advertisement

hipaa 101 revised ver3 20070627

67 %
33 %
advertisement
Information about hipaa 101 revised ver3 20070627
Entertainment

Published on December 25, 2007

Author: Gavril

Source: authorstream.com

advertisement

Slide1:  HIPAA 101 Basic Privacy and Security HIPAA Training This HIPAA Training Program will help you understand:  This HIPAA Training Program will help you understand What.…..is HIPAA? How…....does HIPAA affect you and your job? Where…...can you get help with HIPAA? How ……you can protect UCSF patients’ confidential and sensitive information and your own personal information in any format How ……to understand the risks when using and storing electronic information How ……to reduce those risks What Is Health Insurance Portability and Accountability Act  HIPAA? :  What Is Health Insurance Portability and Accountability Act  HIPAA? Protect the privacy of a patient’s personal and health information. Provide for the physical and electronic security of personal health information. Simplify billing and other transactions with Standardized Code Sets and Transactions Specify new rights of patients to approve access/use of their medical information HIPAA is a Federal law enacted to: Do the HIPAA laws apply to you?:  Do the HIPAA laws apply to you? The Health Insurance Portability & Accountability Act (HIPAA) requires that UCSF train all members of its workforce about the University’s HIPAA Policies and specific procedures required by HIPAA that may affect the work you do for the University. What are the HIPAA requirements?:  What are the HIPAA requirements? To protect the privacy and security of an individual’s Protected Health Information (PHI) (see list of 18 identifiers at http://www.ucsf.edu/hipaa) To require the use of “minimal necessary” To extend the rights of individuals over the use of their protected health information What Patient Information Must We Protect?:  What Patient Information Must We Protect? We must protect an individual’s personal and health information that… Is created, received, or maintained by a health care provider or health plan Is written, spoken, or electronic And, includes at least one of the 18 personal identifiers in association with health information Health Information with identifiers = Protected Health Information (PHI) Protected Health Information (PHI): 18 Identifiers defined by HIPAA:  Protected Health Information (PHI): 18 Identifiers defined by HIPAA Name Postal address All elements of dates except year Telephone number Fax number Email address URL address IP address Social security number Account numbers License numbers Medical record number Health plan beneficiary # Device identifiers and their serial numbers Vehicle identifiers and serial number Biometric identifiers (finger and voice prints) Full face photos and other comparable images Any other unique identifying number, code, or characteristic. Examples of Protected Health Information (PHI, ePHI):  Examples of Protected Health Information (PHI, ePHI) Name, address, birth date, phone and fax numbers, e-mail address, social security numbers, and other unique numbers Billing records, claim data, referral authorizations Medical records, diagnosis, treatments, x-rays, photos, prescriptions, laboratory, and any other test results Research records Patient can be identified from health information All formats including verbal, written, electronic specifically allows…:  specifically allows… The university to create, use, and share a person’s protected health information for healthcare operations such as: Treatment Payment Operations, including teaching, Medical staff activates, disclosures required by law and governmental reporting But only if UCSF ensures that each patient receives a copy of the UCSF In order for a UCSF Healthcare Provider to use or disclose PHI :  In order for a UCSF Healthcare Provider to use or disclose PHI The University must give each patient a Notice of Privacy Practices that: Describes how the University may use and disclose the patient’s protected health information (PHI) and Advises the patient of his/her privacy rights The University must attempt to obtain a patient’s signature acknowledging receipt of the Notice, EXCEPT in emergency situations. If a signature is not obtained, the University must document the reason it was not. 45 CFR164.520(a)(b) But, for purposes other than treatment, payment, operations…:  But, for purposes other than treatment, payment, operations… The university must obtain authorization and use only the minimum necessary: Patient Authorization - allows for University to disclose information for other purposes (§164.508) Minimum necessary applies to all uses and disclosures (§164.502(b), §164.514(d)) With All of the State and Federal Laws, what Patient Information Must Be Protected? Keep it simple::  With All of the State and Federal Laws, what Patient Information Must Be Protected? Keep it simple: All personal and health information that exists for every individual in any form: Written Spoken Electronic This includes HIPAA protected health information and confidential information under State laws. 3/6/03 To the patient, it’s all confidential information:  To the patient, it’s all confidential information Patient Personal Information Patient Financial Information Patient Medical Information Written, Spoken, Electronic PHI I do not provide Patient Care… do I Need Training? I do not use or have contact with Patient health or financial information…do I Need Training? And…….. Isn’t this just an IT Problem? :  I do not provide Patient Care… do I Need Training? I do not use or have contact with Patient health or financial information…do I Need Training? And…….. Isn’t