Uploaded byWindstoneHealth
PPTX, PDF402 views

2022 Privacy Training

This document provides an overview of privacy training at Windstone Health Services. It covers the Health Insurance Portability and Accountability Act (HIPAA) and the Confidentiality of Medical Information Act (CMIA). It defines protected health information (PHI) and outlines employees' responsibility to protect PHI. It discusses appropriate use and disclosure of PHI, as well as patients' privacy rights. Violations of privacy laws can result in penalties such as fines and imprisonment. The corporate compliance department enforces privacy policies and can be contacted with any questions or reports of violations.

Embed presentation

Download to read offline
Compassion, Courtesy, Respect Windstone Health Services Privacy Training/COC: Privileges, CMIA, HIPAA 2022
• Learn about areas covered by Code of Conduct • Overview of healthcare privacy • Learn about Federal law—HIPAA (Health Insurance Portability and Accountability Act) • Learn about California state law-CMIA (Confidentiality of Medical Information Act) • Take a short quiz on what you’ve learned about HIPAA
CODE OF CONDUCT
 Code of Conduct Represents: o A set of written/unwritten rules outlining responsibilities, according to which people in a particular group, class, or situation are supposed to conduct themselves in a business setting. o The “face” of the company culture  The Code of Conduct is not intended to supersede any other applicable legal or regulatory requirements or any federal, state, or local government entity.  Windstone does not grant waivers to its code of conduct, conflict of interest and compliance standards.
 Gift Giving and Receiving o Windstone employees are prohibited from accepting or asking for bribes, kickbacks, gratuity of other forms of payment. o Employees or other business affiliates may not offer anything to influence business or to gain special treatment as an individual or organization.  Harassment and Discrimination o Windstone is committed to providing a work environment free of discrimination and harassment. o The company will not tolerate any form of harassment at any level of organization.
 Work Place Bullying o Windstone will not in any instance tolerate bullying behavior. o Bullying is defined as repeated inappropriate behavior, either direct or indirect, whether verbal, physical or otherwise, conducted by one or more persons against another or others, at the place of work and/or in the course of employment  Environmental Standards o Health care facilities produce wastes of various types. We are committed to safe and responsible disposal of waste products and the compliance with all applicable environmental laws and regulations. Areas Covered by Code of Conduct
 Health and Safety o We maintain an Injury and Illness Prevention Program (IIPP) to assist in providing a safe and healthy work environment. o Each employee is expected to obey safety rules and to exercise caution in all work-related activities.  Personal Use of Company Resources o Company resources must be maintained and utilized according to the rules and regulations. o We reserve the right to inspect all property to ensure compliance. o Employees are prohibited from using company facilities or equipment for personal use without prior authorization. Areas Covered by Code of Conduct
 Relationships with Contractors, Vendors, etc. o We strive to employ the highest ethical standards in all business practices and maintain integrity and excellent rapport with all business relations. o Selection criteria will be objectively based upon quality, service, price, technical excellence and the overall ability to meet our business needs and will not be determined by personal relationships and friendships.  Substance Abuse o We are committed to providing a drug and alcohol-free work environment to protect the interests of all individuals involved. o The use of alcohol, illegal drugs, or controlled substances, whether on or off the job, can adversely affect an employee’s work performance, efficiency, safety and health. Areas Covered by Code of Conduct
 Fair Dealing o We are dedicated to providing quality healthcare services to our community by maintaining the utmost ethical, legal and business standards. o Employees are expected to conduct business honestly and fairly without misrepresentation of material facts  Workplace Violence o It is our intent to provide a safe workplace for employees and to provide a comfortable and secure atmosphere for our customers and others with whom we do business. o We have zero tolerance for violent acts or threats of violence. Areas Covered by Code of Conduct
 Confidentiality and Privacy o We follow State and Federal Laws regarding confidential information, proprietary, trade secrets, internal information as valuable assets. o We adhere to the Health Insurance Portability and Accountability Act. Areas Covered by Code of Conduct
We expect that all employees will proactively:  Prevent wrongdoing  Promote ethical conduct with accountability  Promote compliance with government laws, rules and regulations  Promote accurate and timely reporting and behavior  Promote prompt internal reporting of violations of the Code and/or the law  Promote honesty in relationships with other employees, customers, and vendors Employee Role
 In an effort to prevent misconduct, the company requires all employees and providers to: o Know and comply with our policy and procedures o Participate in annual Code of Conduct and all required compliance trainings o Report incidents experienced directly or witnessed o Cooperation with investigations  It is your duty to immediately report any potential or suspected violations to Human Resources or the Compliance Officer without fear of retaliation or reprisal. Preventing Misconduct
 Failure to comply with this Code or Compliance plan may result in disciplinary action including termination.  Disciplinary decisions can vary depending on the severity and the frequency of the misconduct. o You may be subject to disciplinary action if you are aware of an problematic situation and do not report it. Disciplinary Action
PRIVACY/HIPAA COMPLIANCE TRAINING
• Long-time legal rule called a privilege”– a special entitlement or immunity o Communication between physician/patient is CONFIDENTIAL o Modern rule—also applies to psychotherapists-- which is defined to include MDs, NPs, psychologists, licensed social workers, and LMFTs o Applies to agents (people who work for the clinicians) • All employees must be aware of legally-required privacy considerations in all communications, written, verbal, and electronic regarding a member.
Portability:  Federal legislation was originally enacted in 1996 to make it easier for people to move from one health insurance plan to another  Establishes national standards for electronic data transmission.  Protects and guarantees health insurance coverage when an employee changes jobs
Accountability:  Protects health data integrity, confidentiality and availability.  Administrative simplification:  Reduces fraud and abuse, makes fraud prosecution easier (Medicare/Medical)  Establishes standards for protection of health information  Privacy (operational, consumer control, administration)  Security (administrative, physical, technical, network
