hipaa privacy confidentiality reasonable safeguards of
play

HIPAA, Privacy, Confidentiality, Reasonable Safeguards of - PowerPoint PPT Presentation

Sep 08, 2022 •318 likes •674 views

HIPAA, Privacy, Confidentiality, Reasonable Safeguards of Information & 42 CFR Part 2 Presented to BHH ASOC Committee on 09/17/15 Patrick Garcia, MSW, MPA Mary Harnish, MFT, Dr. Noel M. Panlilio Compliance Officer Administration Division

  1. HIPAA, Privacy, Confidentiality, Reasonable Safeguards of Information & 42 CFR Part 2 Presented to BHH ASOC Committee on 09/17/15 Patrick Garcia, MSW, MPA Mary Harnish, MFT, Dr. Noel M. Panlilio Compliance Officer Administration Division Director Compliance & Privacy Manager Behavioral Health Services Dept. Mental Health Services Substance Use Treatment Services Pat.Garcia@hhs.sccgov.org Mary.Harnish@hhs.sccgov.org Noel.Panlilio@hhs.sccgov.org (408) 793-1809 (408) 885-5784 (408) 755-7850

  2. Multiple overlapping privacy regulations • Regulations change over time, and Federal, State, and Local regulations may overlap. Current laws include: • HIPAA • WIC Sections 5328, 5150-5344 • 42 C.F.R. Whenever there are multiple standards to apply, ALWAYS follow the more restrictive standard.

  3. What is HIPAA? • The Health Insurance Portability and Accountability Act is a Federal Law that: • Protects the Privacy of patient information • Provides for electronic and physical security of protected health information (PHI) • Requires “minimum necessary use, and disclosure” • Specifies patient rights to approve or deny the access and use of their medical information.

  4. What Qualifies As PHI? • PHI can be any verbal, written, recorded, or electronic information that identifies or can be used to identify a patient such as: • Name • Address • Social Security or Drivers License number • Physical characteristics • Diagnosis • Date of Service • Type of Treatment • Etc. Anything that can be used to identify the individual is PHI and must be kept confidential!

  5. What is ePHI? • ePHI is protected health information that is created, received, stored, or transmitted electrically. • Any PHI when stored electronically becomes ePHI • ePHI includes information on laptops, memory sticks, smart phones, PDA, email, and other electronic storage devices.

  6. WHY DOES THIS MATTER TO YOU?

  7. BECAUSE YOU ALREADY AGREED TO DO IT! • As part of being hired, you were provided with the Compliance Plan Policy (#412-101) • The end of the policy includes the BHSD code of conduct. • On the day you were hired you read and signed it, agreeing to abide by HIPAA and other requirements. • Policies require sanctions for staff who do not comply • And if that’s not enough… • You may face fines of up to $25,000 per violation, misdemeanor charges, potential legal action by the patient, formal notification to licensing boards, and disciplinary action from your employer. • SEE PRIVACY DO’s and DON’Ts HANDOUT

  8. How Does HIPAA Work? HIPAA regulations protect Private Health Information in 4 ways: • Security Standards (Physical, Technical, and Administrative safeguards, electronic patient information.) • Privacy Standards (Protection of individual health information, and patients rights) • Transactions Standards (electronic billing claims management) • National Provider Identifier Standards (a unique identifier for healthcare providers)

  9. WHO CAN WE DISCLOSE PHI TO

  10. Minimum Necessary Access • A minimum necessary amount of PHI is accessible to persons needing to know based on: • Job Function • Behavioral Practices • Control Access • You may assume minimum necessary information is being requested when it is: • A request for PHI from another health care provider or health plan • The request from a business associate or public official AND the request states that it is the minimum necessary

  11. Minimum Necessary does not apply for • Disclosure to a Provider for treatment of a mutual patient. • Use or disclosures to a patient’s personal representative. • Disclosures to the Department of Health & Human Services. • Use in preparation for and for disclosures required by law.

