HIPAA To every patient every time we will provide the care that we would want for our own loved ones Health healing and hope The Privacy Rule Protects information known as PROTECTED HEALTH INFORMATION PHI that exists in written oral and electronic formats ID: 933924
Download Presentation The PPT/PDF document "Health Insurance Portability & Accou..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Health Insurance Portability & Accountability Act“HIPAA”
To every patient, every time, we will provide the care that we would want for our own loved ones.
Health, healing and hope.
Slide2The Privacy RuleProtects information known as PROTECTED HEALTH INFORMATION (PHI) that exists in written, oral and electronic formats.
Slide3Examples of PHI
NameDate of Birth
Fax Number
Account Number
Web Universal Resource Locator (URL)
Street Address
Electronic mail address
Certificate/License Number
License Plate NumberCityDischarge DateSocial Security Number
Vehicle and Serial Number
Device Identifier and Serial Number
Precinct
Date of Death
Medical Record Number
Internet Protocol Number
Full Face Photographic Images
Zip Code
Telephone Number
Health Plan Beneficiary Number
Biometrics Identifiers (i.e. finger prints)
Any other Unique Identifying Number, Characteristic, or Code
Slide4The Privacy Rule
Limits the way in which members of the GBMC workforce may use and disclose (release) PHI. GBMC workforce must have a job-related reason to use or disclose PHI.
Requires that all GBMC workforce use only the minimum amount of PHI necessary to get the job done. This is what HIPAA defines as the MINIMUM NECESSARY standard.
“Workforce” means employees, volunteers, trainees, and other persons who conduct work for GBMC and are under the direct control of GBMC, whether or not they are paid by GBMC.
Slide5The Privacy Rule
Provides patients with certain rights – these rights are commonly referred to as the PATIENT PRIVACY RIGHTS.
These rights are communicated to the patient in the Notice of Privacy Practices.
If a patient wishes to exercise any of these Patient Privacy Rights (which are outlined on the next slide), they must do so in writing. You should contact Medical Records Correspondence Department (443-849-2274) for the correct forms.
Slide6The Patient Privacy Rights
Right to access PHI.
Right to request an amendment to PHI.
Right to request restrictions on how PHI is used for treatment, payment, and healthcare operations.
Right to receive confidential communications.
Right to request an accounting of disclosures.
Right to complain to the Department of Health and Human Services’ Office for Civil Rights.
Slide7HIPAA Privacy
The Notice of Privacy PracticesThe Notice is a useful tool not only for you but also for the patient. The NOPP:
* describes how GBMC may use a
patient’s PHI
* provides a clear and concise
description of the patient’s rights
* discusses how a patient may opt-out
of the facility directory
* discusses how the medical staff may interact with the patient’s family
Slide8The Privacy Rule
Requires that GBMC provide a way for patients and workforce toREPORT PRIVACY CONCERNS or ask privacy questions.
Reporting Privacy Concerns
Teresa Schorr, GBMC Privacy 443-849-2358
Officer
HIPAA GroupWise Resource To send an email, type HIPAA
in the “To” field
The Business Ethics Line is 1-800-299-7991
now the Privacy Hotline too
The Compliance Home Page GBMC Infoweb
is your source for HIPAA
information
Slide9Privacy Compliance Tips
Keep all PHI locked and secured when you are away from your work area.
Do not include any patient identifiers in the subject line of an email.
Do not discuss PHI in public or common areas.
Make sure to check the fax number for accuracy before sending a fax that contains PHI. All faxes must include a
completed
GBMC standard fax cover sheet (see fax policy for limited exceptions).
If a fax is sent to the wrong recipient in error, you must complete the Accounting of Disclosures log located on the Compliance page of the InfoWeb and send it to Medical Records.
Sign-in sheets are allowed as long as we continue to follow the standard protocols that have always been in place at GBMC. Sign-in sheets should be limited to patient name and appointment time.
Slide10The Security Rule
Requires administrative, physical, and technical safeguards be implemented to address the confidentiality, integrity, and availability of
ELECTRONIC PROTECTED HEALTH INFORMATION (ePHI).
Security of patient information is
EVERYONE’S
job! We owe it to our patients!
Electronic Protected Health Information
Slide11The Security Rule
Requires GBMC provide each computer system user with a unique user identity.
You user identity is the combination of your user ID and your password – do not share or write down your password where it can be easily retrieved by someone other than you.
Your user identity is what is used to monitor your activity on the system (s).
Do not leave yourself signed onto a computer and then walk away without signing off. You are responsible for any activity that occurs under your user identity. Your user identity appears on audit reports which are frequently monitored.
User Identity
Slide12Security Compliance Tips
Do not store electronic patient health information (ePHI) on your local drive (C:).If you use mobile media devices such as laptops and USB drives, make sure they are encrypted.
Avoid emailing PHI but if it is necessary, be sure to encrypt the email by typing the word “SECURE” as the first word in the subject line of the email.
If you believe the PHI in paper or electronic form has been used or released in an unauthorized manner, contact the Privacy Office at 443-849-4325.
Slide13Protecting Your Password
In order to protect against unauthorized access to our computers, GBMC has taken appropriate steps to monitor all activity on the network to ensure that people are not trying to break-in to those systems.
However, as a user of a GBMC system, it is important that you also take measures to ensure that people cannot access GBMC systems – that is partly accomplished through
password management.
Password management includes selecting a
strong
password,
protecting
your password, as well as frequently changing your password.
Password Management
Slide14Examples of How to Create a Strong Password
Mix upper and lowercase characters
○ 3bLINdmice
○ 5gOLDenrings
○ 4cALLingbirdS
Replace letters with numbers
○ Replace “E” with “3”
■ “Sp3cial” or “3l3gant”
Combine two words by using a special character
○ Roof^Top
○ Sugar$Daddy
○ B@ttercup!
Use the first letter from each word of a phrase from a song
○ “Oops! I did it again”
becomes “O!idia”
In general, passwords should have a minimum length of 6 characters but each application may have other requirements/limitations.
Password Management