Primary Care Association
 

What's hot (20)

HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
HxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason WangHxRefactored - TrueVault - Jason Wang
HxRefactored - TrueVault - Jason Wang
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
HIPAA Presentation
HIPAA PresentationHIPAA Presentation
HIPAA Presentation
 
Protecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to KnowProtecting ePHI: What Providers and Business Associates Need to Know
Protecting ePHI: What Providers and Business Associates Need to Know
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa ppt
 
IM2459 Mobile Device Policy
IM2459 Mobile Device Policy IM2459 Mobile Device Policy
IM2459 Mobile Device Policy
 
UPMC Identity Data Breach
UPMC Identity Data BreachUPMC Identity Data Breach
UPMC Identity Data Breach
 
Training powerpoint mha
Training powerpoint mhaTraining powerpoint mha
Training powerpoint mha
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security Webinar
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
 
Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpoint
 
Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake Hortonworks help customers building a HIPAA compliant Data Lake
Hortonworks help customers building a HIPAA compliant Data Lake
 
Patient confidentiality.ppt
Patient confidentiality.pptPatient confidentiality.ppt
Patient confidentiality.ppt
 
Week 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality finalWeek 1 discussion 2 confidentiality final
Week 1 discussion 2 confidentiality final
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
 

Viewers also liked

Unit 5 intro to writing
Unit 5 intro to writingUnit 5 intro to writing
Unit 5 intro to writingEverton Walker
 
Unit 1 intro to writing
Unit 1 intro to writingUnit 1 intro to writing
Unit 1 intro to writingEverton Walker
 
Unt 6 intro to writing
Unt 6 intro to writingUnt 6 intro to writing
Unt 6 intro to writingEverton Walker
 
Learning theory Powerpoint
Learning theory PowerpointLearning theory Powerpoint
Learning theory Powerpointdp656
 
Unit 2 intro to writing
Unit 2 intro to writingUnit 2 intro to writing
Unit 2 intro to writingEverton Walker
 
Unit 4 intro to writing
Unit 4 intro to writingUnit 4 intro to writing
Unit 4 intro to writingEverton Walker
 
Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...
Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...
Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...w_strone_piekna
 
Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...
Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...
Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...w_strone_piekna
 
Unit 3 intro to writing
Unit 3 intro to writingUnit 3 intro to writing
Unit 3 intro to writingEverton Walker
 
Evaluating children’s literature
Evaluating children’s literatureEvaluating children’s literature
Evaluating children’s literatureEverton Walker
 

Viewers also liked (16)

Unit 5 intro to writing
Unit 5 intro to writingUnit 5 intro to writing
Unit 5 intro to writing
 
Unit 6
Unit 6Unit 6
Unit 6
 
Unit 1 intro to writing
Unit 1 intro to writingUnit 1 intro to writing
Unit 1 intro to writing
 
Punainen risti
Punainen ristiPunainen risti
Punainen risti
 
Unt 6 intro to writing
Unt 6 intro to writingUnt 6 intro to writing
Unt 6 intro to writing
 
Unit 5
Unit 5Unit 5
Unit 5
 
Learning theory Powerpoint
Learning theory PowerpointLearning theory Powerpoint
Learning theory Powerpoint
 
Unit 2 intro to writing
Unit 2 intro to writingUnit 2 intro to writing
Unit 2 intro to writing
 
Web quest
Web questWeb quest
Web quest
 
Unit 4 intro to writing
Unit 4 intro to writingUnit 4 intro to writing
Unit 4 intro to writing
 
Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...
Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...
Katarzyna Kiełbińska - Praktyki partycypacyjne i dyskusja medialna na przykła...
 
Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...
Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...
Adam Rodziewicz, Biuro Rozwoju Gdańska - Studium Ogólnomiejskich Przestrzeni ...
 
Unit 3 intro to writing
Unit 3 intro to writingUnit 3 intro to writing
Unit 3 intro to writing
 
CCIE
CCIE CCIE
CCIE
 
Evaluating children’s literature
Evaluating children’s literatureEvaluating children’s literature
Evaluating children’s literature
 
Addie model
Addie modelAddie model
Addie model
 

Similar to Final copy 7

Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118robint2125
 
Geek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and CompliantGeek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and CompliantIDERA Software
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?TriageLogic
 
Small actions with big consequences Data Encryption a must do for Medical Pra...
Small actions with big consequences Data Encryption a must do for Medical Pra...Small actions with big consequences Data Encryption a must do for Medical Pra...
Small actions with big consequences Data Encryption a must do for Medical Pra...CureMD
 
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.comHcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.comejazmazhar
 
Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...
Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...
Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...cdmoore0206
 
CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014 CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014 Jason Karn
 
MHA690 confidentiality training
MHA690 confidentiality trainingMHA690 confidentiality training
MHA690 confidentiality trainingsdavis49
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialityJake Facer
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility moderobint2125
 
How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?Lepide USA Inc
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewClearDATACloud
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 

Similar to Final copy 7 (20)

Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
Understanding hipaa
Understanding hipaaUnderstanding hipaa
Understanding hipaa
 
Geek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and CompliantGeek Sync | Keep your Healthcare Databases Secure and Compliant
Geek Sync | Keep your Healthcare Databases Secure and Compliant
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?
 
Small actions with big consequences Data Encryption a must do for Medical Pra...
Small actions with big consequences Data Encryption a must do for Medical Pra...Small actions with big consequences Data Encryption a must do for Medical Pra...
Small actions with big consequences Data Encryption a must do for Medical Pra...
 
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.comHcc_hipaa hitech training_Basic www.hcctecnologies.com
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
 
Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...
Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...
Better understanding HIPPA and our responsibility as Providers: Avoidance Tec...
 
How good we are in adhering HIPAA rules
How good we are in adhering HIPAA rulesHow good we are in adhering HIPAA rules
How good we are in adhering HIPAA rules
 
CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014 CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014
 
MHA690 confidentiality training
MHA690 confidentiality trainingMHA690 confidentiality training
MHA690 confidentiality training
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
3 02
3 023 02
3 02
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility mode
 
How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?
 
Mha690 w1 d2
Mha690 w1 d2Mha690 w1 d2
Mha690 w1 d2
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
5 hipaa training
5 hipaa training5 hipaa training
5 hipaa training
 

