This document defines protected health information (PHI) and how it should be handled and protected. PHI is individually identifiable health information that is transmitted or maintained by a covered entity. It must be protected by removing identifiers, using statistical methods, or stripping listed identifiers such as names or dates. PHI can be shared with the individual or for treatment, payment, and healthcare operations. With permission, it can also be shared with family and advocates. Employees must make reasonable efforts to limit PHI disclosure to the minimum necessary for their job duties. Penalties for improper access or disclosure of PHI include fines up to $250,000 and imprisonment up to 10 years.
ANATOMY OF THE LOWER URINARY TRACT AND MALE [Autosaved] [Autosaved].pptx
Phi presentation week one
1.
2. WHAT IS PHI-PROTECTED HEALTH INFORMATION?
Protected health information (PHI)
–Individually identifiable health information
–Transmitted or maintained in any form or medium by a Covered Entity or
its Business Associate
♦Health information, including demographic information
♦Relates to an individual’s physical or mental health or the provision of or
payment for health care
♦Identifies the individual
3. HOW DO YOU PROTECT PHI
♦Removal of certain identifiers so that the individual who is subject of the
PHI may no longer be identified
♦Application of statistical method or
♦Stripping of listed identifiers such as:
–Names
–Geographic subdivisions < state
–All elements of dates
–SSNs
4. WHO CAN HAVE THIS INFORMATION
• The individual may have a copy of their own PHI at a reasonable cost to
them.
In addition:
Health plans can contact their enrollees
Providers can talk to their patients
• For treatment, (consultation and referrals)
• For payment (reimbursement for services)
• For health care operations (administrative, legal, fraud/abuse detection)
5. PATIENT RELEASE OF INFORMATION FOR FAMILY,
FRIENDS, AND HEALTH ADVOCATES
The patient :
Must give individual opportunity to agree or object:
–May disclose PHI relevant to person’s involvement in care or payment to
family, friends, or others identified by individual
–May notify of individual’s location, condition, or death to family, personal
representatives, or another responsible for care
•Applies to disaster relief efforts
♦When individual is not present or incapacitated:
–Above uses and disclosures are permissible using professional judgment
6. MINIMUM NECESSARY
Your duty as an employee of this organization:
• Make reasonable efforts to limit the use or disclosure of, and requests
for, PHI to minimum amount necessary to accomplish intended purpose
• In plain terms this means if you do not need the information to perform
your job duties, you may be subject to a write-up, or termination as a
result of casual prying into our patient’s medical record.
• Patient health information is never to be discussed in a non-
professional manner. Nor should this information be discussed in
public, or in a setting where you do not know who will hear. What if this
were your family member being discussed…or YOU
7. PENALTIES
For knowingly obtaining or disclosing identifiable health information
relating to an individual in violation of the Rule:
–Up to $50,000 & 1 year imprisonment
–Up to $100,000 & 5 years if done under false pretenses
–Up to $250,000 & 10 years if intent to sell, transfer, or use for commercial
advantage, personal gain or malicious harm
♦Enforced by DOJ
HHS/OCR 2003 42 USC
§1320d-6
8. CONCLUSION
By viewing this presentation, you now have the knowledge of what PHI is,
who can view PHI, how do you protect PHI, and the penalties and fines
for failing to adhere to these guidelines.
You employment depends upon your understanding the guidelines
presented. Please contact Ann Smith, Compliance Officer, at ext. 4737
with any additional concerns or questions you may have.
Your login today is evidence of your training. This training is a mandatory ,
and future trainings will be made available as Health and Human
Services makes changes to the Protected Health Information rules and
regulations.
Editor's Notes
As an employee of this organization, you are responsible for protecting our patient’s information. In addition to losing your job, you also face serious fines for failing to uphold confidentiality. This presentation is designed to educate you on how to protect patient health information.
You handle PHI every day. This could be a call you receive or make, faxed or scanned information, as well as information obtained directly from the patient.
If you must dispose of notes or messages that are not part of the patient chart, please make certain all information is removed, and dispose of in one of the locked HIPAA bins located throughout our facility. They are clearly identified with HIPAA disposal only
These are examples of who, and why this information may be used.
At the time of admission, the patient is given the release of information to sign. It is mandatory to present the form for signature. The patient has the right to accept or reject information being shared, and with whom. Authorization must contain core elements & required statements, including:–Expiration Date or event–Statement that authorization is revocable
Confidentiality is vital to our patients. You may have witnessed, read, or overheard information you regard as “newsworthy” for your friends and family. But how do you know who else is hearing your conversation. That funny situation you are discussing in your favorite restaurant may be heard by unintended ears. This could be a family member, friend, or neighbor. They may believe you are discussing someone they know, even when they do not. The bottom line…would you want this said about you or your family?
This information is to help you understand the seriousness of failing to protect health information. For additional information: visit: www.hhs.gov/ocr/hipaa/OCR Privacy Toll Free Number: (866) 627-7748