410 likes | 531 Views
Adult ED Staff Meeting. March 10, 2010. WELCOME!. Privacy and Information Security. Terri Hartman, Director Privacy Office. It’s the right thing to do!. Why Respect Privacy and Confidentiality?. It’s the law!. It’s a VUMC Credo Behavior.
E N D
Adult ED Staff Meeting March 10, 2010 WELCOME!
Privacy and Information Security Terri Hartman, Director Privacy Office
It’s the right thing to do! Why Respect Privacy and Confidentiality? • It’s the law! • It’s a VUMC Credo Behavior • It’s a key driver to overall patient satisfaction! “It’s Who We Are”
What is HIPAA? Health Insurance Portability and Accountability Act of 1996 What Does HIPAA Do? • Limits how we use and share patient information • Gives patients more control over their information • Protects the integrity, availability and confidentiality of patient information • Defines violation penalties
Protected Health Information and Research Health Information Authorized users who access, process, and store Protected Health Information (PHI) or Research Health Information (RHI) on electronic computing end user devices are accountable for the protection and security of the data including encryption of the device.
VMC policy specifies that when a legitimate business purpose exists requiring an individual to maintain identifiable Protected Health Information (PHI) or Research Health Information (RHI) on a device other than a secure network server that device must be encrypted. Any desktop or laptop computer that is used to access, create, or store individually identifiable information about VMC patients, research participants, employees, or students must be encrypted. The centrally supported encryption solution (CheckPoint) must be used if the computer contains PHI or RHI. Research involving VA Sensitive Information MAY NOT reside on non-VA owned equipment unless specifically designated and approved in advance by the appropriate VA officials and a waiver has been approved and granted by the VA’s Chief Information Officer. Protected Health Information and Research Health Information • Things You Need to Know:
Patient Photography and Video Imaging VUMC may utilize Photography to collect protected health information for purposes of identification and patient care and treatment or as otherwise authorized by the patient or the patient’s legal representative. Key Points: Photography for purposes of patient care does not require additional consent beyond the standard Consent for Treatment. Patient Identifiable Photography is Protected Health Information (PHI) and use and disclosure of this PHI must comply with all Information Privacy and Security Policies for PHI. Photography for purposes other than patient care generally does requireexplicit consent. Immediatelyupload patient photos to the EMR or another secure server and delete from the device used to capture the image(s). Do not identify patient photographs with more than the minimum necessary (e.g. avoid SSN and patient phone number). Do Not post Photography of patients in public areas, on internet websites, or blogs without written or documented verbal consent from the patient/legal representative prior to the posting. If your department or work uses Patient Photography, review the new policy for specific information related to: Permissible uses of Photography; Requirements for consent, camera and recording equipment, and storage/retention of images; Use and disclosure of Photography images; and Behaviors that are not permissible by staff/faculty related to Photography of patients. Authorization/Consent forms to use: Permission to Take and Use Photography or Videos(MC 3930) -use foreducation/training, performance improvement, or other non-media related acceptable purposes. Media Relations-Authorization to Create, Use, or Disclose Photographs or Videos for Media Releases and Public Relations (MC6690)- use for public relations, media, or marketing purposes is coordinated through VU Media and Public Relations staff and uses a specific consent form. Patient Authorization for Security Photographs(MC3642) – use in the newborn nursery areas fornewborn Photography Operations Policy, OP 20-10.10 https://mcapps.mc.vanderbilt.edu/E-Manual/Hpolicy.nsf/AllDocs/32DB38E6CD9FEDF986256B420079E44E
Social Networking Online social media allow Vanderbilt University Medical Center (VUMC) faculty and staff to engage in professional and personal conversations. All faculty and staff who identify themselves with VUMC and/or use their Vanderbilt email address in social media venues such as professional society blogs, Linked In, Facebook, or Twitter for deliberate professional engagement or casual conversation are to follow the VUMC Credo Behaviors, Health Insurance Portability and Accountability Act (HIPAA), Conflict of Interest Policy, privacy policies and general etiquette. VUMC faculty and staff can be held accountable for conduct that negatively impacts or represents VUMC If you identify yourself in any online forum as a faculty/staff member of VUMC or use your Vanderbilt email address, you must make it clear you are not speaking for VUMC and all submissions represent your own personal views and comments. Do notpost digital images and messages containing protected health information (PHI) without written authorization from the patient. Remember recognizable markings or body parts are PHI. Remember that all content contributed on all platforms becomes immediately searchable and can be immediately shared…It immediately leaves your control forever. Known or suspected incidents involving use or disclosure of PHI or Personal Information through social networking are reported to the VUMC Privacy Office and investigated. New federal law and regulations require breach notification and reportingwhen a patient’s health information is accessed, used or disclosed in a way that violates the Privacy Rule of HIPAA and poses a significant risk of reputational, financial, or other harm to the individual. HR-025: “Electronic Communications and Information Technology Resources” “Computing Privileges and Responsibilities: Acceptable Use Policy” http://www.vanderbilt.edu/aup.html
