1 / 97

HIPAA For General Workforce What you need to know

HIPAA For General Workforce What you need to know. The Catholic Health Initiatives Mission.

vernonmoore
Download Presentation

HIPAA For General Workforce What you need to know

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HIPAA For General WorkforceWhat you need to know HIPAA Training Presentation for Management Workforce

  2. The Catholic Health Initiatives Mission Catholic Health Initiatives continues the journey begun by our foundresses. Like these women religious, we continue the healing ministry of Jesus Christ through the provision of health care in our many communities. Our core values of reverence, integrity, compassion and excellence guide us on this journey. We build relationships based upon these core values. These relationships enable us to assume the challenging role of caring for those most in need, those least able to care for themselves. Our core values and standards of conduct are the principles that guide us in navigating the complexity of providing health care. At a minimum, we are expected to follow all laws related to our responsibilities. However, following the law is not enough. Our values call us to live by an ethical standard that is greater than the law. We are responsible for ensuring the privacy of an individual’s health information and are entrusted with that information in order to provide the necessary care and services. We have a duty to prevent the inappropriate use or disclosure of an individual’s health information.

  3. Course Objectives/Navigation The objectives of this course are: • To foster and maintain a culture of integrity. • To develop individual and team character and virtue in the workplace. • To foster compliance with applicable federal and state laws and regulations. • To understand the policies and procedures in order to protect health information. Navigating this course: Each course contains Cases to Consider, which are designed to help improve your understanding of the course material. At the end of each course you will take a Section Test. The Section Test is designed to measure your understanding of the course material and is scored. You will be required to successfully pass the Section Test. You can use the arrows at the top and bottom of your screen to move forward and backward through the course. For most people, this course should take approximately 1 hour.

  4. Education Objectives • Understand the Health Insurance Portability and Accountability Act (HIPAA) rules and regulations • Understand the penalties for not complying • Understand patients’ rights and health care workers’ role in protecting them • Understand your responsibilities under HIPAA-related policies and procedures

  5. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) HIPAA is a federal law imposed on all health care organizations, including: • Hospitals, physician offices, home health agencies, nursing homes, and other health care providers • Clearinghouses • HMOs, private health plans, and public payers such as Medicare and Medicaid The above organizations are considered Covered Entities under HIPAA.

  6. HIPAA • HIPAA consists of five main sections, or “titles.” The most important title for health providers is Title II, Administrative Simplification. • The three main components of Title II include the following standards: • Privacy • Security • Electronic Data Interchange • The Privacy and Security standards will be reviewed in this module.

  7. HIPAA Privacy Rule HIPAA Training Presentation for Management Workforce

  8. HIPAA Privacy Rule • Compliance date of April 14, 2003 • Gives patients federal rights to gain access to their medical records and restrict who sees their health information • Requires organizations to take measures to safeguard patient health information • Requires organizations to train members of the workforce on patients’ rights to privacy and control over their health information • Punishes individuals and organizations that fail to keep patient health information confidential

  9. The Privacy Official A Privacy Official has been appointed by each covered entity to: • Manage the development of the organization’s privacy standards, policies, and procedures • Oversee training and education of workforce • Enforce the rules and investigate violations

  10. Myths about HIPAA • Patients cannot be paged • Organizations must get rid of all their semi-private rooms and put up sound barriers • Organizations cannot put patient names outside their doors or use white boards • HIPAA does not require the above measures and these myths are not true.

  11. Quiz Question What type of rule is HIPAA? • a state law imposed only on hospitals • a federal law imposed on all health care organizations • a guideline set forth by the American Medical Association • an accreditation requirement b. HIPAA is the first federal regulation that gives patients rights to gain access to their medical records and restrict who sees their health information.

  12. Safeguarding Health Information

  13. Name Address Age Social Security number Phone number E-mail address Diagnosis Medical history Medications Observations of health Medical record number And more... What is Confidential? Any information about a patient written on paper, saved on a computer, or spoken, is protected health information (PHI), including:

  14. Protect Patient Privacy “Do’s” • Log off the computer when you’re finished • Dispose of health information only by shredding or storing in locked containers for destruction • Notify Security if you see an unescorted visitor in a private area

  15. Protect Patient Privacy “Don’ts” • Don’t leave patient records lying around • Don’t discuss a patient in public areas such as elevators, hallways, and cafeterias • Don’t look at information about a patient unless you need it to do your job

  16. Rules for Computers “Do’s” • Keep your password a secret • Turn computer screens away from public view • Change your password every 180 days or as required by internal policy • Do not log into the system using someone else’s password • Do not remove equipment, disks, or software without permission

  17. Quiz Question When are you free to repeat a patient’s private health information that you hear on the job? • after you no longer work at the organization • after a patient dies • if you know the patient would not mind • when your job requires it

  18. Quiz Question Which of the following is protected health information under HIPAA? • the patient’s address • the patient’s allergies • the patient’s medical record number • all of the above

  19. Quiz Question Which of the following types of information does HIPAA’s privacy rule protect? • patient information in electronic form • patient information communicated orally • patient information in paper form • all of the above

  20. Do You Need to Know?The Minimum Necessary Standard

  21. Do You Need To Know? HIPAA requires health care workers to use the minimum amount of health information they need to do their jobs efficiently and effectively. Ask yourself: • Do I need this information to do my job and provide good service? • What is the least amount of information I need to do my job?