this just an IT Problem? Why Me? Who Uses PHI at UCSF?:  Who Uses PHI at UCSF? Anyone who works with or may see health, financial, or confidential information with HIPAA PHI identifiers Everyone who uses a computer or electronic device which stores and/or transmits information Such as: Medical Center employees Campus staff who work in clinical areas Human Resources UCSF Volunteers UCSF students who work with patients Research staff and investigators Accounting / Payroll staff Almost Everyone – at one time or another! Why is protecting privacy and security important?:  Why is protecting privacy and security important? We all want our privacy protected! It’s the right thing to do! HIPAA and California laws require us to protect a person’s privacy! UC requires everyone to follow the University’s privacy and security policies! When should you::  When should you: Look at PHI? Use PHI? Share PHI? HIPAA Scenario #1:  HIPAA Scenario #1 I work in admitting. A friend who works in the ER told me that she just saw a famous movie star get on the elevator. My friend read in the paper that the movie star has cancer and asked me to find out what floor the star is on because we know which floors are where cancer patients are treated. Should you give your friend this information? Ask yourself these questions —:  Ask yourself these questions — Do you need to know which floor the movie star is on for you to do your job? Does your friend need to know if the movie star has cancer for her to do her job? Would you want strangers to have your private information? HIPAA Scenario #2:  HIPAA Scenario #2 I am a file clerk. While opening lab reports, I saw my manager’s pregnancy test results. Her pregnancy test was positive! That night at a holiday party, I saw her with some friends, and congratulated her on her pregnancy. Later I heard that she did not know about the test results. I was the first person to tell her! Did I do the right thing? Ask yourself these questions —:  Ask yourself these questions — Did you need to read the lab results to do your job? Is it your job to provide a patient with her health information—even if the individual is a friend or fellow employee? Is it your job to let other people know an individual’s test results? Should a University employee look at another employee’s medical information? How would you feel if this had happened to you? Do not look at, read, use or tell others about an individual’s information (PHI) unless it is a part of your job. Slide22:  Use only if necessary to perform job duties Use the minimum necessary to perform you job Follow UCSF Medical Center or UCSF campus policies and procedures for information confidentiality and security. Remember — HIPAA Violations Can Carry Penalties--:  HIPAA Violations Can Carry Penalties-- Criminal Penalties $50,000 - $250,000 fines Jail Terms up to10 years Civil Monetary Penalties $100 - $25,000/yr fines more $ if multiple year violations Fines & Penalties – Violation of State Law UCSF corrective & disciplinary action Up to & including job loss How Can You Protect Patient Information: PHI / ePHI /Confidential:  How Can You Protect Patient Information: PHI / ePHI /Confidential Verbal Awareness Written Paper / Hard Copy Protections Safe Computing Skills Reporting Suspected Security Incidents Patients can be concerned about…:  Patients can be concerned about… Being asked to state out loud certain types of confidential or personal information Overhearing conversations about PHI by staff performing their job duties Being asked about their private information in a “loud voice” in public areas, e.g. In clinics, waiting rooms, service areas In hallways, in elevators, on shuttles, on streets Protecting Privacy: Verbal Exchanges:  Protecting Privacy: Verbal Exchanges Patients may see normal clinical operations as violating their privacy (incidental disclosure) Ask yourself-”What if it were my information being discussed in this place or in this manner?” Incidental disclosures and HIPAA:  Incidental disclosures and HIPAA “Incidental”: a use or disclosure that cannot reasonably be prevented, is limited in nature and occurs as a by-product of an otherwise permitted use or disclosure. (§164.502(c)(1)(iii) Example: discussions during teaching rounds; calling out a patient’s name in the waiting room; sign in sheets in hospital and clinics. Incidental disclosures and HIPAA:  Incidental disclosures and HIPAA Incidental uses and disclosures are permitted, so long as reasonable safeguards are used to protect PHI and minimum necessary standards are applied. Commonly misunderstood by patients! Information can be lost…:  Information can be lost… Physically lost or stolen… Paper copies, films, tapes, devices Lost anywhere at anytime-streets, restrooms, shuttles, coffee houses, left on top of car when driving away from UCSF… Or Misdirected to outside world… Mislabeled mail, wrong fax number, wrong phone number Wrong email address, misplaced on UCSF intranet Not using secured email Verbal release of information without patient approval We need to protect the entire lifecycle of information:  We need to protect the entire lifecycle of information Intake/creation of PHI Storage of PHI Destruction of PHI For any format of PHI Do you know where you left your paperwork?:  Do you know where you left your paperwork? Slide32:  Shredding bins work best when papers are put inside the bins. If it’s outside the bin, it’s … Daily gossip Daily trash Public Electronic information can also be lost or stolen:  Electronic information can also be lost or stolen Lost/stolen laptops, PDAs, cell phones Lost/stolen zip disks, CDs, floppies, flash drives Unprotected systems were hacked Email sent to