The Health Insurance Portability and Accountability Act HIPAA

1
HIPAA Employee Privacy Training

• The Health Insurance Portability and
  Accountability Act (HIPAA)
• requires Plumas County to train all employees in
  covered departments about the Countys HIPAA
  policies and specific HIPAA required procedures
  that may affect the work you do.
• HIPAA TRAINING IS MANDATORY

2
This HIPAA Training Program will help you
understand..

• Whatis HIPAA?
• Who has to follow the law?
• What.. Information is protected?
• Why Privacy is important?
• How HIPAA affects the County, you and your
  job?
• Where you can get help or more information?

3
What is HIPAA?

• HIPAA is the Health Insurance Portability and
  Accountability Act, a federal law that...
• Protects the privacy of personal health
  information
• Provides for electronic and physical security of
  personal health information
• Simplifies billing and other transactions using
  National standard codes and identifiers

4
Who has to follow the law?

• All employees in covered departments.
• Plumas County Covered Departments
• Mental Health (provider)
• Public Health Agency (provider)
• Alcohol and Drug (provider)
• Human Resources (Health Plan)
• County Counsel (due to relationship with all
  departments)
• Administration (due to relationship with all
  departments)

5
What information must be protected?

• Personal and health information that can be
  identified to a specific individual must be
  protected. HIPAA calls this information PHI.
• PHI includes all written, spoken and electronic
• information that relates to the health of an
  individual and is..
• Created, kept, filed, used, or shared by
  your
• department.
• And includes at least one of 18 personal
• identifiers.

6
Personal Identifiers

• Name, all types of addresses including home,
  e-mail and URL
• Identifying numbers including Social Security,
  drivers license, medical record, insurance,
  biomedical device
• Facial photos, fingerprints and other biometric
  identifiers
• Dates including birthdates, dates of admission,
  discharge and death

7
Examples of PHIProtected Health Information

• Medical records, diagnosis, test results,
  clinical notes, prescriptions
• Billing records, claim data, referral
  authorizations, explanation of benefits

8
Why is Privacy important?

• As storage and transmission of records moves to
  electronic format the possibility of
  unintentional disclosure and intentional misuse
  increases
• We all want our privacy protected when we are
  patients or clients.its the ethical thing to do.
  
• HIPAA and California laws require us to protect a
  persons privacy.

9
How HIPAA affects the County

• HIPAA requires the County to.
• Give each person seeking services from a provider
  department a Notice of Privacy Practices that
  describes
• How the County can use and share PHI
• The individuals privacy rights and rights of
  access
• Ask each person to sign a written acknowledgment
  that they have received the Notice of Privacy
  Practices

10
The Notice of Privacy Practices is available

• From every provider department
• From the County website at http//www.countyofplum
  as.com/admin/hipaa/hipaa_forms.htm
• From the County Privacy Officer
• The CAO is the County Privacy Officer.

11
HIPAA also requires the County to..

• Appoint a Privacy and Security Officer
• Have and follow written policies and procedures
• Train employees on policies procedures
• Safeguard PHI
• Follow the Minimum Necessary standard
• Monitor compliance
• Sanction employees who violate policies
  procedures
• Mitigate harm caused by improper use or
  disclosure
• Have Business Associate Agreements with
  contractors
• Retain records the legal length of time
• Recognize and respect clients rights and avoid
  retaliation

12
How does HIPAA affect my job?

• If you currently see, use or share a persons
  protected health information as part of your job,
  HIPAA may change the way you do your job.
• If you currently work directly with patients or
  clients, HIPAA may change the way you do your
  job.
• As part of your job you now
• must
• protect the privacy of patients, clients and
  employees PHI

13
When can you use PHI?

• Only to do your job!
• And only use the Minimum Necessary needed to do
  the job.
• At all other times, protect the individuals
  information as if it were your own.

14
You May

• Look at a persons PHI only if you need it to do
  your job.
• Use a persons PHI only if you need it to do your
  job.
• Give a persons PHI to others only when it is
  necessary for them to do their job.
• Talk to others about a persons PHI only if it is
  necessary to do your job.

15
The County expects everyone to..

• Protect patients and clients information.
• Protect another employees information.
• Follow the Countys HIPAA policies and procedures
• Remember.If it is not your business, it is NONE
  of your business!

16
County HIPAA Policies Procedures..

• Are available in every covered department.
• Are available on the County website at
  http//www.countyofplumas.com/admin/hipaa/hipaa_fo
  rms.htm

17
County HIPAA Policies Procedures..

• This training only provides a basic introduction
  and overview of HIPAA.
• You are expected to be aware of all County and
  Department policies procedures necessary to do
  your job properly.
• Your Department Head or Department Privacy
  Officer will provide you with more job specific,
  in-depth training if needed.

18
What else should I know?

• HIPAA created a mandatory minimum level for
  privacy protection. Other state or federal laws
  may impose requirements that are more stringent.
• Your Department may have to comply with laws
  different than HIPAA.
• With regards to Privacy Follow the law that
  provides the most protection to information.
• With regards to client rights Follow the law
  that provides the client the most benefit.

19
The County is serious about protecting our
clients and employees privacy.

• Someone who does not protect PHI could lose his
  or her job, pay a fine, or even go to jail!
  County Personnel Rule 22.10 allows discipline and
  dismissal of certain employees who violate the
  Countys HIPAA related policies.
• Fines are 50,000 to 250,000.
• Jail terms are up to 10 years.

20

• Protecting client privacy
• requires us to
• safeguard client information.

21
Safeguard PHI! Secure PHI!

• Do not share or give anyone your password
• Do not log onto your computer and allow someone
  else to use it in your absence.
• Log off computers when finished and secure paper
  records that contain PHI.
• Shred documents containing PHI prior to disposal.

22
What if I have questions?

• Check with your Department Privacy Officer or
  your Department Head.
• Check with the County Privacy Officer or County
  Counsels office.
• The HIPAA Information section on the County
  website has links to the official text of the
  rules, the Office responsible for enforcing the
  privacy rule, and the California Office of HIPAA
  implementation.