SlideShare a Scribd company logo

Basic HIPAA Training by CMU

Atlantic Training, LLC.
Atlantic Training, LLC.

Basic HIPAA Training

Business
1 of 30
The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI
Who Needs Training and Why  Employees who come in contact with “Protected Health Information” are Federally required to attend training  Departments listed later  This presentation is designed to  Familiarize you with  HIPAA regulations  Our policies and procedures regarding protected health information (PHI)  Ensure Federal compliance  Our policies are posted at https://www.cmich.edu/office_president/general_counsel/hipaa/Pages/d efault.aspx
Summary of the Law  To establish basic privacy and security protection of health information.  To guarantee individuals the right to access their health information and learn how it is used and disclosed  To simplify payment for health care.
What Exactly is HIPAA?  Public Law 104-191 (1996)  Overseen by: Department of Health & Human Services (HHS) and enforced by Office for Civil Rights (OCR)  Regulations on:  Privacy of health information  Security of health information  Notification of breaches of confidentiality  Penalties for violating HIPAA
What is Protected by HIPAA?  Protected Health Information (PHI)  Any Individually Identifiable Health Information (IIHI)  Created or received by a health care provider, health plan, or health care clearinghouse  Relating to the past, present of future physical or mental health or condition of an individual (including information related to payment for health care)  Transmitted in any form or medium—paper, electronic and verbal communications
What is Protected by HIPAA?  Examples of PHI:  Medical charts  Problem logs  Photographs and videotapes  Communications between health care professionals  Billing records  Health plan claims records  Health insurance policy number
What is Protected by HIPAA?  Health information protected if it directly or indirectly identifies someone.  Direct identifiers: individual’s name, SSN, driver’s license numbers  Indirect identifiers: information about an individual that can be matched with other available information to identify the individual.
Direct and Indirect Identifiers 1. Name 2. Geographic subdivisions smaller than a State - Street Address - City - County - Precinct - Zip Code & their equivalent geocodes, except for the initial three digits 1. Dates, except year - Birth date - Admission date - Discharge date - Date of death 1. Telephone numbers 2. Fax number 6. E-Mail Address 7. Social Security numbers 8. Medical record numbers 9. Health plan beneficiary numbers 10. Account numbers 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers, including license plate numbers 13. Device identifiers and serial numbers 14. Web universal resource locations (URLs) 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger and voice prints 17. Full face photographic images and any comparable data 18. Any other unique identifying number, characteristic, or code
What is Protected by HIPAA?  If any direct or indirect identifiers are present, the information is PHI and subject to HIPAA protection.  Information can be “deidentified” – but the Privacy Officer must review to ensure all direct and indirect identifiers have been properly removed.
Who is Subject to HIPAA? CMU “covered entity” components:  University Health Services  Carls Center  CMU self-funded health plan benefit programs for employees
Who is Subject to HIPAA?  University Departments that provide services to the covered entity components:  General Counsel’s office  Internal Audit  Accounts Receivable  Faculty Personnel  Human Resources:  Benefits/Wellness  Employee Relations  Employment Services  Employment/Compensation  Information Technology
How HIPAA Protects PHI  Limits who may use or disclose PHI.  Limits the purposes for which PHI may be used or disclosed  Limits the amount of information that may be used or disclosed (Minimum Necessary rule)  Requires use of safeguards over how PHI is used, stored and disclosed
Who May Use PHI?  CMU workforce members trained on HIPAA privacy.  You are only given access to PHI if you need it in order to perform your job  You must agree to protect the confidentiality of the information  You are subject to discipline if you violate CMU’s privacy policies and procedures.
How May PHI May Used?  General Rule:  Workforce members may use or disclose PHI only for permitted uses without an individual’s specific written authorization.