Recently uploaded

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 

Recently uploaded (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 

Final copy 7

  • 2. HIPPA VIOLATIONS & ITS IMPLICATIONS PRESENTED BY: A.DUENAS RN, CRM, CPN
  • 3. STORING PATIENT INFORMATION ON LAPTOPS… • THE # 1HIPPA VIOLATION: IS A RESULT OF STORING PHI ON UNSECURED LAPTOPS . • IF PHI MUST BE ASSESED REMOTLY IT IS BEST TO CONSIDER UTILIZING A CLOUD STORAGE ,FOR SECURITY.
  • 4. EMPLOYEES INAPPROPRIATELY ACCESSING, USING OR TRANSMITTING PHI… • MOST COMMON HIPPA VIOLATIONS INVOLVE HEALTHCARE EMPLOYEES ACCESSING FILES INAPPROPRIATELY, EIGHTER, OUT OF CURIOSITY, OR MALICIOUSLY. • USING CLEARENCE LEVELS AND USEING ID CODES FOR ACCESSING PHI WILL DISCOURAGE THIS BEHAVIOR.
  • 5. THE LOSS OF BACKUP DISKS OR PORTABLE DRIVES… • LAST YEAR, AN ATLANTA-BASED HOSPITAL SYSTEM MISPLACED 1O BACKUP DISKS STORING THE PHI OF OVER 315K PATIENTS. • ACCOUNTABILITY LOGS AND THOROUGH RECORDS SHOULD BE KEPT WHEN DEALING WITH BACKUP DISK, AND THUMB-NAIL DRIVES SHOULD BE PASSWORD PROTECTED AND ENCRYPTED
  • 6. COMPUTER HACKING… • IN 2012, THE UTAH DEPARTMENT OF HEALTH CONFIRMED THAT A SERVER WITH THE PHI OF MORE THAN 780K PATIENTS HAD BEEN HACKED INTO, LEAKING ADDRESSES, BIRTH DATES, SOCIAL SECURITY NUMBERS, DIAGNOSES CODES , ETC. • ENCRYPTION, FIREWALLS, AND OTHER SECURITY MEASURES ARE IMPERATIVE TO
  • 7. FAILURE TO RELEASE PATIENT INFORMATION IN A TIMELY MANNER … • ANOTHER ADDITION OF THE FINAL OMNIBUSRULE IS THE REQUIREMENT OF MEDICAL FACILITIES TO RELEASE ELECTRONIC COPIES OF MEDICAL RECORDS TO PATIENTS UPON REQUEST. • SHOULD YOUR FACILITY BE UNABLE TO RESPOND TO THE REQUEST IN A TIMELY MANNER, YOU COULD NE FINED. • IF YOUR FACILITY IS NOT CURRENTLY EQUIPPED TO PROCESS ELECTRONIC FILES ,
  • 8. ERRORS IN PAPER FILE STORAGE AND DISPOSAL… • SOME OF THE MOST COMMON HIPPA VIOLATIONS OCCUR AS A ESULT OF HUMAN ERROR. • ITS ALL TOO EASY FOR AN ADMINISTER TO INCORRECTLY FILE A PATIENTS RECORD., OR MISTAKENLY DISCARD A PRIVATE DOCUMENT WITHOUT SHREDDING IT. • BREECHES LIKE THESE CAN BE AVOIDED BY SWITCHING TO AN ELECTRONIC FILING
  • 9. RELEASE OF INFORMATION AFTER AUTHORIZATION PERIOD HAS EXPIRED… • INSIST THAT YOUR STAFF TAKE THE TIME TO VERFIY THE EXPIRATION DATES ON HIPPA AUTORIZATIONS EACH TIME THAT A RELEASE OF IMFORMATION REQUEST COMES THROUGH • ALTHOUGH EVERYTHING ELSE MAY APPEAR TO BE IN ORDER, IF THE REQUEST FOR INFORMATION COMES IN AFTER THE EXPIRATION DATE, A NEW AUTHORIZATION FORM WILL NEED TO BE COMPLETED.
  • 10. FAILURE TO ESTABLISH CONTRACTS WITH BUSINESS ASSOCIATES… • THE FINAL OMNIBUS RULE HAS EXTENDE THE UMBRELLA UNDER WITH AND ENTITYS “BUSINESS ASSOCIATE” MAY FALL. • SHOULD YOUR BUSINESS EMPLOY ANY OUTSIDE PARTY TO HANDLE, PROCESS, OR TRANSMIT PHI, YOU MUST IMMEDIATELY ESTABLISH A NEW CONTRACT WITH THE AGENCY. • IN THIS CONTRACT , YOUR BUSINESS
  • 11. EXCLUTION OF “RIGHT TO REVOKE” CLAUSE… • YOUR PATIENTS HAVE THE RIGHT TO REVOKE THEIR HIPPA AUTHORIZATION, AND THIS RIGHT SHOULD CLEARLY BE STATED ON THE HIPPA FORM, LEST THE AUTHORIZATION BECOME INVALID.
  • 12. INCOMPLETE HIPPA AUTHORIZATION FORMS… • BEFORE RELEASING ANY INFORMATION TO OUTSIDE PARTIES, IT IS IMPERATIVE THAT YOU DOUBLE AND TRIPLE CHECK TO ENSURE AUHORIZATIONS ARE COMPLETED FROM TOP TO BOTTOM. • THE FORM SHOULD CLEARLY LIST THE PATIENTS NAME, THE PARTY OR PARTIES WHOM INFORMATION MAY BE RELEASED WHICH SPECIFIC ASPECTS OF THEIR MEDICAL RECORDS CAN BE RELEASED, AND THE DATE THROUGH
  • 15. THIS POWER POINT PRESENTATION CREATED BY NUR353 WORK GROUP C AND INCLUDES PARTICIPATION BY THE FOLLOWING MEMBERS: • Mary Edwards, RN
  • 16. TRANSITION FROM PAPER TO ELECTRONIC: • A statement by the American Health Information Management Association suggests the complete transition from paper charting to an electronic medical record system to be a best practice. • The use of or consultation involving a nurse with informatics experience and a health information technology specialist is critical to making the transition to the electronic record a reachable goal. • Staff education to the electronic system and time to practice using the electronic health record will be essential steps in the transition to the electronic system.
  • 17. HIPPA REQUIREMENTS OF ELECTRONIC MEDICAL RECORDS A healthcare facility is obligated to identify any possible threats to patient records, assess any specific vulnerabilities in filing systems and must determine a reasonable level of tactics for safeguarding patient information. Facilities are required to implement any and all defense mechanisms to ensure patient records are protected.
  • 18. WHAT HEALTH INFORMATION IS PROTECTED? • Names • Dates relating to a patient, (i.e. birthdates, date of treatment, date of admission or discharge, and dates of death) • Telephone numbers, addresses, other contact information • Social Security Numbers • Medical record numbers • Photographs • Finger and voice prints • Any other identifying number • An individual’s health information (health information is protected even without the patient’s name on it if the information helps identify the patient)