Health Information Technology:  Expands HIPAA to protect electronic PHI  Provides patients the right to obtain their PHI in electronic format  Requires notification of any unsecured breaches to appropriate entities (i.e. patients, Health Plans, CMS)
 Employees who handle, use, or know individuals’ Protected Health Information  Health Care Providers (health departments, hospitals, doctors’ offices, any agency that transmits PHI electronically  Health plans that provide or pay the cost of medical care (e.g. Medical, Medicare, BC/BS/HMOs)  Trading Partners – Electronically exchange Protect Health Information  Business Associates – Performs services “on your behalf”  HIPAA also applies to you as a consumer of healthcare!
 Confidentiality of Medical Information Act  Can disclose information for certain purposes: o To clinicians for purposes of diagnosis and treatment o To billing companies o To quality committees/peer review o To insurance plans
 Special rules for psychotherapy o Usually requires authorization by patient that 1) Sets forth the specific information to be released, 2) The length of time that the information will be kept before being destroyed, and 3) A statement that information will not be used for any other purpose o Can always be used for diagnosis and treatment California Law--CMIA
 Speak with a lowered voice so others cannot overhear.  Be very careful when leaving messages that can be replayed or overheard by others.  Get permission before mailing documents to members.  Document permission in members medical record What does this mean for you?
 PHI is all individually identifiable health information o including demographic information, physical or mental health or other information that identifies the individual o Other information on treatment and care that is transmitted or maintained in any form or medium (electronic, paper, oral, etc.) o Examples of where PHI can be found:  Medical records and billing records  Insurance/Benefit enrollment and payment  Claims adjudication  Case or medical management What is covered? Protected Health Information (45CFR 160.103)
o Names o All geographic information including street address, city, county, zip code o All elements of dates (birth, admissions, discharge, death) o Telephone, fax numbers o Email addresses o Social Security numbers o Medical Record numbers o Health plan beneficiary numbers o Account numbers o Certificate/License numbers o Vehicle ID’s, plates, serial numbers o Device identifiers and serial numbers o URLs, IP addresses o Biometric ID’s: finger and voice prints o Full face photographs o Any other unique identifying number or characteristic Examples of PHI
 Employment records of the employer  Family Educational Rights and Privacy Act (FERPA)Records Preemption of state law: Privacy Rule overrides any other state law unless that state law provides more protection for the consumer. What is NOT covered by PHI (45CFR 160.103)
 Conduct discussions so that others may not overhear them  Do not leave medical records where others can see them or access them  PHI information should NOT be shared or be viewable in public areas  Do not leave copies of PHI at copy machines, printers, or fax machines  Do not share computer passwords or leave them visible  Do not leave computer files open when leaving unlocked or shared work area  Dispose of paper containing PHI properly Some Ways of PHI Protection
• When using any PHI, Health care employees must generally make reasonable efforts to limit use to the • “minimum necessary to accomplish the intended purpose of the use, disclosure, or request” required to do their jobs. Minimum Necessary Standard
 Use – (Internal) o With respect to “individually identifiable health information”:  the sharing, employing, applying, utilizing, examining, or analyzing of such information within the organization that maintains such information (45CFR 164.50)  Disclosure - (External) o Release, transfer, allowing access to, or divulging information outside the organization (45CFR 164.501) What Actions are Covered?
 The patient has the right to request an organization to restrict the use and disclosure (release) of his/her confidential information. o Can request restriction in the use of information for Treatment, Payment or Operation purposes o Organization is not required to agree with restrictions. Use and Disclose for TPO
 Remember, confidentiality requirements apply to family members  DO NOT disclose to member’s spouse or children without a POA or, in limited situations, the express documented permission of the member  Signed authorizations for release of information are considered invalid, if there is no expiration date or an event that triggers expiration. o WBH release forms indicate expiration as either in one year from the date signed or as noted. Use and Disclosure (Power of Attorney (POA)
 Here at WBH, wife of member called asking to speak to provider re. issue with husband’s medication. We immediately called provider to give him wife’s cell phone number. Provider refused to speak with wife--stated husband had expressly told provider that he didn’t want wife involved in his treatment.  Small town hospital, woman’ pregnancy test was positive. Lab tech sees woman’s sister that night at local restaurant and congratulates her. Woman wasn’t married and wasn’t going to disclose to family. Sues and wins judgment against lab tech and hospital.  ** Use / Disclosure
 Some uses/disclosures are “incidental / accidental” o Made in the course of routine operations  (talking about a member to the clinical team and someone else overhears) o Limited in nature  (it occurred as the other person waited to talk to clinical team) o Could not be reasonably prevented o Allowed IF:  The “minimum necessary standard” is followed  Reasonable safeguards are in place Incidental/Accidental Use/Disclosure
 Report an “Incidental / accidental use / disclosure” to your Supervisor or Compliance Officer IMMEDIATELY  DO NOT DESTROY Any documents, e-mail messages, voicemail messages, or ANYTHING else relating to the disclosure  Destruction of records can result in additional discipline  A violation of PHI is considered a breach as soon as it occurs Incidental/Accidental Use/Disclosure
 ACCESS their PHI including inspecting and obtaining a copy of PHI  AMEND incorrect records—a member can request an amendment  An ACCOUNTING of disclosures—a member can request an accounting  AUTHORIZE, or refuse to authorize, the use or sharing of PHI  Designate someone to ACT on the patient’s behalf regarding PHI  ALTERNATIVE means—member can request receipt of PHI by alternative means and at alternative locations, where routine communications could endanger the individual  File a complaint about a possible breach of privacy HIPAA Gives Members the Right to:
• Three types of safeguards: 1) Administrative 2) Physical 3) Electronic
 Confidentiality agreement  Confidentiality/HIPAA policies in policy and procedure manual Administrative Safeguards
 Use key card—don’t let strangers into building.  Pick up printouts and copies promptly from printers, fax machines, and copiers.  Every day at close of business, clean off your desk.  Use fax software to receive secure faxes directly into your computer. Physical Safeguards
 Use locked shred bins  Insert documents completely into the shred bin…do NOT leave papers containing PHI outside the bin Physical Safeguards