the wrong address or wrong person (faxes have same issues) User not logged off of system Be aware that ePHI is everywhere:  Be aware that ePHI is everywhere Slide35:  “10” Good Computer Security Practices for protecting restricted data “Good Computing Practices” 10 Safeguards for Users:  “Good Computing Practices” 10 Safeguards for Users Passwords Lock Your Screen Workstation Security Portable Device Data Management Anti Virus Computer Security Email Safe Internet Use Reporting Security Incidents / Breach Good Computing Practices #1 Passwords:  Good Computing Practices #1 Passwords Use cryptic passwords that can’t be easily guessed and protect your passwords - don’t write them down and don’t share them! Good Computing Practices #2 Lock Your Screen:  Good Computing Practices #2 Lock Your Screen For a PC ~ <ctrl> <alt> <delete> <enter> OR <> <L> For a Mac ~ Configure screensaver with your password Create a shortcut to activate screensaver Use a password to start up or wake-up your computer. Good Computing Practices #3 Workstation Security:  Good Computing Practices #3 Workstation Security Physically secure your area and data when unattended Secure your files and portable equipment - including memory sticks. Secure laptop computers with a lockdown cable. Never share your access code, card, or key (e.g. Axiom card) Good Computing Practices #4 Portable Device Security:  Good Computing Practices #4 Portable Device Security Don’t keep restricted data on portable devices Back-Up your data Make backups a regular task, ideally at least once a day. Backup data to your department’s secure server or store on removable media such as CD-RW or a USB memory stick. Store backup media safely and separately from the equipment. Remember, your data is valuable! Good Computing Practices #4 Portable Device Security cont’d…:  Good Computing Practices #4 Portable Device Security cont’d… Data Back-ups- Ask yourself…. How effective would you be if your email, word processing documents, excel spreadsheets and contact database were wiped out? How many hours would it take to rebuild that information from scratch? Good Computing Practices #5 Data Management:  Good Computing Practices #5 Data Management Managing Restricted Data Know where this data is stored. Destroy restricted data which is no longer needed ~ shred or otherwise destroy restricted data before throwing it away erase/degauss information before disposing of or re-using drives Protect restricted data that you keep ~ back-up your data to a departmental server Good Computing Practices #6 Anti Virus:  Good Computing Practices #6 Anti Virus “I’ll just keep finding new ways to break in!” Make sure your computer has anti virus and all necessary security patches. Good Computing Practices #7 Computer Security:  Good Computing Practices #7 Computer Security Don’t install unknown or unsolicited programs on your computer. Good Computing Practices #8 Email:  Good Computing Practices #8 Email Practice safe e-mailing Don’t open, forward, or reply to suspicious e-mails Don’t open e-mail attachments or click on website addresses Delete spam Use the secure e-mail solution to send confidential information ~ Subject: Secure: (http://its.ucsf.edu/information/applications/exchange/secure_email.jsp) Good Computing Practices #9 Safe Internet Use:  Good Computing Practices #9 Safe Internet Use Accessing any site on the internet could be tracked back to your name and location. Accessing sites with questionable content often results in spam or release of viruses. And it bears repeating… Don’t download unknown or unsolicited programs! Practice safe internet use Good Computing Practices #10 Reporting Security Incidents/ Breach:  Good Computing Practices #10 Reporting Security Incidents/ Breach How to Reporting Security Incidents/ Breach? Report lost or stolen laptops, blackberries, PDAs, cell phones, flash drives, etc… Loss or theft of any computing device MUST be reported immediately to the UCSF Police Department. Dial 1-415-476-1414 Good Computing Practices #10 Reporting Security Incidents/ Breach cont’d…:  Good Computing Practices #10 Reporting Security Incidents/ Breach cont’d… Immediately report anything unusual, suspected security incidents, or breaches to your Computing Support Coordinator and supervisor. This also goes for loss/theft of PHI in hardcopy format (paper, films etc). If no one is available to receive your report contact Customer Support Dial 1-415-514-4100 (Option 1 for Medical Center, Option 2 for Campus) You can also email or go to the UCSF website: email: itscs@its.ucsf.edu web: http://help.ucsf.edu/ Resources: with Privacy and Confidentiality:  Resources: with Privacy and Confidentiality Your Supervisor/Manager Privacy Office: (415) 353-2750 Chief Privacy Officer: Deborah Yano-Fong Email: deborah.fong@ucsfmedctr.org HIPAA website: http://www.ucsf.edu/hipaa UCOP HIPAA website: http://www.universityofcalifornia.edu/hipaa HIPAA and Research: Committee on Human Research (CHR) at htttp://www.research.ucsf.edu/chr/index.asp Click on HIPAA and Research link Resources: with Information Security:  Resources: with Information Security Your supervisor / Manager Your department’s IT or CSC person IT Information Security Education Awareness Training (SATE) Tiki Maxwell: (415) 514-1363 Email Tiki.maxwell@ucsf.edu HIPAA Website: www.ucsf.edu/hipaa UCSF Information Security Officer: Carl Tianen UCSF Medical Center Information Security Officer: Jose Claudio HIPAA Security Reminders:  HIPAA Security Reminders Password Required Send Email Securely Password protect your computer Backup your electronic information Run Anti-virus & Anti-spam software, Anti-spyware Keep disks locked up Keep office secured