  22. Do You Need to Know? • Coders and billers need to look at certain portions of records to code and bill correctly • Professional health care workforce members such as doctors, nurses, and therapists need to look at their patients’ records to care for them • Housekeeping staff do not need to look at patient records to perform their job

  23. Quiz Question What question should you ask yourself before looking at health information? • Would the patient mind if I looked at this? • Do I need to know this to do my job? • Can anyone see what I’m doing? • Am I curious?

  24. Quiz Question Your sister’s friend just had triple bypass surgery at your organization. She asks you to find out his prognosis. What should you do? • ask a nurse on the floor how the patient is doing and pass the information along to your sister • log in to the computerized record system and read the patient’s record to find information for your sister • explain that it is a violation of the patient’s privacy for you to ask around or look at his record, and suggest that she call one of her friend’s family members • none of the above

  25. Authorization

  26. Authorization Organizations must obtain authorization from a patient before using or sharing protected health information (PHI) for reasons other than treatment, payment, or health care operations. Reasons other than treatment, payment or health care operations include: • Marketing • Fundraising • Research • Employment determinations • A patient may revoke an authorization at any time by making a written request.

  27. Examples of Treatment, Payment and Health Care Operations • Treatment: doctors and nurses caring for patients; technicians performing tests • Payment: billerssending out claims; coders applying codes to procedures • Health care operations: quality assurance staff performing reviews; transcriptionists typing reports

  28. Authorization Exceptions An authorization is not necessary for uses or disclosures mandated by law such as: • Reporting births, deaths, and communicable diseases to state agencies • Giving certain information to the police for investigations, searches for missing people • Responding to a court order, subpoena, or other lawful process • Workers’ compensation • Specialized government functions • External health oversight agencies • Public health activities

  29. Quiz Question When is the patient’sauthorization to release information required? • in most cases in which information is going to be shared with anyone for reasons other than treatment, payment, or health care operations • upon admission • when information is to be shared among two or more clinicians • when information is used for billing a private insurer

  30. Marketing and Fundraising

  31. Marketing In most cases, we may not use or disclose protected health information (PHI) to market a product or service without obtaining a valid authorization.

  32. Defining Marketing The following are not considered marketing under HIPAA and do not require an authorization: • Descriptions of the organization and whether products or services are provided or covered • Explanations of treatment alternatives • Case management or care coordination • Recommendations of alternative treatments, therapies, providers, or settings • Reminders and disease management and wellness programs

  33. Fundraising We can use only the following information for fundraising purposes without patient authorization: • Demographic information • Dates of service

  34. Opting Out A patient has the right to revoke his/her authorization and opt out of receiving future fundraising or marketing communications

  35. The Facility Directory

  36. The Facility Directory Unless a patient has asked not to be included in the directory, you may disclose the following information to visitors and callers who ask for a patient listed in the directory by name: • Location (room number) • General condition (e.g. stable, critical)

  37. Directory Disclosures to Clergy Clergy who have signed the Clergy Confidentiality Agreement do not have to ask for a patient by name and may receive: • Names of patients listed in the directory with the same religious affiliation of the clergy making the request • Locations • General conditions

  38. Quiz Question What information about a patient who is listed in the directory can be disclosed to someone who asks for the patient by name? • room number and name of doctor • room number and general condition • general condition and prognosis • D. nothing

  39. Individual Rights

  40. Individual Rights Patients have the following rights under HIPAA: • To know who has access to their health information and how it is used (Notice of Privacy of Practices) • To access and request an amendment to their health records in the designated record set (Access and Amendment) • To request a list of people and organizations who have received his/her health information(Accounting of Disclosures) • To request that we communicate with them by alternative means (Confidential Communications) • To request restrictions for the use and disclosure of their health information (Request Restrictions) • To complain to a covered entity, to the Secretary of HHS, or to the Office for Civil Rights (OCR)

  41. Notice of Privacy Practices • Provides individual notice of the ways the organization uses and shares an individual’s health information • Explains an individual’s rights to confidentiality and access to his/her health information • Is posted prominently in the organization

  42. Right to Access A patient has the right to inspect and obtain a copy of his/her designated record set, which includes protected health information (PHI) used in whole or in part to make decisions about the patient.

  43. Designated Record Set A designated record set is a group of records that may include: • Health care provider medical and billing records • Health plan enrollment, payment, claims adjudication and case or medical management records

  44. Right to Request Amendments A patient has the right to request amendments to his/her designated record set. However, organizations are not required to automatically make whatever changes the patient requests.

  45. Personal Representatives Persons who have the authority (under federal and state laws) to act on behalf of a patient in making health care decisions may have access to the patient’s health information as his/her personal representative.

  46. Personal Representatives for Minors Parents, guardians, and others who have authority (under federal and state laws) to act on behalf of a minor in making health care decisions may have access to the minor’s health information as his/her personal representative

  47. Accounting of Disclosures A patient has the right to request a list of people and organizations who have received his/her health information. The list does not have to include disclosures: • For treatment, payment, and health care operations • Authorized by the patient • To the facility directory • For national security • Of “limited data set” information

  48. Confidential Communications A patient may ask to receive correspondence at an alternate location or by an alternate means. Organizations must honor all reasonable requests such as: • Sending mail to a P.O. Box or alternative location • Calling the patient at work instead of home • Using sealed envelopes instead of postcards

  49. Complaints and Grievances The Notice of Privacy Practices includes information on filing complaints: • The name of the designated representative or department for handling grievances • The representative’s phone number • The steps for filing a formal complaint

  50. The Formal Grievance Process If a patient or personal representative complains about a breach of confidentiality or a violation of a HIPAA rule, notify your supervisor and contact the representative listed on the Notice of Privacy Practices.

More Related