hipaa privacy policies amp procedures
play

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral - PowerPoint PPT Presentation

Jan 29, 2023 •569 likes •1.19k views

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the removal of individual

  1. HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012

  2. HIPAA Humor (North Dakota Dept of Health) 2 � HIPAA-Ectomy - the removal of individual identifiable health information from records � HIPAA-Glycemia – a low level of understanding of the HIPAA regulations � HIPAA-Phobia – a morbid fear of HIPAA regulations � HIPAA-Thermia – the unexplained chill that is running down the back of anyone associated with HIPAA

  3. Please Note: 3 � This summary/overview is not intended to be comprehensive. � You must: � Review our complete policies & procedures referenced later within this presentation; � Consult with the agency’s privacy officer for guidance/clarification on specific HIPAA-related issues. � When in doubt – ASK!

  4. Federal Health Information Privacy & Security Provisions include: 4 � Privacy Rules – effective since April 14, 2003, to: � Keep protected health information (PHI) confidential, and � Discipline individuals who fail to keep patient information confidential � Security Rules – effective since April 21, 2005, to: � Ensure the confidentiality, integrity, and availability of all electronic protected health information, and � Ensure compliance by the workforce

  5. Privacy & Virginia Laws 5 � In addition to federal laws, the Code of Virginia also addresses health privacy laws. � Many provisions are found in sections 32.1-127.1:03 and 32.7- 121.1:04. � There are also other Code sections that may impact health information privacy in specific circumstances. � The Virginia Human Rights regulations also include privacy protections for individual health information. � The Office of the Attorney General works with the Privacy Officer to clarify when federal preemptions may apply, and when state laws provide more stringent privacy protections.

  6. Goals of HIPAA 6 � Strike a balance between government interest in health information and individual rights to maintain control � Allow individuals more control over their personal health information � Impose accountability for breaches of confidentiality or security � Set boundaries for providers regarding patient’s privacy and confidentiality � Require safeguards to protect against reasonably anticipated unauthorized uses or disclosures of health information � Encourage use of electronic record-keeping systems for health data, while protecting against reasonably anticipated threats or hazards to the security or integrity of the information

  7. Privacy & Security Rules Are Necessary because… 7 � Look at some recent headlines : � “Identity Theft is America’s fastest growing crime” � “Hospital fires employees for leaking VIP info to media” � “Hackers steal tens of thousands of ID numbers from popular websites…” � “Contract employees accused of stealing PHI” � “Personal info being collected and sold (using telephone numbers)” � “Internet connects sperm donors with offspring.”

  8. Privacy & Security Officials 8 � Denise A. Dunn – Chief Privacy Officer � Central Office Room 1134 � 804-371-2181 � John Willinger – Department Acting Security Officer � Central Office Room 511 � 804-786-4143

  9. All Staff Must Review the DBHDS Privacy Provisions 9 � Our Privacy, Policies & Procedures for the Use and Disclosure of Protected Health Information … � consist of ten subject-specific chapters with more detailed requirements for workforce compliance with HIPAA and related confidentiality rules & regulations � Go to CODIE, click on Instructions and Policies � Scroll to and click on DI 1001 (PHI)03

  10. Safeguarding Private Information Is Everyone’s Responsibility at DBHDS 10 � If you have access to any patient or personal information in any format, you are responsible for keeping it safe and confidential. � There are consequences for individuals who violate privacy of security regulations. � Consequences may include disciplinary actions as well as civil and criminal penalties.

  11. Bottom Line – Privacy is Just Good Customer Service 11 � Keeping each individual’s best interests first, � While striving to preserve their privacy rights. � … and then it’s good Record Management: � Keeping records accessible, but safe and secure at the same time, while � Preserving the integrity of each record.

  12. How Do Individuals Know What Their Privacy Rights Are? 12 � The DBHDS Notice of Privacy Practices must be given to each individual upon admission into our system. It is posted on our website, and tells them how: � PHI may be used or disclosed by the care provider � To access their personal medical records � To request to correct their records if they appear incorrect � To request alternative communications of their medical information that are more confidential � To request restrictions on release of personal health information � To request an accounting of certain disclosures of personal health information � To object to certain disclosures of personal health information

  13. Let’s Think About It… 13 Mrs. Brown calls her husband’s physician and asks for his lab test results. She says that Mr. Brown is at work and asked her to call. The test results are positive for a sexually transmitted disease. The physician declines to give the results to Mrs. Brown and asks her to get her husband to call personally for the lab results. Mrs. Brown is irate and states “HIPAA laws say you can share health information with a family member.” Who is right in this case? � Mrs. Brown � The Physician

  14. 14 � The Physician

  15. So What Is PHI? 15 � PHI (Protected Health Information) = any health information that links an identifiable person with his or her health condition. � Some identifiers include: � Names � Dates � Numbers � Addresses � Graphics � Every identifier listed in the HIPAA regulations is outlined in DI 1001 (PHI)03

  16. PHI Comes In All Kinds of Formats 16 � Paper or “hard-copy”: records, labels, correspondence � Electronic: computerized, digitized, video, audio � Communications: verbal, sign language, etc. If all the identifiers are removed, the information is no longer PHI… � It is de-identified

  17. General Rule Regarding PHI 17 PHI may not be used or disclosed except as permitted or required by law

  18. Required PHI Disclosures … 18 � To the individual who is the subject of the PHI – when requested � When required by the Secretary of Health and Human Services

  19. Permitted PHI Disclosures … 19 � To the individual who is the subject of the PHI � For treatment, payment and healthcare operations ( TPO ) as defined by the HIPAA regulations � As otherwise permitted or agreed (in keeping with HIPAA regulations) � As AUTHORIZED by the individual or their legal representative