Permitted Uses For PHI  “TPO”  Treatment  Payment  Health care operations  Specified public policy exceptions (public health and law enforcement)  Any other use requires individual written authorization
Treatment  Providing, coordinating & managing health care  Includes:  Direct treatment of patient  Consultation among health care providers  Indirect treatment (for example, laboratory testing)  Patient referral from one provider to another
Payment  Activities by a health care provider to obtain reimbursement for health care  Includes: billing, eligibility/coverage determination, medical necessity determinations  Activities by health plan to pay claims
Health Care Operations  Activities directly related to treatment and payment -- such as credentialing, auditing, utilization review, quality assessment, training programs  Supporting activities, such as computer systems support  Administrative and managerial activities, such as business planning, resolving complaints, and complying with HIPAA.
Minimum Necessary Rule  The use or disclosure of PHI is limited to the minimum amount necessary to accomplish the purpose  Does not apply to treatment  Can use whatever information you think you need for treatment purposes  Any other purpose, must consider: what is the minimum amount of information needed to perform the task?
Safeguarding PHI  People consider health information their most confidential information, and we must protect it accordingly  Do not access PHI that you do not need  Do not discuss PHI with individuals who do not need to know it.  Do not provide PHI to anyone not authorized to receive it  Misusing PHI can result in discipline, legal penalties and loss of trust
Safeguarding PHI When using PHI, think about: Where you are Who might overhear Who might see
Safeguarding PHI  Avoid:  Discussing PHI in front of others who do not need to know.  Leaving records accessible to patients or others who do need to see them  Positioning monitors where others can view them  Using printers located in public or unsecured areas
Safeguarding PHI  Follow safe practices for your computer system ID and password  Use strong passwords—see your area administrator for guidelines  Keep your use ID and password confidential and secure  if you need to write it down, keep it in your wallet  Do not allow anyone else to access the computer system under your ID
Safeguarding PHI  Only access electronic PHI from a workstation certified for HIPAA or PHI access.  Only save electronic PHI to a HIPAA- designated server  Do not save on computer’s hard drive, CD, floppy disk, USB thumb drive or other removable media  Do not leave computer station unattended without locking it first
Safeguarding PHI  Do not engage in risky practices with computers used to access PHI  Do not surf the internet  Do not open attachments to e-mail unless from a trusted source  Do not install applications unless approved by CMU IT Department
Safeguarding PHI  Do not unnecessarily print or copy PHI  When faxing PHI, use a fax cover page  Do not send PHI in email unless first cleared by your supervisor  Dispose of PHI when it is no longer needed  use shredding bins for paper records  When retiring electronic media used to store PHI, ensure the media is “cleansed” according to IT Department standards  Call Help Desk for more details
Safeguarding PHI  Report unusual activity to your supervisor immediately  You observe questionable practices  You find PHI in inappropriate areas  You suspect unauthorized use of your user ID/password  A patient/health plan participant complains to you about a privacy issue
Why should we care about the HIPAA rules? CMU  Disciplinary action up to and including termination of employment Civil Penalties  Up to $1.5 million per year per violation Criminal Penalties  Up to $250,000, imprisonment of up to ten years, or both Lawsuits  Invasion of privacy/negligence
HIPAA Web Links CMU HIPAA policies and procedures available at:  https://www.cmich.edu/office_president/gener al_counsel/hipaa/Pages/Policies_and_Proced ures.aspx
Knowledge Assessment  Please take some time to complete the knowledge assessment of this presentation.  You are required to do so and your completion will be recorded automatically.  You may retake the assessment as many times as needed in order to “score” 100%.  Any problems with the assessment, please contact the site instructor.

