This document provides an overview of an organization's policies around protecting patient privacy and data security as required by HIPAA. It discusses the organization's ethical responsibilities to patients, as well as definitions of protected health information, notice of privacy practices, and information security protocols. The objectives are to ensure employees understand and comply with organizational ethics, HIPAA regulations, and data security standards to protect patient confidentiality.

1. Mandatory HIPPA and
Information Security
Protecting our patients privacy and
their right to a quality health care
experience.

2. Objectives
After viewing this presentation the employee
will know the following information:
• Organizational Ethics
• HIPPA
• Information and Data Security
• System Security

3. Organizational Ethics
• It is the responsibility of the employees of this
organization to provide clinical and
professional integrity in all dealings with
patients, staff, physicians and the community
that we serve.
• This organizations board members, medical
staff members and employees will ensure that
this is our norm.

4. Our Mission
• We will provide health care
services that will help our
community achieve their
health goals
• We will help them maintain
their desired health goals
• To provide this care is the
ethical responsibility of each
employee.

5. Ultimate Fail How we do it….
• We will not provide or
perform unnecessary
procedures
• We will fairly and
accurately represent
ourselves and what we are
to do for our patients
• We will be honest and
courteous

6. Meeting the Need of Patients and
Families
How:
• By being sensitive to the
diversity in our community
• Honor the wishes, concerns
and values of our patients
• Respect their privacy
• Respect and Protect the
confidentiality of patients

7. Honesty + Truth + Fair = Ethical Care

8. Maintain Our Expertise
• Through Education
• Competencies
• Evaluation
• Support and Empower our employees
• Recognize Stressors

9. HIPPA
• The HIPPA Privacy Rule is a federal law that
governs uses and disclosures of patient health
information by Covered Entities such as the
Hospital.

10. Definitions
• Use – The sharing
, employment, application, utilization, examina
tion, or analysis of information within the
entity that maintains the information.
• Disclosure - The release , transfer, provision of
access to , or divulging in any other manner of
information to an entity outside the entity that
maintains the information(General rules for
uses and disclosures of PHI, 2006).

11. Protected Health Information
a) Created or received by a hospital or other covered
entity
b) Relates to the past, present, or future physical or
mental health or condition of a patient with provision
of health care to the patient, past, present or future
payment for the provision of health care to the patient
c) Identifies the individual, or with respect to which
there is a reasonable basis to believe that the
information can be used to identify the
patient(General rules for uses and disclosure of
PHI, 2006).

12. Notice of Privacy Practices
• A direct treatment provider , such as this
organization under HIPPA requires that the
organizations make aware to the patient their
rights according to PHI.
• The hospital as obligations of the Hospital
with respect to the Patient’s PHI and the
requirement for a written Authorization from
the patient for certain uses and disclosures of
PHI

13. Information and Data Security

14. • This facility monitors and records the
information that comes into and leaves the
internet.
• Each employees is responsible for protecting
the patients information.
• Each employee is assigned a secure and secret
ID.

15. • Any Person in Violation of
the User Identification and
Authentication policy and
procedure are subject to
disciplinary action which
could lead to termination

16. • This Organization reserves the right to record
and periodically review and audit trails of
information systems containing EPHI, to
ensure that data is accesses and /or disclosed in
only an authorized manner
• The internet is a valuable and important
resource for research related to our business
activities.

17. • The Internet is a privilege, DO NOT ABUSE
THIS PRIVILDEGE
• The information contained in this slideshow is
also available in more detail in the policy and
procedure manual.
• All employees will be tested annually on
hospital policy and procedures and each
employee will be given education on any and
all changes to policy and procedure