 Protect the confidentiality of transmitted electronic confidential information, including but not limited to electronic Protected Health Information (ePHI), by using a secure fax or the Secure File Portal. Electronic Safeguards
Do not place any PHI in the subject heading  an internal patient identifier (member id number) or abbreviation should be used instead.  For any other instances, PHI should either be faxed or placed on a Secure File Portal.  Never communicate with a member through email without encryption When E-mailing PHI
 When in doubt, don’t provide information  Access information on a need-to-know basis, only to do your job.  Verify fax numbers before sending  DO NOT send e-mails unless the connection is secure and approved.  Verify the identity of a caller before releasing confidential information  Discuss patient information as privately as possible  Never share your password with anyone (except extenuating circumstances – with written permission)  Log off before you walk away from your computer  Maintain security of all patient information in all medium (paper, electronic, oral, etc)  Dispose of confidential information according to proper procedures (locked shred bins) **Refer complaints and concerns to WHS’s Compliance Officer Top 10 Privacy & Security Practices
 Cignet Health Center, a group of clinics in Maryland, was fined $4.3 million for failing to release medical records to patients requesting them.  Rite Aid--$1 million fine for disposing of prescriptions and pill bottles in regular trash containers.  UCLA--$865,500 fine due to employees improperly accessing celebrity patients’ medical records.  New York-Presbyterian Hospital had to pay a $2.2 million penalty to federal regulators for allowing television crews to film two patients without their consent — one who was dying, the other in significant distress. HIPAA Violations in the News
 HIPAA civil penalties include: o $100 / person / violation o $25,000 / year for multiple violations o $25,000 fine cap per year per requirement Penalties for HIPAA Violations
 HIPAA criminal penalties include: o $50K and/or 1 year imprisonment: for knowingly or wrongfully disclosing or receiving PHI o $100K and/or 5 yrs imprisonment: commit offense under false pretenses o $250K and/or 10 years imprisonment: for intent to sell PHI or client lists for personal gain or malicious harm  Anyone can be personally liable!  These penalties apply to oral, paper and electronic Protected Health Information (PHI) Penalties for HIPAA Violations
 Responsible for monitoring patient privacy and enforcing the HIPAA Privacy Rule and maintaining the physical perimeter of the Covered Entity’s place of business: o Erin Woodmas, Quality/Compliance Officer o 714.384.3870 x 238 o Ewoodmas@windstonehealth.com o Patty Rothstein, Quality/Compliance Specialist o 714.384.3870 x 300 o Prothstein@windstonehealth.com or o Leanne Poploff, Quality/Compliance Specialist o 714-384-3870 x 213 o Lpoploff@windstonehealth.com Corporate Compliance Department
 You are always free to speak with the Compliance/Privacy Officer—your complaint will be kept confidential  You may contact the Office of Civil Rights of the Department of Health and Human Services or the Office of the Inspector General  HIPAA prohibits retaliation of any kind for filing a complaint  *** HIPAA Complaints
1. Does the physician/patient privilege provide for the confidentiality of communications with psychotherapists? Yes________ No________ 2. What does the acronym CMIA stand for? ________________________________________ 3. What does the acronym HIPAA stand for? _____Health Insurance Privacy and Administration Act _____Health Insurance Portability and Accountability Act _____Healthcare Industry Privacy and Accountability Act HIPAA Quiz
4. What does HIPAA do? ____Prevent health care fraud and abuse ____Provide for electronic and physical security of a patient’s health information ____Protects the privacy and security of a patient’s health information ____All of the above 5. How does a patient learn about privacy under HIPAA? ____The patient looks it up on the Internet ____At the patient’s first visit he/she is given the Provider’s notice Of Privacy Practices, and signs an acknowledgement that he/she has received a copy of it. ____The government sent this out in the mail to every U.S. citizen prior to April 14, 2003 ____The patient asks his doctor or nurse. HIPAA Quiz
6. What does PHI stand for? ________________________________ 7. What information constitutes PHI? (check all that apply) ____Information that can be used to identify a patient ____Information about a past or present mental or physical condition of a patient. ____All of the answers ____Covered transactions (eligibility, enrollment, healthcare claims, payment, etc.) performed electronically HIPAA Quiz
8. When can you use or disclose PHI? ___For obtaining payment for services, if it is part of your job ___For the treatment of the patient, if it is part of your job ___All of the answers ___When the patient has authorized, in writing, its release 9. A violation of PHI is considered a breach when: ____The incident becomes known ____It occurs ____The affected individual finds his/her identify stolen ____The Covered Entity or Business Associate concludes the analysis of whether the facts constitute a breach HIPAA Quiz
10. Which of the following apply to emailing PHI outside of Windstone? (Check all that apply) ___ An email to Cigna is automatically secure ___ Using the patient name in the subject heading is permissible ___ All of the above ___ Typing whss in the subject or body of an email will force encryption ___ Never communicate with a member through email without encryption 11. A co-worker is called away for a short errand and leaves their computer logged into a confidential information system. You need to look up information that is only available on that computer. Aside from notifying the appropriate person, what is the best approach you should take? ___ To save time, continue working under your co-worker’s User-ID ___ Log your co-worker off and re-log in under your own User-ID and password. ___ Do nothing HIPAA Quiz
12. Signed authorizations for release of information are considered invalid, if there is no expiration date or an event that triggers expiration. True_____ False_____ 13. What does “minimum necessary” mean? ____________________________________ 14. Which of the following is never acceptable to leave in a message on an answering machine? ____ The minimum necessary information to request that the client return the phone call if necessary ____ The caller’s name ____ Test Results ____ All of the above HIPAA Quiz
15. What are considered physical safeguards? (check all that apply) ____ Confidentiality policy ____ Every day at close of business, clean off your desk ____ Lock file cabinets and drawers at close of business ____ Remove papers from copiers/fax machines 16. What are considered electronic safeguards? (check all that apply) ____ Never share your password with another person ____ Never log in on another person’s password ____ Never write your password down ____ Lock your desk or file cabinets each day ____ Never share or open attached files from unknown sources 17. Can you complain about HIPAA violations without retaliation? Yes____ No____ HIPAA Quiz