Recommended

Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA TrainingCynthia Holland
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplacesalvarez63
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
ManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine, Zoho Corporation
 

Recommended

Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA TrainingCynthia Holland
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
Confidentiality in the Workplace
Confidentiality in the WorkplaceConfidentiality in the Workplace
Confidentiality in the Workplacesalvarez63
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
ManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine Firewall Analyzer training
ManageEngine Firewall Analyzer trainingManageEngine, Zoho Corporation
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamAtlantic Training, LLC.
 
Stigmatization of Mental Illness
Stigmatization of Mental IllnessStigmatization of Mental Illness
Stigmatization of Mental IllnessNAMITM
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Confidentiality in the workplace (1)
Confidentiality in the workplace (1)Confidentiality in the workplace (1)
Confidentiality in the workplace (1)lei luna
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to YouWinston & Strawn LLP
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety TipsDepartment of Defense
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management SystemDaniel Suchy, CPP, MSyI
 
Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPAtlantic Training, LLC.
 
HIPAA Training by Greater Baltimore Medical Center
HIPAA Training by Greater Baltimore Medical CenterHIPAA Training by Greater Baltimore Medical Center
HIPAA Training by Greater Baltimore Medical CenterAtlantic Training, LLC.
 

More Related Content

What's hot

Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management ComplianceControlCase
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Stigmatization of Mental Illness
Stigmatization of Mental IllnessStigmatization of Mental Illness
Stigmatization of Mental IllnessNAMITM
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Confidentiality in the workplace (1)
Confidentiality in the workplace (1)Confidentiality in the workplace (1)
Confidentiality in the workplace (1)lei luna
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 

What's hot (20)

Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Phishing
PhishingPhishing
Phishing
 
PCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management CompliancePCI PIN Security & Key Management Compliance
PCI PIN Security & Key Management Compliance
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian Fleetham
 
Stigmatization of Mental Illness
Stigmatization of Mental IllnessStigmatization of Mental Illness
Stigmatization of Mental Illness
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
Confidentiality in the workplace (1)
Confidentiality in the workplace (1)Confidentiality in the workplace (1)
Confidentiality in the workplace (1)
 
HIPAA
HIPAAHIPAA
HIPAA
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety Tips
 
Physical Security Management System
Physical Security Management SystemPhysical Security Management System
Physical Security Management System
 

Viewers also liked

Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPAtlantic Training, LLC.
 
HIPAA Training by Greater Baltimore Medical Center
HIPAA Training by Greater Baltimore Medical CenterHIPAA Training by Greater Baltimore Medical Center
HIPAA Training by Greater Baltimore Medical CenterAtlantic Training, LLC.
 
HIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San FranciscoHIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San FranciscoAtlantic Training, LLC.
 
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardHIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardAtlantic Training, LLC.
 
HIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiHIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiAtlantic Training, LLC.
 
Hazard Communication by Maine Dept. of Labor
Hazard Communication by Maine Dept. of LaborHazard Communication by Maine Dept. of Labor
Hazard Communication by Maine Dept. of LaborAtlantic Training, LLC.
 
Slips, Trips and Falls by Connecticut DOL
Slips, Trips and Falls by Connecticut DOLSlips, Trips and Falls by Connecticut DOL
Slips, Trips and Falls by Connecticut DOLAtlantic Training, LLC.
 
Hazard Communication Training by Maine Department of Labor
Hazard Communication Training by Maine Department of LaborHazard Communication Training by Maine Department of Labor
Hazard Communication Training by Maine Department of LaborAtlantic Training, LLC.
 
Preventing Slips, Trips and Falls in the Health Care Industry by GTRI
Preventing Slips, Trips and Falls in the Health Care Industry by GTRIPreventing Slips, Trips and Falls in the Health Care Industry by GTRI
Preventing Slips, Trips and Falls in the Health Care Industry by GTRIAtlantic Training, LLC.
 
Hazard Communication Training by Oklahoma State University
Hazard Communication Training by Oklahoma State UniversityHazard Communication Training by Oklahoma State University
Hazard Communication Training by Oklahoma State UniversityAtlantic Training, LLC.
 
The Control of Hazardous Energy by SAPPI
The Control of Hazardous Energy by SAPPIThe Control of Hazardous Energy by SAPPI
The Control of Hazardous Energy by SAPPIAtlantic Training, LLC.
 
Hazard Communication Training Program by MIOSHA
Hazard Communication Training Program by MIOSHA Hazard Communication Training Program by MIOSHA
Hazard Communication Training Program by MIOSHAAtlantic Training, LLC.
 
Personal Protective Equipment Training by San Diego State University
Personal Protective Equipment Training by San Diego State UniversityPersonal Protective Equipment Training by San Diego State University
Personal Protective Equipment Training by San Diego State UniversityAtlantic Training, LLC.
 