  • 19. WHO MUST COMPLY? • Health Care Providers • Health Care Clearinghouses, (i.e. billing services) • Health Plans • Any Health Care Provider who transmits health information in electronic form in connection with a transaction
  • 20. WHO IS EXEMPT FROM THE PRIVACY RULE? Those covered by the privacy rule of the HIPPA act do not include group health plans administered or maintained by an employer with less than 50 employees. The privacy rule does not apply to workmen’s compensation or automobile insurance companies.
  • 21. THERE ARE SEVERAL LAYERS TO MAINTAINING THE SECURITY OF THE ELECTRONIC MEDICAL RECORD • PHYSICAL SECURITY • NETWORK SECURITY • USER SECURITY • SYSTEM SECURITY
  • 22. PHYSICAL SECURITY CONSIDERATIONS • Is it possible the computers that store the confidential information to be stolen? • Keep all computers used to store confidential information as well as the server in a locked and secure area of the healthcare facility. • Limit access to the area where the server is stored.
  • 23. NETWORK SECURITY CONSIDERATIONS • Is it possible for unauthorized persons outside the healthcare facility to access patient records? • Can a hacker get access to the protected information? • Make use of multiple firewalls-using only one firewall is not enough protection to prevent hackers from gaining access to protected information. • Use Spyware software. • Use IT personnel or a technical expert to maintain the network system.
  • 24. PROTECT THE PATIENT’S INFORMATION: • Be careful of entering identifiable patient information into emails. • Some emails can become public information and can be used in legal disputes. • When using fax machines be sure to protect the patient information by limiting who receives the information or limit the patient identifiable information that is contained in the fax. • Only disclose patient identifiable information on a need to know basis.
  • 25. USER SECURITY CONSIDERATIONS • Require password protection to access confidential patient files. • Utilize a user managerial system to determine which staff members will have access to certain levels of private information. • Make use of the managerial system to require password changes every 90 days.
  • 26. WHO’S LOOKING OVER YOUR SHOULDER? • Be sure no one else can view the computer screen as you work. • Only share the necessary patient information to complete the job. • Discuss patient information in private and not in hallways. • Keep papers with patient information secure. • Do not disclose patient information without proper authorization.
  • 27. SYSTEM SECURITY CONSIDERATIONS • Work with a reputable Information Technology Company. • Update Security Systems frequently. • Backup electronic health records on a regular basis. • Store regular backups in a secure place.
  • 28. REFERENCES • US Department of Health and Human Services: Health Information Privacy (2014). Summary of the hippa security rule. Retrieved March 30, 2014 from http://hhs.gov/ocr/privacy/hippa/understanding/srsummary.html • Gardner, L. A., & Sparnon, E. M., (2014). Work-arounds slow electronic health record use: a slow transition to electronic records creates a safety hazard. American Journal of Nursing, 114(4), 64-67. • Filipova, A. A., (2013). Electronic health records use and barriers and benefits to use in skilled nursing facilities. CIN: computers, informatics, nursing 31(7), 305-318.
  • 30. HIPAA AND INFORMATION TECHNOLOGY HIPAA of 1996 • States that after leaving an employer, health insurance coverage will continue. • Provides guidelines related to health information being sent electronically www.cdc.gov/mmwr/preview/mmwrhtml/m2e411.htm
  • 31. HIPAA AND INFORMATION TECHNOLOGY Who is covered? • Healthcare providers • Health plans • Healthcare clearinghouse www.hhs.gov/ocr/privacy/
  • 32. HIPAA AND INFORMATION TECHNOLOGY Important Dates April 14, 2001-HIPAA became effective August 14, 20002-HIPAA was modified April 14, 2003-Healthcare entities must be in compliance with regulations www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm
  • 33. HIPAA AND INFORMATION TECHNOLOGY HIPAA Privacy Rule • “Protects the privacy of individually identifiable health information” • Enforced by the Office for Civil Rights www.hhs.gov/ocr/privacy/
  • 34. HIPAA AND INFORMATION TECHNOLOGY Three Parts • Privacy Rule Federal protection Health information is protected. Health information can be shared to assist providing care or for insurance benefits www.hhs.gov/ocr/privacy/
  • 35. HIPAA AND INFORMATION TECHNOLOGY Three Parts • Security Rule Administrative, physical, and technical safeguards www.hhs.gov/ocr/privacy/
  • 36. HIPAA AND INFORMATION TECHNOLOGY Three Parts • Breach Notification Rule To assure confidentiality, integrity, and availability of health information www.hhs.gov/ocr/privacy/
  • 37. HIPAA AND INFORMATION TECHNOLOGY References Center for Disease Control. (2003). HIPAA privacy rule and public health. Retrieved March 30, 2014 from www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm US Dept of Health & Human Services. Health information privacy. Retrieved March 30, 2014 from www.hhs.gov/ocr/privacy/