Add a comment

Related presentations

Related pages

Hipaa-101.com | PageGlance

Hipaa 101 Revised Ver3 20070627 Ppt Presentation Hipaa 101 Revised Ver3 ... Gavril-34615-hipaa-101-revised-ver3-20070627-Training-Program-help ...
Read more

Hipaa.ucsf.edu | PageGlance

Hipaa 101 Revised Ver3 20070627 Ppt Presentation... person IT Information Security Education Awareness Training (SATE) Tiki Maxwell: (415) ...
Read more

Revised Hipaa Forms For 2013.Pdf - thebookee.net

Revised hipaa forms for 2013. List of ebooks and manuels about Revised hipaa forms for 2013
Read more

HIPAA 2014 (Revised April, 2014) - YouTube

HIPAA 2014 (Revised April, 2014) DCHHRVIDEOS. Subscribe Subscribed Unsubscribe. Loading... Loading... Working... ... HIPAA 101: The Basics of ...
Read more

HIPAA 101: The Basics of HIPAA Administrative Simplification

... The Basics of HIPAA Administrative Simplification ... Health Care Financing Administration HIPAA 101: ... HIPAA 2014 (Revised April ...
Read more

HIPAA Privacy Rule and Its Impacts on Research

Clinical Research and the HIPAA Privacy Rule. ... CFR part 46 and would not satisfy the criteria for any exemption under HHS regulations at 45 CFR 46.101(b).
Read more

Health Information Privacy | HHS.gov

New videos and fact sheet explain your HIPAA access rights. Your Money or Your PHI. New guidance on how to prevent and respond to ransomware attacks.
Read more

Slide 1 - Compassionate Care of Shelby County

HIPAA 101 Basic Privacy and Security HIPAA Training
Read more