Confidentiality Training          December 3,2012              MHA 690Tina Welch,BS,RDMS,RVT,RCS,RT, ( R)
Objectives• Discuss compliance regulations relating to patient privacy and  confidentiality• Identify HIPAA violations and...
• HIPAA is a broad law dealing with the privacy and security of health  information:• The Privacy Rule tells hospitals and...
HIPAA is the conscious effort by all Healthcare workers tokeep private all concerning   Patients   Customers   Families...
Confidentiality includes ?•   The person’s identity•   Physical condition•   Psychological condition•   Emotional status• ...
Who are HIPAA officers?• HIPAA security officer   – Risk Manager-Tina Welch   – Ext.1234   *Always check with your supervi...
Need to Know• If you do not need to know confidential information to provide  care (clinical or financial)   – You are not...
Disciplinary Actions for Violations of HIPAA Policies• Disciplinary action depends on the violation and previous  violatio...
Disciplinary Actions for Violations of HIPAA Policies• Examples   – Sharing your password with a co-workers   – Unauthoriz...
Types of Risk• Nosy!   –   A co-worker accesses information• The only reason was for curiosity regarding:   –   Co-worker ...
Actions that could cause a                 HIPAA violation• Taking pictures of any patient’s image, body part or X-ray wit...
You can protect patient privacy• Respect the patient’s information and condition the  same way you would expect others to ...
Destruction of paper containing                patient information• Shred all patient information when it is to be discard...
Identification•   All employees should question visitors or other persons who are    in restricted areas.•   Vendors and c...
Monitoring Controls• Audit trails will document who was where in our systems and  will document what the associate was acc...
• Types of information that you are not permitted to  access, acquire, use or disclose without authorization  from the pat...
HIPAA enforcement actions• If you are found to be responsible for any type of a  HIPAA violation the State Attorney Genera...
Reporting HIPAA violations• We expect all employees to adhere to the HIPAA policies• Report violations to your Privacy Off...
Notification to Patients• Federal law now requires us to tell patients if someone  has obtained their protected informatio...
HIPAA• Never discuss Protected Health Information where others  can hear you such as hallways, lunch rooms, or elevators• ...
• Your responsibility doesn’t end on your shift• Don’t divulge patient/customer or employee information at  your church, s...
There is an exception for every rule• Certain situations allow disclosure without prior written consent.   – For example… ...
Confidentiality Agreement• I understand that confidential information specifically  includes, but is not limited to, patie...
HIPAA Song• http://youtu.be/6wRDorQ73Ng
Upcoming SlideShare
Loading in …5
×

Hipaa 2012

947 views

Published on

Published in: Health & Medicine
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
947
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Hipaa 2012

