1 / 0

Privacy Practices

Privacy Practices. Our privacy procedures are vitally important, and it’s critical that you learn and follow them to safeguard yourself and our agency. . As an employee of our agency, you are responsible for becoming familiar with our privacy policies and procedures.

cale
Download Presentation

Privacy Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Practices Our privacy procedures are vitally important, and it’s critical that you learn and follow them to safeguard yourself and our agency.
  2. As an employee of our agency, you are responsible for becoming familiar with our privacy policies and procedures. By signing your copy of our privacy policy, you are indicating that you understand and agree to abide by our privacy procedures. Your Responsibility
  3. As a covered healthcare entity, we are required by law to follow State and Federal privacy regulations. All covered entities – including hospitals, medical agencys, nursing homes, medical equipment dealers and other vendors who have access to PHI – must comply with both HIPAA and HB300. Why Follow Privacy Laws?
  4. HIPAA is the Health Insurance Portability and Accountability Act, which was signed into law in 1996 HIPAA is managed by the Office of Civil Rights Oversight is provided by the Department of Health and Human Services In Texas, HB300 augments Federal privacy laws What is HIPAA?
  5. The Texas legislature, acting on concerns about information safety and patient privacy, passed HB300 HB300 takes effect September 1, 2012 HB300 dramatically extends “covered entity” status HB300 sets forth training requirements and substantial penalties for disclosing Protected Health Information What is HB300?
  6. An agency could face fines of up to $1.5 million annually and you could spend up to ten years in jail. In Texas, you can face criminal charges for knowingly releasing the patient's Protected Health Information, or PHI. If You Don’t Follow the Law …
  7. PHI is any information we have which identifies our patients, the type of medical care they are receiving or have received, their payment information and what medications they are using or may have been prescribed. All of this is protected information. What is PHI?
  8. Name Date of birth Date of Death Telephone and Fax Numbers Addresses and ZIP Codes agency Record Numbers PHI Includes …
  9. Past, present or future payment information Photographs Fingerprints and voiceprints Prescription Numbers Any Other Identifying Number PHI Also Includes …
  10. Of course, a patient's chart is the most visible source of protected information. But PHI can also appear in other places we don't think about … like office bulletin boards, insurance cards, telephone notes, dictation tapes, fax machines, copying machines, and so on. Let’s Think About PHI
  11. "Protected" means that only the individuals who need the information should have access to it. In other words, you should only have PHI if you need it to do your job. What Does “Protected” Mean?
  12. "Protected" also means you need to get patient permission to disclose PHI in most circumstances. The law gives patients greater control over their own health information. What Does “Protected” Mean?
  13. The law allows you to use PHI to TREAT a patient, to receive PAYMENT for that treatment, or to complete the daily activities necessary for HEALTHCARE OPERATIONS. We can use PHI for any of these purposes without patient authorization. Understanding TPO
  14. ... means you must make a reasonable effort to limit the use or accessibility of private health information. This “need to know” standard mandates that you use or offer only what is necessary to accomplish your purpose under the TPO definition. The HIPAA Minimum Standard
  15. HIPAA requires you to watch what you say, where you say it, and to whom Make a reasonable effort to keep protected health information private Your Reasonable Effort
  16. Talk quietly Never use full names Always make sure people to whom you give PHI have the authority to receive it Your Reasonable Effort
  17. If we make a mistake and realize we have inadvertently disclosed PHI, we must inform the patient, make every effort to correct the problem, and ensure that the same situation doesn’t happen again. If the mistake involves negligence or willful intent on our part, our agency is subject to substantial fines. Mistakes Do Happen
  18. Patients have the right to request an electronic copy of their file. Under Texas law, we have 15 days to deliver the information they request. If we mail a copy of the patient’s chart, we must send it directly to the patient. Handling Information Requests
  19. We can share PHI with a patient’s family member as long as we obtain patient permission first. To protect patient privacy, we should only share information that is relevant to current treatment. Information to Family Members
  20. In response to a lawsuit or subpoena In response to a court order To the military upon legitimate request For research You Can Also Release PHI Without Patient Permission:
  21. Upon patient request To other healthcare workers for treatment purposes To DHHS Send the Entire Patient Chart Only:
  22. For almost every situation other than TPO, you’ll need an authorization form signed by the patient before you release PHI. Authorization Forms
  23. Patients have the right to receive a copy of our privacy policy. Each patient is asked to sign a form stating that he or she has been offered a copy of our privacy policy. If a patient refuses to sign, just note the fact on the form. Patient Rights
  24. To see their PHI To receive an electronic copy of their records ... ... billing records ... lab reports ... x-rays or radiography Patients Have the Right …
  25. Patients have the right to request that errors be corrected or to add information. While the patient does have the right to request these changes, we do not necessarily have to accommodate the request. For anything beyond a minor correction, the request must be submitted in writing. Patient Rights