  12. Permitted Use and Disclosure Without Consent • Under HIPAA, you may use or disclose PHI without patient authorization or consent to: • The individual patient • For Treatment, payment, or health care operations (TPO) • HIPAA allows disclosure of PHI with conditions for: • Incidental Occurrences • Public Good disclosure

  13. Disclosure Without Consent – Incidental Disclosures • HIPAA permits incidental disclosures if we first • Disclose only the minimum amount of PHI necessary to accomplish the purpose of the disclosure • Take reasonable measures to safeguard PHI. • Examples of incidental disclosures include: • Seeing PHI while conducting IS maintenance • Overhearing telephone conversations

  14. Disclosure Without Consent – Public Good • Disclosures that do not require consent include: • Reporting professional misconduct to a licensing agency • Disclosures to Federal, Medicare, CDC, or other entities as required • Public Health Activities such as communicable diseases • Disclosures required by law (i.e. court order) • Reporting victims of abuse, neglect, or domestic violence • Health oversight activities • Judicial and Administrative proceedings • To avert a serious threat to health or safety (e.g. Tarasoff)

  15. Permitted Use and Disclosure with Consent • Patient Authorization / Consent are Required for: • Access, use, or disclosures to certain permitted persons or entities for non-TPO activities • Disclosures to a third party specified by the patient

  16. The HIPAA Privacy Rule – Areas Requiring Protection • Several functions occur in any healthcare facility where reasonable Administrative, Technical, and Physical safeguards must be practiced including: • Workplace Conversations • Workstation Activities • Disposal and Recycling • Emailing • Faxing • Computer and Equipment use • Password protections

  17. Patients Rights • Under HIPAA, patients have the rights to • Right to access record with reasonable period of time. This includes the right to a copy of the file (P&P 210) • A Notice of Privacy Practices (P&P 244) • Right to request a modification of the record or to insert a statement disputing the record if the Program refuses the request (P&P 212 ) • Right to confidential communication (P&P 244) • Right to request restriction of disclosures (P&P 244) • Right to an accounting of disclosures of client PHI (P&P 245) • Right to complain about violations of privacy/confidentiality (P&P 222)

  18. Patients Rights – Access to Records • Procedure • The client fills out a form requesting access • Staff take the completed for to the program manager • The manager communicates the decision to allow or deny access in a timely manner • Copies of the request and program response are forwarded to the Custodian of Records • Arrangements are made for the client to have access to her/his record which may include making a copy of the record

  19. Patients Rights – Notice of Privacy Practice • A Notice of Privacy Practice must be provided to all clients upon intake and/or admission describing • How we will use and disclose client PHI • What rights the client has in respect to the PHI • Where and how the client may access their PHI • Where and how they can file a complaint if they feel their rights have been violated

  20. Complaint Process • Clients have a right to file a complaint if they feel their PHI is inappropriately used and disclosed. • Any client wishing to file a HIPAA/Privacy complaint may be referred to the Mental Health Services Compliance and Privacy Manager, Mary Harnish at (408) 885-5784 • They may also complain to the Office of Civil Rights @ OCRComplaint@hhs.gov

  21. Overview: 42 CFR Part 2 • What is 42 C.F.R. Part 2? • Regulations implementing Federal drug and alcohol confidentiality law (42 U.S.C. § 290dd-2) 21

  22. Overview: 42 CFR Part 2 • Generally, • Disclosure of information that identifies patient (directly or indirectly) as having a current or past drug or alcohol problem (or participating in a drug/alcohol program) is generally prohibited • Unless • Patient consents in writing or • Another exception applies 22

  23. Overview: 42 CFR Part 2 • What is 42 C.F.R. Part 2? • Federal law • Governs confidentiality of alcohol and drug treatment and prevention information • Regulations implement statutes enacted in 1970s • Purpose of law: • Privacy protections encourage people to seek treatment (stigma) 23

  24. Overview: 42 CFR Part 2 • Generally, • This is true even if the person seeking the information • Already has it • Has other ways to get it • Has some kind of official status • Has obtained a subpoena or warrant • Is authorized by State law 24