  1. 1. Confidentiality Training December 3,2012 MHA 690Tina Welch,BS,RDMS,RVT,RCS,RT, ( R)
  2. 2. Objectives• Discuss compliance regulations relating to patient privacy and confidentiality• Identify HIPAA violations and disciplinary actions• Identify ways to prevent HIPAA violations
  3. 3. • HIPAA is a broad law dealing with the privacy and security of health information:• The Privacy Rule tells hospitals and physicians when and how patient health information can be used or disclosed• The Security Rule tells hospitals and physicians how to protect health information from being inappropriately accessed, edited, or destroyed. 3 11/9/2009 3
  4. 4. HIPAA is the conscious effort by all Healthcare workers tokeep private all concerning Patients Customers Families Employees See how many violations you spot on this you tube http://www.youtube.com/watch?v=4N5dvGpVUGE&feature=shar e&list=UL4N5dvGpVUGE
  5. 5. Confidentiality includes ?• The person’s identity• Physical condition• Psychological condition• Emotional status• Financial situation• Confidential business information• Any other personal or private information
  6. 6. Who are HIPAA officers?• HIPAA security officer – Risk Manager-Tina Welch – Ext.1234 *Always check with your supervisor if confidentiality questions arise
  7. 7. Need to Know• If you do not need to know confidential information to provide care (clinical or financial) – You are not permitted to access it – This includes your own information
  8. 8. Disciplinary Actions for Violations of HIPAA Policies• Disciplinary action depends on the violation and previous violations• Examples – Not signing off computer with Protected Health Information (PHI) when leaving a work area. – Inadvertent disclosure of PHI to the wrong patient – Failure to follow appropriate guidelines for the use of fax, mailing, E- mail, computer or other transmission of patient information causing a disclosure to an unintended recipient.
  9. 9. Disciplinary Actions for Violations of HIPAA Policies• Examples – Sharing your password with a co-workers – Unauthorized access of information on a patient you have no job- related responsibility for • This includes friends, family, co-workers, celebrities, and your information
  10. 10. Types of Risk• Nosy! – A co-worker accesses information• The only reason was for curiosity regarding: – Co-worker who is a patient – Physician who is a patient – Neighbor who is a patient – Celebrity who is a patient There is a “zero tolerance” for workers who access patient information without authorization!
  11. 11. Actions that could cause a HIPAA violation• Taking pictures of any patient’s image, body part or X-ray with personal cell phone cameras• Unauthorized access of sensitive health information – example: (HIV, Abuse)• Sharing or stealing password for the computer systems• Not verifying who you disclose patient information to (financial or clinical) and not confirming that the person requesting the information is authorized to receive it 11 11/9/2009 11
  12. 12. You can protect patient privacy• Respect the patient’s information and condition the same way you would expect others to respect and care for yours• Close treatment room doors or use privacy curtains when discussing the care of a patient.• Ensure that medical records are not left where others can see or gain access to them• Keep laboratory, radiology and other test results private• Keep computer screens containing PHI away from individuals not involved in direct care 12 11/9/2009 12
  13. 13. Destruction of paper containing patient information• Shred all patient information when it is to be discardedDo not place anything with a patient’s name or identifiers inthe regular trash. Patient name bands Telemetry strips• What about IV bags with med labels? If you can, peel off label.• Label must be shredded or blacked-out with a marker 13 13
  14. 14. Identification• All employees should question visitors or other persons who are in restricted areas.• Vendors and contractors will be wearing their company ID in addition to hospital identification noting that they have permission to be in the building• All employees, volunteers, students and other workforce members must wear their identification badges 14 11/9/2009 14
  15. 15. Monitoring Controls• Audit trails will document who was where in our systems and will document what the associate was accessing• Performed by our HIPAA Officers• Your User ID will link to every item opened, read or printed
  16. 16. • Types of information that you are not permitted to access, acquire, use or disclose without authorization from the patient include: – Medical information – Name, address, phone number – Social Security Number, date of birth – Photo of any part of the patient’s body, including X-ray images, whether or not they contain the patient’s name – Any information or data that could be used to identify the patient 16 11/9/2009 16
  17. 17. HIPAA enforcement actions• If you are found to be responsible for any type of a HIPAA violation the State Attorney General believes has threatened or in some way harmed a patient and is a resident of your State, you can be held responsible for your actions• The State Attorney General can bring a civil action in federal court• Federal Law imposes a maximum fine of $10,000 for each offense of breaching confidentiality 17 11/9/2009 17
  18. 18. Reporting HIPAA violations• We expect all employees to adhere to the HIPAA policies• Report violations to your Privacy Officer – Tina Welch, ext 1234 – You may report anonymously, if you wish – Compliance Helpline: 1-888-462-0380• You will not be retaliated against if you report a privacy violation• It is your job to report instances where you suspect policies are being broken 18 11/9/2009 18
  19. 19. Notification to Patients• Federal law now requires us to tell patients if someone has obtained their protected information• We must also notify patients any time their protected health information was inappropriately disclosed outside of the facility• We are required to notify the patient in writing and report all breaches of to the Federal Government. 19 11/9/2009 19
  20. 20. HIPAA• Never discuss Protected Health Information where others can hear you such as hallways, lunch rooms, or elevators• You are obligated to protect patient/customer privacy and any other confidential information when you see or hear a breach occurring by reporting this to someone who can advocate for the patient/customer• This includes unauthorized use, duplication, disclosure, or dissemination of Protected Health Information.
  21. 21. • Your responsibility doesn’t end on your shift• Don’t divulge patient/customer or employee information at your church, school, college, home, the shopping mall, or in other social settings
  22. 22. There is an exception for every rule• Certain situations allow disclosure without prior written consent. – For example… • Medical emergencies • Reporting communicable disease information to the health department • Reporting child or elderly/vulnerable adult abuse • For litigation activities• Always check with your supervisor if you’re not sure
  23. 23. Confidentiality Agreement• I understand that confidential information specifically includes, but is not limited to, patient and proprietary business information, whether written or verbal, or computerized (including password (s)• I also acknowledge and agree that any disclosure of, unauthorized use of, or access to confidential information will cause irreparable harm and loss to the Health System. As a result, I expressly agree to treat all confidential information in strict confidence and to undertake the following obligations with respect to confidential information• Date________________ Name___________________
  24. 24. HIPAA Song• http://youtu.be/6wRDorQ73Ng

×