More Related Content

PPT
Professional Body Language at Work
byMargaret Lakra Deb
 
PPTX
After 10th What? SIO Barkas
byMaaz Mohammed
 
PDF
Career Guidance Hand Book
byJamesadhikaram land consultancy 9447464502
 
PPTX
Personality development
bySalony Arora
 
PPTX
Personality grooming
byEmaan Khan
 
PPTX
BASICS of Grooming and Dress Code
byavhinandan khajuria
 
PPT
Behavioral Training : Behavioral skills in employees
byArsh Sood
 
PPT
Defensive Driving Original_3 Second Safe Following Distance_PNK_CRSP
byPaul N. Koyich
 
Professional Body Language at Work
byMargaret Lakra Deb
 
After 10th What? SIO Barkas
byMaaz Mohammed
 
Career Guidance Hand Book
byJamesadhikaram land consultancy 9447464502
 
Personality development
bySalony Arora
 
Personality grooming
byEmaan Khan
 
BASICS of Grooming and Dress Code
byavhinandan khajuria
 
Behavioral Training : Behavioral skills in employees
byArsh Sood
 
Defensive Driving Original_3 Second Safe Following Distance_PNK_CRSP
byPaul N. Koyich
 

Similar to 2022 Privacy Training

PPTX
HIPAA-COW-Training-Detailed Descriptions
byMayank Mathur
 
PPTX
HIPAA-Privacy and Security Training Session
byMayank Mathur
 
PPTX
New hire
byCaitlin Cornellier
 
PPTX
Confidentiality Issues Arising Under the ADA, FMLA, HIPAA
byParsons Behle & Latimer
 
PPTX
Understanding hipaa
bySharon Nemecek
 
PPTX
HIPAA Presentation
byLyubovKarnaukh
 
PPTX
Confidentiality & HIPAA Training Week 1 Discussion 2
byMelissa Morris
 
PPTX
Data Security and Privacy Practices
bySpringfield Clinic
 
PPT
Wk 1 dq 2 hippa confidentiality-privacy_ new employee orientation_karene su...
byKarene Sutherland
 
PPTX
HIPAA
byChristine Stofle
 
PPTX
Privacy-Security-Training-Session-Template-4.6.21.pptx
byMohammadBashir26
 
PPTX
Confidentiality
byEllen Forsström
 
PDF
Hipaa training new_staff_december 2018 - compatibility mode
byrobint2125
 
PPT
CONFIDENTIALITYANDHIPAA.ppt
byMohamedSultan234109
 
PPSX
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
byejazmazhar
 
PPTX
Mha 690 presentation hippa
bybelle0508
 
PPTX
Week 1 discussion patient confidentiality
byapalaciosy
 
PPTX
The challenges to clinical system adoption
byrain2bow
 
PPTX
Week 1 discussion 2 - HIPAA Training
byKristen Tereo
 
PDF
“Hipaa 2010”
byMarcie Kelley
 
HIPAA-COW-Training-Detailed Descriptions
byMayank Mathur
 
HIPAA-Privacy and Security Training Session
byMayank Mathur
 
New hire
byCaitlin Cornellier
 
Confidentiality Issues Arising Under the ADA, FMLA, HIPAA
byParsons Behle & Latimer
 
Understanding hipaa
bySharon Nemecek
 
HIPAA Presentation
byLyubovKarnaukh
 
Confidentiality & HIPAA Training Week 1 Discussion 2
byMelissa Morris
 
Data Security and Privacy Practices
bySpringfield Clinic
 
Wk 1 dq 2 hippa confidentiality-privacy_ new employee orientation_karene su...
byKarene Sutherland
 
HIPAA
byChristine Stofle
 
Privacy-Security-Training-Session-Template-4.6.21.pptx
byMohammadBashir26
 
Confidentiality
byEllen Forsström
 
Hipaa training new_staff_december 2018 - compatibility mode
byrobint2125
 
CONFIDENTIALITYANDHIPAA.ppt
byMohamedSultan234109
 
Hcc_hipaa hitech training_Basic www.hcctecnologies.com
byejazmazhar
 
Mha 690 presentation hippa
bybelle0508
 
Week 1 discussion patient confidentiality
byapalaciosy
 
The challenges to clinical system adoption
byrain2bow
 
Week 1 discussion 2 - HIPAA Training
byKristen Tereo
 
“Hipaa 2010”
byMarcie Kelley
 

Recently uploaded

PDF
Ryan’s Retina 6th Ed.................pdf
byMohammad Bawtag
 
PDF
Philippines CT Scanners Market Size & Share
byIMARC Group
 
PDF
From Classification to Collaboration: Applying the International Classificati...
byOlaf Kraus de Camargo
 