  25. Overview: 42 CFR Part 2 • Who is covered? • Drug/alcohol treatment and prevention “ programs ” that are • Federally assisted must follow 42 C.F.R. Part 2 25

  26. Overview: HIPAA and 42 CFR Part 2 HIPAA 42 C.F.R. Part 2 Health care provider, health plan, health care clearinghouse Program + + Transmits health information electronically Federally assisted (covered transactions) = Covered by HIPAA = Covered by 42 C.F.R. Part 2 26

  27. Overview: HIPAA and 42 CFR Part 2 • Who must comply with both? • The vast majority of alcohol/drug treatment programs are covered by both • What happens if both apply? • General rule: Follow the law that gives patients more privacy protections • How does State law fit in? • Same general rule: Follow the law that gives patients more privacy protections 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
Health Information Privacy Laws Maine Statutory Law : 22 M.R.S.A. 1711-C Confidentiality

Health Information Privacy Laws Maine Statutory Law : 22 M.R.S.A. 1711-C Confidentiality

Confidentiality Laws Health Information Privacy Laws Maine Statutory Law : 22 M.R.S.A. 1711-C Confidentiality of Health Care Information 2018 HIPAA & FERPA Update HIPAA : 42 U.S.Code 300gg and 29 U.S.Code 1181 et seq. and

364 views • 8 slides
Safety & Confidentiality Presentation The objectives of this presentation are to: *

Safety & Confidentiality Presentation The objectives of this presentation are to: *

Safety & Confidentiality Presentation The objectives of this presentation are to: * Familiarize you with basic safety precautions at VUMC *Familiarize you with HIPAA Basics and Privacy Policies HIPAA Basics Vanderbilt University Medical

1.33k views • 33 slides
EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau Chief, Information Security and Technology 1 What is HIPAA? 2 HIPAA What: Health Insurance Portability and How: Congress mandated the establishment

444 views • 9 slides
Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS

Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS

Beyond HIPAA: Stewardship By Design as applied to data, device, and app exemplars NCVHS Subcommittee on Privacy, Confidentiality and Security September 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other

189 views • 15 slides
HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

Presenting a live 90-minute webinar with interactive Q&A HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and Security Compliance TUESDAY, FEBRUARY 5, 2013 1pm Eastern | 12pm Central | 11am

793 views • 53 slides
Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to obtaining a persons medical records for court proceedings and law enforcement purposes. A) Entities covered by HIPAA The medical records of a patient

405 views • 6 slides
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the removal of individual

1.19k views • 61 slides
CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable

CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable

CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable security Consumer NoBce California Online Privacy ProtecBon Act 1 Civil Code 1798.81.5 A business that owns, licenses, or maintains

545 views • 16 slides
HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

575 views • 33 slides
Clinical Practice and Information Sharing: HIPAA, State Confidentiality Laws and Other Legal

Clinical Practice and Information Sharing: HIPAA, State Confidentiality Laws and Other Legal

Clinical Practice and Information Sharing: HIPAA, State Confidentiality Laws and Other Legal Issues Harrisburg, Pennsylvania December 3, 2013 John Petrila, J.D., LL.M. Professor College of Public Health University of South Florida

1.42k views • 113 slides
DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The

DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The

DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification provisions apply to three types of entities, which are known as

111 views • 7 slides
New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer Definitions HIPAA Health Insurance Portability and Accountability Act PHI Protected Health

660 views • 35 slides
Module 3- HIPAA Employee Corrective Action Process for Breach of Patient Confidentiality

Module 3- HIPAA Employee Corrective Action Process for Breach of Patient Confidentiality

Module 3- HIPAA Employee Corrective Action Process for Breach of Patient Confidentiality Objectives Demonstrate the process to protect patient, employee and MHHS from inappropriate access, tampering or dissemination of Protected Health

443 views • 33 slides
Wellness Checkup Wellness Roadmap HIPAA Wellness Rules ADA GINA ERISA COBRA

Wellness Checkup Wellness Roadmap HIPAA Wellness Rules ADA GINA ERISA COBRA

Wellness Checkup Wellness Roadmap HIPAA Wellness Rules ADA GINA ERISA COBRA ACA HIPAA Privacy Tax 2 Stop #1 HIPAA Wellness Rules HIPAA Wellness Rules: What is a GHP? Apply to group health plans (GHPs) that

464 views • 28 slides
Digital Assistants: Alexa can handle patient information what does that mean for privacy?