Viewers also liked (20)

Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUP
 
HIPAA Training by Greater Baltimore Medical Center
HIPAA Training by Greater Baltimore Medical CenterHIPAA Training by Greater Baltimore Medical Center
HIPAA Training by Greater Baltimore Medical Center
 
HIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San FranciscoHIPAA 101 Privacy and Security Training by University of Californa San Francisco
HIPAA 101 Privacy and Security Training by University of Californa San Francisco
 
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery BoardHIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
HIPAA Workforce Training by Wayne-Holmes Mental Health Recovery Board
 
HIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiHIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of Hawaii
 
Hazard Communication by Maine Dept. of Labor
Hazard Communication by Maine Dept. of LaborHazard Communication by Maine Dept. of Labor
Hazard Communication by Maine Dept. of Labor
 
Slips, Trips and Falls by Connecticut DOL
Slips, Trips and Falls by Connecticut DOLSlips, Trips and Falls by Connecticut DOL
Slips, Trips and Falls by Connecticut DOL
 
Hazard Communication Training by Maine Department of Labor
Hazard Communication Training by Maine Department of LaborHazard Communication Training by Maine Department of Labor
Hazard Communication Training by Maine Department of Labor
 
Slips, Trips, and Falls by Signalmutual
Slips, Trips, and Falls by SignalmutualSlips, Trips, and Falls by Signalmutual
Slips, Trips, and Falls by Signalmutual
 
Preventing Slips, Trips and Falls in the Health Care Industry by GTRI
Preventing Slips, Trips and Falls in the Health Care Industry by GTRIPreventing Slips, Trips and Falls in the Health Care Industry by GTRI
Preventing Slips, Trips and Falls in the Health Care Industry by GTRI
 
Energy Control Program by MCIEAST
Energy Control Program by MCIEASTEnergy Control Program by MCIEAST
Energy Control Program by MCIEAST
 
Hazardous Energy Control by MSHA
Hazardous Energy Control by MSHAHazardous Energy Control by MSHA
Hazardous Energy Control by MSHA
 
Hazard Communication Training by Oklahoma State University
Hazard Communication Training by Oklahoma State UniversityHazard Communication Training by Oklahoma State University
Hazard Communication Training by Oklahoma State University
 
Lock Out-Tag Out Training by Ryko
Lock Out-Tag Out Training by RykoLock Out-Tag Out Training by Ryko
Lock Out-Tag Out Training by Ryko
 
The Control of Hazardous Energy by SAPPI
The Control of Hazardous Energy by SAPPIThe Control of Hazardous Energy by SAPPI
The Control of Hazardous Energy by SAPPI
 
Lockout Tagout by Snohomish County
Lockout Tagout by Snohomish CountyLockout Tagout by Snohomish County
Lockout Tagout by Snohomish County
 
Lockout Tagout by FirstSource
Lockout Tagout by FirstSourceLockout Tagout by FirstSource
Lockout Tagout by FirstSource
 
Hazard Communication Training Program by MIOSHA
Hazard Communication Training Program by MIOSHA Hazard Communication Training Program by MIOSHA
Hazard Communication Training Program by MIOSHA
 
Slips, Trips and Falls Training by WITC
Slips, Trips and Falls Training by WITCSlips, Trips and Falls Training by WITC
Slips, Trips and Falls Training by WITC
 
Personal Protective Equipment Training by San Diego State University
Personal Protective Equipment Training by San Diego State UniversityPersonal Protective Equipment Training by San Diego State University
Personal Protective Equipment Training by San Diego State University
 

Similar to Basic HIPAA Training by CMU

HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011darichardson
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2martykoepke
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialityLily Isaacson
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingvrgill22
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarcEtienne6
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Mha 690 week one discussion ii
Mha 690 week one discussion iiMha 690 week one discussion ii
Mha 690 week one discussion iibeleza1669
 
Mha 690 week one discussion ii
Mha 690 week one discussion iiMha 690 week one discussion ii
Mha 690 week one discussion iibeleza1669
 
Hippa and Confidentiality
Hippa and ConfidentialityHippa and Confidentiality
Hippa and Confidentialityramonapage
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 Meg Oser
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)bholmes
 