  26. The HIPAA privacy and security rules mandate that all persons who may come into contact with Protected Health Information receive training on HIPAA policy, and that this training is documented. Why HIPAA Training?
  27. Our agency is responsible for communicating the basic HIPAA rules regarding the transmission, security and privacy of healthcare data. Why HIPAA Training?
  28. Under HB300, agency employees must receive this training within 60 days of their start date and every two years during their employment. The agency must keep records of who received training, and the dates training was provided. Texas Training Requirements
  29. Disclosing PHI When PHI is disclosed outside TPO, patient notes must reflect: The date of disclosure What was sent (profile, medications, etc.) To whom it was sent The patient may request to see this information for six years following the disclosure.
  30. Special Treatment Patients have the right to request that we give their PHI special treatment. However, the agency does not have to agree to this request. The patient’s request should be in writing, and the response should be handled by the office manager.
  31. Communication Considerations Be considerate and speak quietly to patients. Make a reasonable effort to move a patient away from others for consultation.
  32. Communication Considerations Don’t assume a patient does not mind openly discussing their PHI. If the patient wishes to speak in private, you must accommodate that wish.
  33. Patient Complaints Patients have the right to complain if they feel our agency has violated their privacy. In Texas, the Attorney General’s website provides patient privacy information and details a complaint procedure. Patients can also complain to the Department of Health and Human Services.
  34. Patient Complaints While we hope the patient will complain to us first - and give us an opportunity to rectify the problem - the choice is the patient’s to make.
  35. Patient Complaints Written patient complaints should be given to the office manager. Copies should be forwarded to the agency privacy officer.
  36. Patient Rights Remember: Patients have a right to receive a copy of our agency’s privacy policy. If patients want to make changes to their medical records, involve your supervisor or the office manager in the discussion. Let patients know you can speak in a private area, if they prefer.
  37. Patient Rights Patients can see their medical records, but the request must be handled by the office manager or privacy officer. Note that we do not automatically grant patient requests to limit the way in which we use their PHI. Every request is subject to review.
  38. If You Make a Mistake … Don’t panic! Notify your supervisor or the office manager immediately. Explain exactly what happened and why it happened.
  39. If You Make a Mistake … Suggest ways to correct the problem so that it does not happen again. Write a report on the incident and give it to your supervisor. Send a copy of your report to the privacy officer.
  40. Access by “Covered Entities” Some vendors and others who perform work for our agency are not employees, but may access to patient PHI. We require these individuals to sign a privacy agreement; as “Covered Entities,” they are required by Texas law to protect our patients’ PHI.
  41. Protecting PHI In our agency, all PHI is password protected. Keep your password to yourself and do not share it with anyone else. When employees leave the employment of our agency, their password is deleted.
  42. Protecting PHI Make every effort to place your computer screen so that it is not easily visible to patients and other non-employees.
  43. Protecting PHI When you step away from your desk for any reason, be sure to turn off your computer monitor.
  44. Protecting PHI At the end of the day, all employees should close all applications and log off their computers.
  45. Protecting PHI Data backups should be performed daily, and the backup media must be stored in a safe place to protect patient PHI.
  46. Protecting PHI Reports or charts containing PHI must be stored in a safe area. Working papers or charts on a desk must be turned over when unattended.
  47. Protecting PHI Remember that PHI can be found in many places around the office. Fax machines, copiers and printers outside protected areas must be closely monitored.
  48. Discussing PHI When discussing PHI with patients or other members of your agency team, remember: Speak clearly, but speak quietly.
  49. Discussing PHI Make reasonable efforts to conduct PHI-related telephone conversations in a private area, and remember to speak quietly.
  50. Discussing PHI When leaving messages for patients, do not leave detailed information. Leave your name and the agency name and number, and request that the patient call back.
  51. Employees Only! We must make every effort to protect PHI from intrusion and unauthorized individuals. Off-limits areas include any areas labeled ‘Employees Only.’
  52. Employees Only! Only authorized personnel are allowed in off-limits areas. ‘Employees Only’ means just that – no family, no friends, no former employees.
  53. Employees Only! Violation of the ‘Employees Only’ areas of our agency will produce complaints from patients and other healthcare professionals.
  54. Employees Only! Do not put yourself, the agency or your coworkers at risk! Keep off-limits areas off-limits to all but authorized personnel.
  55. When Dealing With PHI, Remember: What you say doesn’t usually cause problems. How you say it does!
  56. When All Else Fails … Read! You have a copy of our agency policy and procedure manual. Read it and refer to it again when necessary.
  57. Congratulations! Becoming familiar with our office privacy policies and procedures is critically important. You’ve completed our agency’s Health Information Privacy training. We appreciate your time and attention.
More Related