PPTX
CURRENT ATLS GUIDELINES IN PEDIATRIC TRAUMA (2).pptx
byFaheem Andrabi
 
PDF
Advanced Prostate Cancer: Symptoms, Progression & Treatment Options
byLetsMeds
 
PPTX
Biostatistics- Data types and presentation
byAnkitMittal145
 
PPTX
DISORDERS OF PERCEPTION DETAILED FOR STUDENTS..pptx
byDr.Prakashkumar More
 
DOCX
Test Bank For Fundamentals of Nursing: Standards and Practice Fourth Edition ...
byshadrackmutati39
 
PDF
Retinoscopy & It's Principle - static vs dynamic retinoscopy in detail
bySamikshaRai22
 
PPTX
Human Excretory System (RIT): Kidney Functions & Urine Formation Made Easy
byBALAJI SOMA
 
PPTX
Lungs & Respiratory System (RIT): Mechanics of Breathing and Gas Exchange Exp...
byBALAJI SOMA
 
PPTX
JANUARY 2026 ONCOLOGY CARTOONS BY DR KANHU CHARAN PATRO
byKanhu Charan
 
PPTX
Clinical Clerkship Case Presentation on Patient Care and Management (Pharm D)
byPriyankapadvalkar
 
PPTX
Spina_Bifida_MBBS_Level_Presentation.pptx
byhokenkerala
 
PPTX
Nervous System: Organization & Functions
byBALAJI SOMA
 
PPTX
HOSPITALBMW#byMaj Taniabose/MHRoorkee.pptx
byMaj Tania Bose
 
PPTX
Easy Peasy Gut: Complete Digestive Support
byEthniq
 
PPTX
Systemic Sclerosis (Scleroderma): Clinical Features, Investigations, and Mana...
byAkif Ibn Salam
 
PPT
7. BENIGN LEUCOCYTES DISORDERS.ppt ppppt
byelijahjkkallon008
 
PPTX
Hemoflagellates (Trypanosomes) -Bilal.pptx
byBilalMaheen
 
Ryan’s Retina 6th Ed.................pdf
byMohammad Bawtag
 
Philippines CT Scanners Market Size & Share
byIMARC Group
 
From Classification to Collaboration: Applying the International Classificati...
byOlaf Kraus de Camargo
 
CURRENT ATLS GUIDELINES IN PEDIATRIC TRAUMA (2).pptx
byFaheem Andrabi
 
Advanced Prostate Cancer: Symptoms, Progression & Treatment Options
byLetsMeds
 
Biostatistics- Data types and presentation
byAnkitMittal145
 
DISORDERS OF PERCEPTION DETAILED FOR STUDENTS..pptx
byDr.Prakashkumar More
 
Test Bank For Fundamentals of Nursing: Standards and Practice Fourth Edition ...
byshadrackmutati39
 
Retinoscopy & It's Principle - static vs dynamic retinoscopy in detail
bySamikshaRai22
 
Human Excretory System (RIT): Kidney Functions & Urine Formation Made Easy
byBALAJI SOMA
 
Lungs & Respiratory System (RIT): Mechanics of Breathing and Gas Exchange Exp...
byBALAJI SOMA
 
JANUARY 2026 ONCOLOGY CARTOONS BY DR KANHU CHARAN PATRO
byKanhu Charan
 
Clinical Clerkship Case Presentation on Patient Care and Management (Pharm D)
byPriyankapadvalkar
 
Spina_Bifida_MBBS_Level_Presentation.pptx
byhokenkerala
 
Nervous System: Organization & Functions
byBALAJI SOMA
 
HOSPITALBMW#byMaj Taniabose/MHRoorkee.pptx
byMaj Tania Bose
 
Easy Peasy Gut: Complete Digestive Support
byEthniq
 
Systemic Sclerosis (Scleroderma): Clinical Features, Investigations, and Mana...
byAkif Ibn Salam
 