Data Security and Privacy Practices
Data Security and Privacy PracticesData Security and Privacy Practices
Data Security and Privacy PracticesSpringfield Clinic
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility moderobint2125
 

Similar to Basic HIPAA Training by CMU (20)

HIPAA Training - 2011
HIPAA Training - 2011HIPAA Training - 2011
HIPAA Training - 2011
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
 
Dustin HIPAA
Dustin HIPAADustin HIPAA
Dustin HIPAA
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy training
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio Presentation
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentation
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
 
HIPAA 2010
HIPAA 2010HIPAA 2010
HIPAA 2010
 
Mha 690 week one discussion ii
Mha 690 week one discussion iiMha 690 week one discussion ii
Mha 690 week one discussion ii
 
Mha 690 week one discussion ii
Mha 690 week one discussion iiMha 690 week one discussion ii
Mha 690 week one discussion ii
 
Hippa and Confidentiality
Hippa and ConfidentialityHippa and Confidentiality
Hippa and Confidentiality
 
Hippa
HippaHippa
Hippa
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)
 
Data Security and Privacy Practices
Data Security and Privacy PracticesData Security and Privacy Practices
Data Security and Privacy Practices
 
CONFIDENTIALITYANDHIPAA.ppt
CONFIDENTIALITYANDHIPAA.pptCONFIDENTIALITYANDHIPAA.ppt
CONFIDENTIALITYANDHIPAA.ppt
 
Hipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility modeHipaa training new_staff_december 2018 - compatibility mode
Hipaa training new_staff_december 2018 - compatibility mode
 
Hippa
HippaHippa
Hippa
 

More from Atlantic Training, LLC.

Stress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IStress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IAtlantic Training, LLC.
 
Workplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPWorkplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPAtlantic Training, LLC.
 
Preventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUPreventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUAtlantic Training, LLC.
 
Preventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IPreventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IAtlantic Training, LLC.
 
Warehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsWarehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsAtlantic Training, LLC.
 
Sexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerSexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerAtlantic Training, LLC.
 
New Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityNew Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityAtlantic Training, LLC.
 

More from Atlantic Training, LLC. (20)

Wellness for Supervisors by SWOSU
Wellness for Supervisors by SWOSUWellness for Supervisors by SWOSU
Wellness for Supervisors by SWOSU
 
Workplace Wellness by PHA
Workplace Wellness by PHAWorkplace Wellness by PHA
Workplace Wellness by PHA
 
Stress Management Training by SG
Stress Management Training by SGStress Management Training by SG
Stress Management Training by SG
 
Stress Management Training by SW
Stress Management Training by SWStress Management Training by SW
Stress Management Training by SW
 
Stress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IStress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&I
 
Respectful Workplace by RDTC
Respectful Workplace by RDTCRespectful Workplace by RDTC
Respectful Workplace by RDTC
 
Workplace Harassment by CLGW
Workplace Harassment by CLGWWorkplace Harassment by CLGW
Workplace Harassment by CLGW
 
Workplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPWorkplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAP
 
Welding Safety by Pennsylvania L&I
Welding Safety by Pennsylvania L&IWelding Safety by Pennsylvania L&I
Welding Safety by Pennsylvania L&I
 
Slips Trips & Falls Training by Signal
Slips Trips & Falls Training by SignalSlips Trips & Falls Training by Signal
Slips Trips & Falls Training by Signal
 
Preventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUPreventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSU
 
Preventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IPreventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&I
 
Warehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsWarehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP Logistics
 
Prevention of Sexual Harassment by USMC
Prevention of Sexual Harassment by USMCPrevention of Sexual Harassment by USMC
Prevention of Sexual Harassment by USMC
 
Sexual Harassment by DEOMI
Sexual Harassment by DEOMISexual Harassment by DEOMI
Sexual Harassment by DEOMI
 
Sexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerSexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by Shumaker
 
Sexual Harassment Training by NAP
Sexual Harassment Training by NAPSexual Harassment Training by NAP
Sexual Harassment Training by NAP
 
