HIPAA Privacy

1
HIPAA Privacy Security
Kay Carolin Barbara Ann Karmanos Cancer Center
March 2009
2
Protected Health Information

• PHI include information
• On paper
• In a computer
• Orally communicated
• In any other form
• EPHI includes information
• On your computer hard drive
• On floppy disks, CDs or magnetic tapes
• Sent via the Internet
• By e-mail
• Other means

3
Protected Health Information

• Name
• Street Address, City, County, Zip Code
• Dates
• Birth
• Admission
• Discharge
• Death
• Numbers
• Social Security
• Medical Record
• Account (FIN)
• Health Plan Beneficiary
• Telephone or Fax Numbers
• E-mail Address

4
Dos Don'ts for Securing PHI

• Do not
• share passwords or login ID.
• write down passwords where others may access
  them.
• send E-mail with PHI outside Karmanos Cancer
  Center
• open any unknown attachments, files or
  unrecognizable e-mails.
• install unapproved software/hardware
• use unapproved email, such as Hotmail, Yahoo,
  etc.
• Do
• log-off your computer when you will be away for a
  period of time.
• position monitors out of view of the public eye.
• change your password as defined in policy.

5
Securing PHI

• Use caution and respect patients privacy when
  discussing protected health information in
  public.
• Read and understand the policies and procedures
  relating to HIPAA Privacy Security.
• When using or disclosing protected health
  information, limit the PHI to the minimum
  necessary to accomplish the intended use.
• For Fax's
• Double check fax number.
• Use cover page which includes your contact
  information.
• If fax is received by the wrong location, have
  the fax destroyed or returned to you.

6
Protecting your Computer PHI

• Report any suspicious activity, such as new
  software or hardware appearing on your computer
  to the Help Desk.
• Contact your supervisor or the Help Desk if you
  believe someone may have logged onto your
  computer.
• Secure PDAs and Laptops
• Always use a password protected screen saver.
• Back-up data.
• Install and use virus protection software.
• Lock devices in a secure location when not in
  use.
• If device is stolen, an incident report should be
  filed.

7
Emergency Downtime

• Karmanos Cancer Center has a contingency plan to
  address system access during power failures,
  disasters, weather hazards or other situations
  limiting access to patient data
• Know the recovery plan as it relates to your job.
• Know the related policies.
• Know how to report emergencies.
• Know how the emergency may impact patient care.

8
Penalties

• Disciplinary action up to and including
  termination.
• Exclusion from participation in Medicare and
  Medicaid programs.
• Jail sentences for employees, administrators and
  physicians.
• HIPAA Specific
• Up to one year / 50,000 for misuse of protected
  health information.
• Up to five years / 100,000 for misuse of PHI
  under false pretenses.
• Up to ten years / 250,000 for misuse with
  intent to sell, transfer or use PHI for
  commercial advantage, personal gain or malicious
  harm.

9
HIPAA Reporting

• You are required to understand the law, and how
  it affects your job. Even an accidental
  disclosure could have consequences.
• As a condition of employment, employees agree to
  read and abide by the policies and procedures
  covering HIPAA.
• Individuals should immediately report any
  observed or suspected HIPAA breach to
• Your supervisor
• Compliance Hotline at 1-888-478-3555
• Safeguarding PHI is everyones job.
• If you have questions or concerns about your
  responsibility in protecting patient health
  information contact your supervisor.

10
Summary
We hope this Computer Based Learning course has
been both informative and helpful. Feel free to
review this course until you are confident about
your knowledge of the material presented. Click
the Take Test button on the left side when you
are ready to complete the requirements for this
course. Click on the My Records button to
return to your CBL Courses to Complete list.
Click the Exit button on the left to close the
Student Interface.