Careless Handlingof Personal orConfidential Information Things You Need to Know: • When faxing a document always use a cover sheet that includes the sender’s full name, department or clinic name, and complete phone number and fax number. Doublecheck to make sure you are sending the right patient’s information to the right recipient at the confirmed fax number. • When you select a recipient for faxed documents from the StarPanel Fax Directory always confirmthat you have the correct provider by name, specialty, office location, and fax number. • When mailing patient information always double check to be sure you are sending the correct patient’s information to the correct person at the correct address. Always ask visitors to step out of the room before discussing clinical history or information with the patient, giving the patient the opportunity to consent to the visitor’s presence. Photos taken of patients for treatment purposes must be stored in the patient’s medical record or in a secure database and should not be stored on the camera device. Always capture the minimum necessary identifiable data on the picture. The camera must remain secured and not left unattended. Avoid conversations about patients in an area that is open to the public where you might be overheard. Always place confidential information in a shredder bin for disposal.
Unauthorized Access or Disclosure of Patient Information • Things You Need to Know: • Whenever possible, allow the patient to determine which family members or others involved in their care are communicated with regarding the patient’s care and services. Do not assume that the patient agrees for a visitor or family member in the patient’s room to see or hear any personal health information. • Prior to accessing a patient’s medical record for any reason other than completion of your assigned job duties, there should be documentation in the medical record showing the patient has granted you permission prior to accessing the record. Written authorization may be in the from of a note entered into the medical record documenting verbal permission or, preferably, a signed copy of an authorization form granting the access.
Unauthorized Access or Disclosure of Patient Information • Things You Need to Know: • The Privacy Office regularly audits the medical records of all VUMC staff and faculty that are admitted to VUMC for access by co-workers. • Patients may request an audit of the medical record if they believe a staff or faculty member has accessed their record without appropriate authorization. • Gossiping about a faculty/staff member’s health information resulting in the individual filing a complaint, gossiping about a VUMC patient’s health information, or gossiping or sharing PHI secured through your role at VUMC are all considered privacy violations and will result in disciplinary action.
Protecting the Privacy of Patient Information • Only share patient information with other faculty and staff who need the information to do their job. • Avoid accessing a patient’s record unless you need to do so for your job or you have written permission from the patient. You are not allowed to access the record of your co-worker, spouse, or family member unless there is written authorization in the patient’s record.
Protecting the Privacy of Patient Information • You will be prompted when accessing the medical record of a VUMC employee. • The Privacy Office will be prompted to audit the medical record you are accessing.
Unauthorized Access or Disclosure of Patient Information All incidents/complaints are investigated and all violations result in disciplinary action, up to and including termination.
Chris Ruckman Nurse Manager
Leadership Expectation Time & Attendance Meeting Deadlines Teamwork Honesty
Kudos Letters from patients and co-workers
Jackie Ashburn Quality
Sepsis Alerts • Jan-11 Alerts 8 • Avg time from Call to Disp 1:55 • Arrival to call 1:54 • Arrival to antibiotic order 0:32 • Order to administration 0:19 • Disp 6-MICU 1-8N • Feb-11 Alerts 13 • Avg time from Call to Disp 2:02 • Arrival to call 1:36 • Arrival to antibiotic order 0:54 • Order to administration 0:24 • Disp 12-MICU 1-OR/NICU
Strokes • 10 Code Strokes • 1 TPA • 9 sheets • Disposition: • NICU 6 • 8S 1 • TOBS 1 • ED 2 • 4 ems • 2 pov • 4 air
Hand Hygiene-Jason Reed February 10, 2010
Competency Check-offs Beginning the first Tuesday in April…..and the first Tuesday of every month thereafter in 2010!! 2:00 to 6:00pm
Lab Labeling VUnetID Blood Bank Specimens “Collector” and “Labeler”
Meeting Evaluation • 5 – Excellent • 4 – Very Good • 3 – Average • 2 – Below Average • 1 - Poor Use the poll on our Team Member Only Website to Evaluate the Meeting. We will send you a link today. Share any comments now.