Digital Assistants: Alexa can handle patient information what does that mean for privacy?

Digital Assistants: Alexa can handle patient information what does that mean for privacy? Lorene Novakowski February 7, 2020 Alexa and HIPAA Amazon Alexa devices achieved HIPAA compliance In order to qualify as a covered entity

510 views • 21 slides
How the Healthcare Industry and Related Technologies Are Making Use of Patient Data, and the

How the Healthcare Industry and Related Technologies Are Making Use of Patient Data, and the

Digital Health: How the Healthcare Industry and Related Technologies Are Making Use of Patient Data, and the Resulting Benefits and Risks Presenters Tracy Shapiro Kristi V. Kung Rebecca Jones McKnight Nicole Greene

825 views • 59 slides
CCHF Presentation to U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee Privacy

CCHF Presentation to U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee Privacy

CCHF Presentation to U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee Privacy Working Group Prepared Remarks by Twila Brase, President and Co-founder, CCHF October 23, 2019 Why CCHF Opposes a National Unique Patient Identifier

78 views • 7 slides
Georgia Speech, Language, & Hearing Associations 2020 Poster Presentation Submission

Georgia Speech, Language, & Hearing Associations 2020 Poster Presentation Submission

Georgia Speech, Language, & Hearing Associations 2020 Poster Presentation Submission Requirements Submission Type: Student Professional Other Number of Authors: ________ Presentation Title: 15 words or 200 characters

158 views • 3 slides
HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

Presenting a live 90-minute webinar with interactive Q&A HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When Responding to Subpoenas and Discovery Requests WEDNESDAY, SEPTEMBER 12, 2012 1pm Eastern

520 views • 48 slides
HEALTH ENTERPRISE ZONE Pamela B. Creekmur Dr. Ernest L. Carter Health Officer Deputy Health

HEALTH ENTERPRISE ZONE Pamela B. Creekmur Dr. Ernest L. Carter Health Officer Deputy Health

PRINCE GEORGES COUNTY HEALTH DEPARTMENT HEALTH ENTERPRISE ZONE Pamela B. Creekmur Dr. Ernest L. Carter Health Officer Deputy Health Officer Building a Healthier Prince Georges County SELECTION OF HEZ PROVIDERS IDENTIFICATION: (initial

333 views • 30 slides
Sources s of Law HIPAA AA (Health Insurance Portability and Accountability Act of

Sources s of Law HIPAA AA (Health Insurance Portability and Accountability Act of

How the City of Lewisville Has Complied in a Paperless World Sources s of Law HIPAA AA (Health Insurance Portability and Accountability Act of 1996) o Privacy Rule o Security Rule o Enforcement Rule o Genetic Information

416 views • 27 slides
Related to COVID-19 March 27, , 2020 "TELEHEALTH" services are defin ined as:

Related to COVID-19 March 27, , 2020 "TELEHEALTH" services are defin ined as:

Telehealth Services for Speech, Occupational, and Physical Therapy Related to COVID-19 March 27, , 2020 "TELEHEALTH" services are defin ined as: Health-care services, other than telemedicine medical services, delivered by a health

443 views • 8 slides
Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS

Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS

Town of Burlington Network Infrastructure/Enterprise Security Solutions Fiscal Year 2021 MIS Department Capital Improvements to be funded Project #1 Project #2 5-Year Network Infrastructure plan 5-Year Enterprise Security Solution Total

399 views • 13 slides

More recommend