Scaffolds Training by Pennsylvania L&I
Scaffolds Training by Pennsylvania L&IScaffolds Training by Pennsylvania L&I
Scaffolds Training by Pennsylvania L&I
 
Supervision
SupervisionSupervision
Supervision
 
New Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityNew Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State University
 

Recently uploaded

BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxAbhayThakur200703
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 

Recently uploaded (20)

BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptxNon Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 

Basic HIPAA Training by CMU

  • 1. The Health Insurance Portability and Accountability Act Basic HIPAA Training For CMU workforce with access to PHI
  • 2. Who Needs Training and Why  Employees who come in contact with “Protected Health Information” are Federally required to attend training  Departments listed later  This presentation is designed to  Familiarize you with  HIPAA regulations  Our policies and procedures regarding protected health information (PHI)  Ensure Federal compliance  Our policies are posted at https://www.cmich.edu/office_president/general_counsel/hipaa/Pages/d efault.aspx
  • 3. Summary of the Law  To establish basic privacy and security protection of health information.  To guarantee individuals the right to access their health information and learn how it is used and disclosed  To simplify payment for health care.
  • 4. What Exactly is HIPAA?  Public Law 104-191 (1996)  Overseen by: Department of Health & Human Services (HHS) and enforced by Office for Civil Rights (OCR)  Regulations on:  Privacy of health information  Security of health information  Notification of breaches of confidentiality  Penalties for violating HIPAA
  • 5. What is Protected by HIPAA?  Protected Health Information (PHI)  Any Individually Identifiable Health Information (IIHI)  Created or received by a health care provider, health plan, or health care clearinghouse  Relating to the past, present of future physical or mental health or condition of an individual (including information related to payment for health care)  Transmitted in any form or medium—paper, electronic and verbal communications
  • 6. What is Protected by HIPAA?  Examples of PHI:  Medical charts  Problem logs  Photographs and videotapes  Communications between health care professionals  Billing records  Health plan claims records  Health insurance policy number
  • 7. What is Protected by HIPAA?  Health information protected if it directly or indirectly identifies someone.  Direct identifiers: individual’s name, SSN, driver’s license numbers  Indirect identifiers: information about an individual that can be matched with other available information to identify the individual.
  • 8. Direct and Indirect Identifiers 1. Name 2. Geographic subdivisions smaller than a State - Street Address - City - County - Precinct - Zip Code & their equivalent geocodes, except for the initial three digits 1. Dates, except year - Birth date - Admission date - Discharge date - Date of death 1. Telephone numbers 2. Fax number 6. E-Mail Address 7. Social Security numbers 8. Medical record numbers 9. Health plan beneficiary numbers 10. Account numbers 11. Certificate/license numbers 12. Vehicle identifiers and serial numbers, including license plate numbers 13. Device identifiers and serial numbers 14. Web universal resource locations (URLs) 15. Internet Protocol (IP) address numbers 16. Biometric identifiers, including finger and voice prints 17. Full face photographic images and any comparable data 18. Any other unique identifying number, characteristic, or code
  • 9. What is Protected by HIPAA?  If any direct or indirect identifiers are present, the information is PHI and subject to HIPAA protection.  Information can be “deidentified” – but the Privacy Officer must review to ensure all direct and indirect identifiers have been properly removed.
  • 10. Who is Subject to HIPAA? CMU “covered entity” components:  University Health Services  Carls Center  CMU self-funded health plan benefit programs for employees
  • 11. Who is Subject to HIPAA?  University Departments that provide services to the covered entity components:  General Counsel’s office  Internal Audit  Accounts Receivable  Faculty Personnel  Human Resources:  Benefits/Wellness  Employee Relations  Employment Services  Employment/Compensation  Information Technology
  • 12. How HIPAA Protects PHI  Limits who may use or disclose PHI.  Limits the purposes for which PHI may be used or disclosed  Limits the amount of information that may be used or disclosed (Minimum Necessary rule)  Requires use of safeguards over how PHI is used, stored and disclosed