7. BENIGN LEUCOCYTES DISORDERS.ppt ppppt
byelijahjkkallon008
 
Hemoflagellates (Trypanosomes) -Bilal.pptx
byBilalMaheen
 

2022 Privacy Training

  • 1.
    Compassion, Courtesy, Respect Windstone HealthServices Privacy Training/COC: Privileges, CMIA, HIPAA 2022
  • 2.
    • Learn aboutareas covered by Code of Conduct • Overview of healthcare privacy • Learn about Federal law—HIPAA (Health Insurance Portability and Accountability Act) • Learn about California state law-CMIA (Confidentiality of Medical Information Act) • Take a short quiz on what you’ve learned about HIPAA
  • 3.
  • 4.
     Code ofConduct Represents: o A set of written/unwritten rules outlining responsibilities, according to which people in a particular group, class, or situation are supposed to conduct themselves in a business setting. o The “face” of the company culture  The Code of Conduct is not intended to supersede any other applicable legal or regulatory requirements or any federal, state, or local government entity.  Windstone does not grant waivers to its code of conduct, conflict of interest and compliance standards.
  • 5.
     Gift Givingand Receiving o Windstone employees are prohibited from accepting or asking for bribes, kickbacks, gratuity of other forms of payment. o Employees or other business affiliates may not offer anything to influence business or to gain special treatment as an individual or organization.  Harassment and Discrimination o Windstone is committed to providing a work environment free of discrimination and harassment. o The company will not tolerate any form of harassment at any level of organization.
  • 6.
     Work PlaceBullying o Windstone will not in any instance tolerate bullying behavior. o Bullying is defined as repeated inappropriate behavior, either direct or indirect, whether verbal, physical or otherwise, conducted by one or more persons against another or others, at the place of work and/or in the course of employment  Environmental Standards o Health care facilities produce wastes of various types. We are committed to safe and responsible disposal of waste products and the compliance with all applicable environmental laws and regulations. Areas Covered by Code of Conduct
  • 7.
     Health andSafety o We maintain an Injury and Illness Prevention Program (IIPP) to assist in providing a safe and healthy work environment. o Each employee is expected to obey safety rules and to exercise caution in all work-related activities.  Personal Use of Company Resources o Company resources must be maintained and utilized according to the rules and regulations. o We reserve the right to inspect all property to ensure compliance. o Employees are prohibited from using company facilities or equipment for personal use without prior authorization. Areas Covered by Code of Conduct
  • 8.
     Relationships withContractors, Vendors, etc. o We strive to employ the highest ethical standards in all business practices and maintain integrity and excellent rapport with all business relations. o Selection criteria will be objectively based upon quality, service, price, technical excellence and the overall ability to meet our business needs and will not be determined by personal relationships and friendships.  Substance Abuse o We are committed to providing a drug and alcohol-free work environment to protect the interests of all individuals involved. o The use of alcohol, illegal drugs, or controlled substances, whether on or off the job, can adversely affect an employee’s work performance, efficiency, safety and health. Areas Covered by Code of Conduct
  • 9.
     Fair Dealing oWe are dedicated to providing quality healthcare services to our community by maintaining the utmost ethical, legal and business standards. o Employees are expected to conduct business honestly and fairly without misrepresentation of material facts  Workplace Violence o It is our intent to provide a safe workplace for employees and to provide a comfortable and secure atmosphere for our customers and others with whom we do business. o We have zero tolerance for violent acts or threats of violence. Areas Covered by Code of Conduct
  • 10.
     Confidentiality andPrivacy o We follow State and Federal Laws regarding confidential information, proprietary, trade secrets, internal information as valuable assets. o We adhere to the Health Insurance Portability and Accountability Act. Areas Covered by Code of Conduct
  • 11.
    We expect thatall employees will proactively:  Prevent wrongdoing  Promote ethical conduct with accountability  Promote compliance with government laws, rules and regulations  Promote accurate and timely reporting and behavior  Promote prompt internal reporting of violations of the Code and/or the law  Promote honesty in relationships with other employees, customers, and vendors Employee Role
  • 12.
     In aneffort to prevent misconduct, the company requires all employees and providers to: o Know and comply with our policy and procedures o Participate in annual Code of Conduct and all required compliance trainings o Report incidents experienced directly or witnessed o Cooperation with investigations  It is your duty to immediately report any potential or suspected violations to Human Resources or the Compliance Officer without fear of retaliation or reprisal. Preventing Misconduct
  • 13.
     Failure tocomply with this Code or Compliance plan may result in disciplinary action including termination.  Disciplinary decisions can vary depending on the severity and the frequency of the misconduct. o You may be subject to disciplinary action if you are aware of an problematic situation and do not report it. Disciplinary Action
  • 14.
  • 15.
    • Long-time legalrule called a privilege”– a special entitlement or immunity o Communication between physician/patient is CONFIDENTIAL o Modern rule—also applies to psychotherapists-- which is defined to include MDs, NPs, psychologists, licensed social workers, and LMFTs o Applies to agents (people who work for the clinicians) • All employees must be aware of legally-required privacy considerations in all communications, written, verbal, and electronic regarding a member.
  • 16.
    Portability:  Federal legislationwas originally enacted in 1996 to make it easier for people to move from one health insurance plan to another  Establishes national standards for electronic data transmission.  Protects and guarantees health insurance coverage when an employee changes jobs
  • 17.
    Accountability:  Protects healthdata integrity, confidentiality and availability.  Administrative simplification:  Reduces fraud and abuse, makes fraud prosecution easier (Medicare/Medical)  Establishes standards for protection of health information  Privacy (operational, consumer control, administration)  Security (administrative, physical, technical, network
  • 18.
    Health Information Technology: Expands HIPAA to protect electronic PHI  Provides patients the right to obtain their PHI in electronic format  Requires notification of any unsecured breaches to appropriate entities (i.e. patients, Health Plans, CMS)
  • 19.
