HIPAA - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

HIPAA

Description:

HIPAA - Georgia Regents University ... hipaa – PowerPoint PPT presentation

Number of Views:141
Avg rating:3.0/5.0
Slides: 34
Provided by: Grac111
Category:

less

Transcript and Presenter's Notes

Title: HIPAA


1
HIPAA
Building a Privacy Foundation
2
HIPAA
3
What Is HIPAA?
  • Health Insurance Portability Accountability Act
    of 1996.

4
Why Do We Need HIPAA?
  • The purpose of HIPAA is to
  • protect confidential health
  • care information through
  • improved security and
  • privacy standards.

5
Who Must Comply With HIPAA?
  • Every employee of a health
  • care facility or provider that
  • handles protected patient
  • health information will have to
  • comply with HIPAA regulations.

6
What Must Be Kept Confidential?
PHI Protected Health Information
The HIPAA privacy rule defines the type of
information that must be kept private by
categorizing it as Protected Health
Information, or PHI for short. Healthcare
organizations must have policies in place that
maintain the privacy of PHI.
7
What is PHI?
Protected Health Information
8
PHI (Protected Health Information)
  • Health information is any
  • information, (verbal,
  • electronic, or written) that
  • relates to a persons physical
  • or mental health, or payment
  • information.

9
Examples of Personally Identifiable Information
  • Name
  • SSN
  • Drivers license
  • Address
  • Telephone number
  • Marital status
  • Financial information
  • Parental status
  • Gender
  • Race
  • Religion
  • Medical Condition
  • Test Results
  • Income

10
Minimum Necessary
  • What can I access?
  • Only information you need to knowto do your
    job
  • Accessing, using, or disclosing PHI on a
    need to know basis to get your job done is an
    important concept under HIPAA known as minimum
    necessary. Working in a healthcare organization
    does not entitle a person to access any and all
    patient records in the organization. You can
    access only the information you need to know to
    get your job done.
  • Does the minimum necessary standard apply in
    every situation? No the minimum necessary
    standard does not apply when accessing, using, or
    disclosing PHI for treatment of the individual.
    It also does not apply to the patient they can
    have access to their protected health
    information.

11
Incidental Disclosure
  • The Privacy Rule does not say
  • that health information will
  • not be accidentally over
  • heard. But everyone should
  • make every effort to prevent this
  • from happening.

12
Examples of Incidental Disclosure
  • Calling a patients name in a waiting room
  • A sign-in sheet is ok as long as it does not
    list a reason for the visit

13
Examples of Verbal Risk
  • Discussing personal health
  • information with a patient in a
  • waiting room when there is risk of
  • others overhearing the conversation.

14
Examples of Verbal Risk
  • Personal health information should
  • not be discussed in public areas such
  • as elevators, hallways, parking lots,
  • or bathrooms.

a
15
Examples of Verbal Risk
  • You should never discuss a patients
  • personal health information with
  • friends, family, or neighbors.

16
Examples of Visual Risks
  • Leaving documents that
  • you know contain PHI in
  • the open, unprotected
  • and easily accessible by
  • anyone

17
How Do I Know...
when information is considered private? -Did
you learn it through your job? -If yes, then
it is considered private!
a
18
Internal Security Violations
  • Taking advantage of computer glitches that
    mistakenly allow access to a patients medical
    record
  • Deliberately gaining access to patient data
  • Sharing pass codes
  • Leaving documents with patient information
    visible in an open area

19
How Do I Handle
  • An individual asking for access to their record?
  • Individuals have a right of access
  • Route requests to appropriate department or
    staff
  • Do not attempt to provide or get this information
    yourself

20
How Do I Handle
  • An individuals request to change their medical
    record?
  • Individuals have the right to amend or correct
    their record
  • Route requests to appropriate department or staff
  • Do not attempt to handle yourself

21
How Do I Handle
A family member or close friend asking about a
patient?
  • Tell them to call Directory information
  • Do not attempt to answer yourself

22
How Do I Handle
  • Co-workers asking about a patients condition or
    treatment?
  • Route request to appropriate department or staff
  • Do not attempt to provide
  • or get this information
  • yourself

23
Penalties
  • If you break the rules, you can face civil and
    criminal penalties
  • If found guilty you can be fined and/or sentenced
    to jail

a
24
Civil Penalties
  • 100 per wrong act
  • up to 25,000 per person, per year for each rule
    broken

a
25
Criminal Penalties
  • 50,000 1 year in jail if found guilty of
    telling protected health information
  • 100,000 5 years in jail if found guilty of
    obtaining or disclosing protected health
    information under false pretenses
  • 250,000 10 years in jail if found guilty of
    obtaining and disclosing PHI with intent to sell,
    transfer, or use for cash, personal gain, or
    malicious harm

26
Privacy-friendly Practices
  • Abide by the Notice of Privacy
  • Practice Confidentiality
  • Avoid discussing personal health information
  • Keep health information out
  • of public areas

27
Privacy-friendly Practices
  • Secure records in all locations
  • Respect an individuals right to privacy
    during treatments

28
HIPAA Security
HIPAA security applies to physical, technical and
administrative safeguards that are put in place
to protect the confidentiality of information.
Passwords
File Cabinets
ID Numbers
Coded information
29
When complying with security standards
Organizations should always access what resources
need to be protected, determine the cost for
protection and access the likelihood of loss or
compromise. Organizations should train all
employees on day-to-day procedures that ensure
the protection of information.
30
Ways of Insuring that information is protected
  • Faxes should never be left unattended or in
    places where unauthorized people can view them.
  • Passwords should be changed regularly.
    Childrens names, pets names, spouses names and
    birthdates should never be used as passwords.
  • Information on computer monitors should not be
    visible to unauthorized people.
  • Files should always be closed and coded.
    Personal information should never be on a files
    cover.

31
What Can You Do?
  • Be aware of patient information and how it is
    used or handled.
  • Look for ways to insure the information is not
    available to unauthorized individuals.
  • Shred when appropriate.
  • Password protect your computer.
  • Never leave files open on your desk or at the
    copier.

32
  • Organizations can prevent access the
    unauthorized data by implementing procedures at
    time of employee termination.
  • Change all combination locks
  • Removal of terminated employee for access lists
  • Removal of user account(s)

33
MCG Compliance/Privacy Officers
  • Please report any violations to the MCG Privacy
    Officer at
  • 721-2661, or call MCGs Legal Office at 721-4018
Write a Comment
User Comments (0)
About PowerShow.com