  • 13. Who May Use PHI?  CMU workforce members trained on HIPAA privacy.  You are only given access to PHI if you need it in order to perform your job  You must agree to protect the confidentiality of the information  You are subject to discipline if you violate CMU’s privacy policies and procedures.
  • 14. How May PHI May Used?  General Rule:  Workforce members may use or disclose PHI only for permitted uses without an individual’s specific written authorization.
  • 15. Permitted Uses For PHI  “TPO”  Treatment  Payment  Health care operations  Specified public policy exceptions (public health and law enforcement)  Any other use requires individual written authorization
  • 16. Treatment  Providing, coordinating & managing health care  Includes:  Direct treatment of patient  Consultation among health care providers  Indirect treatment (for example, laboratory testing)  Patient referral from one provider to another
  • 17. Payment  Activities by a health care provider to obtain reimbursement for health care  Includes: billing, eligibility/coverage determination, medical necessity determinations  Activities by health plan to pay claims
  • 18. Health Care Operations  Activities directly related to treatment and payment -- such as credentialing, auditing, utilization review, quality assessment, training programs  Supporting activities, such as computer systems support  Administrative and managerial activities, such as business planning, resolving complaints, and complying with HIPAA.
  • 19. Minimum Necessary Rule  The use or disclosure of PHI is limited to the minimum amount necessary to accomplish the purpose  Does not apply to treatment  Can use whatever information you think you need for treatment purposes  Any other purpose, must consider: what is the minimum amount of information needed to perform the task?
  • 20. Safeguarding PHI  People consider health information their most confidential information, and we must protect it accordingly  Do not access PHI that you do not need  Do not discuss PHI with individuals who do not need to know it.  Do not provide PHI to anyone not authorized to receive it  Misusing PHI can result in discipline, legal penalties and loss of trust
  • 21. Safeguarding PHI When using PHI, think about: Where you are Who might overhear Who might see
  • 22. Safeguarding PHI  Avoid:  Discussing PHI in front of others who do not need to know.  Leaving records accessible to patients or others who do need to see them  Positioning monitors where others can view them  Using printers located in public or unsecured areas
  • 23. Safeguarding PHI  Follow safe practices for your computer system ID and password  Use strong passwords—see your area administrator for guidelines  Keep your use ID and password confidential and secure  if you need to write it down, keep it in your wallet  Do not allow anyone else to access the computer system under your ID
  • 24. Safeguarding PHI  Only access electronic PHI from a workstation certified for HIPAA or PHI access.  Only save electronic PHI to a HIPAA- designated server  Do not save on computer’s hard drive, CD, floppy disk, USB thumb drive or other removable media  Do not leave computer station unattended without locking it first
  • 25. Safeguarding PHI  Do not engage in risky practices with computers used to access PHI  Do not surf the internet  Do not open attachments to e-mail unless from a trusted source  Do not install applications unless approved by CMU IT Department
  • 26. Safeguarding PHI  Do not unnecessarily print or copy PHI  When faxing PHI, use a fax cover page  Do not send PHI in email unless first cleared by your supervisor  Dispose of PHI when it is no longer needed  use shredding bins for paper records  When retiring electronic media used to store PHI, ensure the media is “cleansed” according to IT Department standards  Call Help Desk for more details
  • 27. Safeguarding PHI  Report unusual activity to your supervisor immediately  You observe questionable practices  You find PHI in inappropriate areas  You suspect unauthorized use of your user ID/password  A patient/health plan participant complains to you about a privacy issue
  • 28. Why should we care about the HIPAA rules? CMU  Disciplinary action up to and including termination of employment Civil Penalties  Up to $1.5 million per year per violation Criminal Penalties  Up to $250,000, imprisonment of up to ten years, or both Lawsuits  Invasion of privacy/negligence
  • 29. HIPAA Web Links CMU HIPAA policies and procedures available at:  https://www.cmich.edu/office_president/gener al_counsel/hipaa/Pages/Policies_and_Proced ures.aspx
  • 30. Knowledge Assessment  Please take some time to complete the knowledge assessment of this presentation.  You are required to do so and your completion will be recorded automatically.  You may retake the assessment as many times as needed in order to “score” 100%.  Any problems with the assessment, please contact the site instructor.