     Employees whohandle, use, or know individuals’ Protected Health Information  Health Care Providers (health departments, hospitals, doctors’ offices, any agency that transmits PHI electronically  Health plans that provide or pay the cost of medical care (e.g. Medical, Medicare, BC/BS/HMOs)  Trading Partners – Electronically exchange Protect Health Information  Business Associates – Performs services “on your behalf”  HIPAA also applies to you as a consumer of healthcare!
  • 20.
     Confidentiality ofMedical Information Act  Can disclose information for certain purposes: o To clinicians for purposes of diagnosis and treatment o To billing companies o To quality committees/peer review o To insurance plans
  • 21.
     Special rulesfor psychotherapy o Usually requires authorization by patient that 1) Sets forth the specific information to be released, 2) The length of time that the information will be kept before being destroyed, and 3) A statement that information will not be used for any other purpose o Can always be used for diagnosis and treatment California Law--CMIA
  • 22.
     Speak witha lowered voice so others cannot overhear.  Be very careful when leaving messages that can be replayed or overheard by others.  Get permission before mailing documents to members.  Document permission in members medical record What does this mean for you?
  • 23.
     PHI isall individually identifiable health information o including demographic information, physical or mental health or other information that identifies the individual o Other information on treatment and care that is transmitted or maintained in any form or medium (electronic, paper, oral, etc.) o Examples of where PHI can be found:  Medical records and billing records  Insurance/Benefit enrollment and payment  Claims adjudication  Case or medical management What is covered? Protected Health Information (45CFR 160.103)
  • 24.
    o Names o Allgeographic information including street address, city, county, zip code o All elements of dates (birth, admissions, discharge, death) o Telephone, fax numbers o Email addresses o Social Security numbers o Medical Record numbers o Health plan beneficiary numbers o Account numbers o Certificate/License numbers o Vehicle ID’s, plates, serial numbers o Device identifiers and serial numbers o URLs, IP addresses o Biometric ID’s: finger and voice prints o Full face photographs o Any other unique identifying number or characteristic Examples of PHI
  • 25.
     Employment recordsof the employer  Family Educational Rights and Privacy Act (FERPA)Records Preemption of state law: Privacy Rule overrides any other state law unless that state law provides more protection for the consumer. What is NOT covered by PHI (45CFR 160.103)
  • 26.
     Conduct discussionsso that others may not overhear them  Do not leave medical records where others can see them or access them  PHI information should NOT be shared or be viewable in public areas  Do not leave copies of PHI at copy machines, printers, or fax machines  Do not share computer passwords or leave them visible  Do not leave computer files open when leaving unlocked or shared work area  Dispose of paper containing PHI properly Some Ways of PHI Protection
  • 27.
    • When usingany PHI, Health care employees must generally make reasonable efforts to limit use to the • “minimum necessary to accomplish the intended purpose of the use, disclosure, or request” required to do their jobs. Minimum Necessary Standard
  • 28.
     Use –(Internal) o With respect to “individually identifiable health information”:  the sharing, employing, applying, utilizing, examining, or analyzing of such information within the organization that maintains such information (45CFR 164.50)  Disclosure - (External) o Release, transfer, allowing access to, or divulging information outside the organization (45CFR 164.501) What Actions are Covered?
  • 29.
     The patienthas the right to request an organization to restrict the use and disclosure (release) of his/her confidential information. o Can request restriction in the use of information for Treatment, Payment or Operation purposes o Organization is not required to agree with restrictions. Use and Disclose for TPO
  • 30.
     Remember, confidentialityrequirements apply to family members  DO NOT disclose to member’s spouse or children without a POA or, in limited situations, the express documented permission of the member  Signed authorizations for release of information are considered invalid, if there is no expiration date or an event that triggers expiration. o WBH release forms indicate expiration as either in one year from the date signed or as noted. Use and Disclosure (Power of Attorney (POA)
  • 31.
     Here atWBH, wife of member called asking to speak to provider re. issue with husband’s medication. We immediately called provider to give him wife’s cell phone number. Provider refused to speak with wife--stated husband had expressly told provider that he didn’t want wife involved in his treatment.  Small town hospital, woman’ pregnancy test was positive. Lab tech sees woman’s sister that night at local restaurant and congratulates her. Woman wasn’t married and wasn’t going to disclose to family. Sues and wins judgment against lab tech and hospital.  ** Use / Disclosure
  • 32.
     Some uses/disclosuresare “incidental / accidental” o Made in the course of routine operations  (talking about a member to the clinical team and someone else overhears) o Limited in nature  (it occurred as the other person waited to talk to clinical team) o Could not be reasonably prevented o Allowed IF:  The “minimum necessary standard” is followed  Reasonable safeguards are in place Incidental/Accidental Use/Disclosure
  • 33.
     Report an“Incidental / accidental use / disclosure” to your Supervisor or Compliance Officer IMMEDIATELY  DO NOT DESTROY Any documents, e-mail messages, voicemail messages, or ANYTHING else relating to the disclosure  Destruction of records can result in additional discipline  A violation of PHI is considered a breach as soon as it occurs Incidental/Accidental Use/Disclosure
  • 34.
     ACCESS theirPHI including inspecting and obtaining a copy of PHI  AMEND incorrect records—a member can request an amendment  An ACCOUNTING of disclosures—a member can request an accounting  AUTHORIZE, or refuse to authorize, the use or sharing of PHI  Designate someone to ACT on the patient’s behalf regarding PHI  ALTERNATIVE means—member can request receipt of PHI by alternative means and at alternative locations, where routine communications could endanger the individual  File a complaint about a possible breach of privacy HIPAA Gives Members the Right to:
  • 35.
    • Three typesof safeguards: 1) Administrative 2) Physical 3) Electronic
  • 36.
     Confidentiality agreement Confidentiality/HIPAA policies in policy and procedure manual Administrative Safeguards
  • 37.
     Use keycard—don’t let strangers into building.  Pick up printouts and copies promptly from printers, fax machines, and copiers.  Every day at close of business, clean off your desk.  Use fax software to receive secure faxes directly into your computer. Physical Safeguards
  • 38.
     Use lockedshred bins  Insert documents completely into the shred bin…do NOT leave papers containing PHI outside the bin Physical Safeguards
  • 39.
     Protect theconfidentiality of transmitted electronic confidential information, including but not limited to electronic Protected Health Information (ePHI), by using a secure fax or the Secure File Portal. Electronic Safeguards
  • 40.
    Do not placeany PHI in the subject heading  an internal patient identifier (member id number) or abbreviation should be used instead.  For any other instances, PHI should either be faxed or placed on a Secure File Portal.  Never communicate with a member through email without encryption When E-mailing PHI
  • 41.
     When indoubt, don’t provide information  Access information on a need-to-know basis, only to do your job.  Verify fax numbers before sending  DO NOT send e-mails unless the connection is secure and approved.  Verify the identity of a caller before releasing confidential information  Discuss patient information as privately as possible  Never share your password with anyone (except extenuating circumstances – with written permission)  Log off before you walk away from your computer  Maintain security of all patient information in all medium (paper, electronic, oral, etc)  Dispose of confidential information according to proper procedures (locked shred bins) **Refer complaints and concerns to WHS’s Compliance Officer Top 10 Privacy & Security Practices
  • 42.
     Cignet HealthCenter, a group of clinics in Maryland, was fined $4.3 million for failing to release medical records to patients requesting them.  Rite Aid--$1 million fine for disposing of prescriptions and pill bottles in regular trash containers.  UCLA--$865,500 fine due to employees improperly accessing celebrity patients’ medical records.  New York-Presbyterian Hospital had to pay a $2.2 million penalty to federal regulators for allowing television crews to film two patients without their consent — one who was dying, the other in significant distress. HIPAA Violations in the News
  • 43.
     HIPAA civilpenalties include: o $100 / person / violation o $25,000 / year for multiple violations o $25,000 fine cap per year per requirement Penalties for HIPAA Violations
  • 44.
     HIPAA criminalpenalties include: o $50K and/or 1 year imprisonment: for knowingly or wrongfully disclosing or receiving PHI o $100K and/or 5 yrs imprisonment: commit offense under false pretenses o $250K and/or 10 years imprisonment: for intent to sell PHI or client lists for personal gain or malicious harm  Anyone can be personally liable!  These penalties apply to oral, paper and electronic Protected Health Information (PHI) Penalties for HIPAA Violations
  • 45.
     Responsible formonitoring patient privacy and enforcing the HIPAA Privacy Rule and maintaining the physical perimeter of the Covered Entity’s place of business: o Erin Woodmas, Quality/Compliance Officer o 714.384.3870 x 238 o Ewoodmas@windstonehealth.com o Patty Rothstein, Quality/Compliance Specialist o 714.384.3870 x 300 o Prothstein@windstonehealth.com or o Leanne Poploff, Quality/Compliance Specialist o 714-384-3870 x 213 o Lpoploff@windstonehealth.com Corporate Compliance Department
  • 46.
     You arealways free to speak with the Compliance/Privacy Officer—your complaint will be kept confidential  You may contact the Office of Civil Rights of the Department of Health and Human Services or the Office of the Inspector General  HIPAA prohibits retaliation of any kind for filing a complaint  *** HIPAA Complaints
  • 47.
    1. Does thephysician/patient privilege provide for the confidentiality of communications with psychotherapists? Yes________ No________ 2. What does the acronym CMIA stand for? ________________________________________ 3. What does the acronym HIPAA stand for? _____Health Insurance Privacy and Administration Act _____Health Insurance Portability and Accountability Act _____Healthcare Industry Privacy and Accountability Act HIPAA Quiz
  • 48.
    4. What doesHIPAA do? ____Prevent health care fraud and abuse ____Provide for electronic and physical security of a patient’s health information ____Protects the privacy and security of a patient’s health information ____All of the above 5. How does a patient learn about privacy under HIPAA? ____The patient looks it up on the Internet ____At the patient’s first visit he/she is given the Provider’s notice Of Privacy Practices, and signs an acknowledgement that he/she has received a copy of it. ____The government sent this out in the mail to every U.S. citizen prior to April 14, 2003 ____The patient asks his doctor or nurse. HIPAA Quiz
  • 49.
    6. What doesPHI stand for? ________________________________ 7. What information constitutes PHI? (check all that apply) ____Information that can be used to identify a patient ____Information about a past or present mental or physical condition of a patient. ____All of the answers ____Covered transactions (eligibility, enrollment, healthcare claims, payment, etc.) performed electronically HIPAA Quiz
  • 50.
    8. When canyou use or disclose PHI? ___For obtaining payment for services, if it is part of your job ___For the treatment of the patient, if it is part of your job ___All of the answers ___When the patient has authorized, in writing, its release 9. A violation of PHI is considered a breach when: ____The incident becomes known ____It occurs ____The affected individual finds his/her identify stolen ____The Covered Entity or Business Associate concludes the analysis of whether the facts constitute a breach HIPAA Quiz
  • 51.
    10. Which ofthe following apply to emailing PHI outside of Windstone? (Check all that apply) ___ An email to Cigna is automatically secure ___ Using the patient name in the subject heading is permissible ___ All of the above ___ Typing whss in the subject or body of an email will force encryption ___ Never communicate with a member through email without encryption 11. A co-worker is called away for a short errand and leaves their computer logged into a confidential information system. You need to look up information that is only available on that computer. Aside from notifying the appropriate person, what is the best approach you should take? ___ To save time, continue working under your co-worker’s User-ID ___ Log your co-worker off and re-log in under your own User-ID and password. ___ Do nothing HIPAA Quiz
  • 52.
    12. Signed authorizationsfor release of information are considered invalid, if there is no expiration date or an event that triggers expiration. True_____ False_____ 13. What does “minimum necessary” mean? ____________________________________ 14. Which of the following is never acceptable to leave in a message on an answering machine? ____ The minimum necessary information to request that the client return the phone call if necessary ____ The caller’s name ____ Test Results ____ All of the above HIPAA Quiz
  • 53.
    15. What areconsidered physical safeguards? (check all that apply) ____ Confidentiality policy ____ Every day at close of business, clean off your desk ____ Lock file cabinets and drawers at close of business ____ Remove papers from copiers/fax machines 16. What are considered electronic safeguards? (check all that apply) ____ Never share your password with another person ____ Never log in on another person’s password ____ Never write your password down ____ Lock your desk or file cabinets each day ____ Never share or open attached files from unknown sources 17. Can you complain about HIPAA violations without retaliation? Yes____ No____ HIPAA Quiz