  20. Treatment Defined (45 CFR 164.506) 20 � The provision, coordination, or management of health care and related services among health care providers or by a health care provider and a third party, consultation between health care providers regarding a patient, or the referral of a patient from one health care provider to another

  21. Payment Defined (45 CFR 164.501) 21 � The various activities of health care providers to obtain payment or be reimbursed for their services…

  22. Health care operations (45 CFR 164.501) 22 � Certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment…

  23. PHI Uses & Disclosures – When No Authorization Required … 23 � Uses & disclosures required by law � Uses & disclosures for public health activities � Disclosures about victims of abuse, neglect, or domestic violence to law enforcement and other appropriate authorities & officials � Uses & disclosures for legally authorized health oversight activities

  24. PHI Uses & Disclosures – When No Authorization Required … 24 � Disclosures for Judicial and Administrative Proceedings � Court orders � Subpoenas � Disclosures for law enforcement purposes

  25. PHI Uses & Disclosures – When No Authorization Required … 25 � Uses & disclosures about decedents � Coroners, medical examiners, funeral directors � Uses & disclosures for organ donation purposes � Uses & Disclosures for certain research purposes

  26. PHI Uses & Disclosures – When No Authorization Required 26 � Uses & disclosures to avert a serious threat to health or safety � Uses & disclosures for specialized government functions (i.e. coordination of agency benefits for same or similar populations) � Disclosures for workers’ compensation purposes

  27. Uses & Disclosures When Authorization IS REQUIRED… 27 � For all uses and disclosures not expressly permitted, or not expressly identified as requiring no authorization

  28. Minimum Necessary Rule 28 � When using, disclosing or requesting PHI.. � We must make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure or request

  29. When Minimum Necessary Rule Does NOT Apply … 29 � Disclosure to or requests by providers for treatment � Uses or disclosures made to the individual � Uses or disclosures made pursuant to an authorization

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it

HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it

HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it from DUMATEK ! Get you HIPAA Security P&P and CND here! ONLY $5040.00 This solution becomes ongoing and proprietary to your company. HIPAA

107 views • 10 slides
Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau Chief, Information Security and Technology 1 What is HIPAA? 2 HIPAA What: Health Insurance Portability and How: Congress mandated the establishment

444 views • 9 slides
HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

Presenting a live 90-minute webinar with interactive Q&A HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and Security Compliance TUESDAY, FEBRUARY 5, 2013 1pm Eastern | 12pm Central | 11am

793 views • 53 slides
Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to obtaining a persons medical records for court proceedings and law enforcement purposes. A) Entities covered by HIPAA The medical records of a patient

405 views • 6 slides
HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

Presenting a live 90 minute webinar with interactive Q&A HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data Security Policies and Responding to Breaches THURS DAY, MAY 5, 2011 1pm Eastern

836 views • 56 slides
HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

575 views • 33 slides
Hearing Policies & Procedures Proposal 1 Todays Hearing Policies and Procedures

Hearing Policies & Procedures Proposal 1 Todays Hearing Policies and Procedures

Excise and Licenses Hearing Policies & Procedures Proposal 1 Todays Hearing Policies and Procedures Genera ral g l guideli lines f for how EXL c L conducts h heari ring p procedure res, , decisio sions a s and other s

539 views • 21 slides
Managing Policies, Procedures and Guidelines Policies, Procedures and Guidelines Project Group

Managing Policies, Procedures and Guidelines Policies, Procedures and Guidelines Project Group

Managing Policies, Procedures and Guidelines Policies, Procedures and Guidelines Project Group Project Planning What are we trying to accomplish? Greater engagement of library services in the management of organisational policies, procedures

528 views • 20 slides
DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The

DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The

DATA SHARING & BREACH PROTOCOLS UNDER THE FINAL HIPAA PRIVACY RULE I. INTRODUCTION: The Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification provisions apply to three types of entities, which are known as

111 views • 7 slides
New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director,

New Employee Orientation HIPAA Privacy Marcia Matthias, MJ, RHIA, CHPC Corporate Director, Health Information/Privacy Officer Definitions HIPAA Health Insurance Portability and Accountability Act PHI Protected Health

660 views • 35 slides
Administrative Administrative Policies and Procedures Policies and Procedures Deb Bartlett

Administrative Administrative Policies and Procedures Policies and Procedures Deb Bartlett

WA S H I N G T O N S T AT E U N I V E R S I T Y Administrative Administrative Policies and Procedures Policies and Procedures Deb Bartlett dbartl@wsu.edu Joy Faerber faerber@wsu.edu Office of Procedures, Records, and Forms Revised May

255 views • 24 slides
Administrative Administrative Policies and Procedures Policies and Procedures Deb Bartlett

Administrative Administrative Policies and Procedures Policies and Procedures Deb Bartlett

10/2/2017 WA S H I N G T O N S T AT E U N I V E R S I T Y Administrative Administrative Policies and Procedures Policies and Procedures Deb Bartlett dbartl@wsu.edu Joy Faerber faerber@wsu.edu Office of Procedures, Records, and Forms

266 views • 22 slides
Conclusion Announcements Society Privacy Policies and Laws 4 Privacy Policies and Laws Mark

Conclusion Announcements Society Privacy Policies and Laws 4 Privacy Policies and Laws Mark

Conclusion Announcements Society Privacy Policies and Laws 4 Privacy Policies and Laws Mark Zuckerberg in San Francisco, January 8, 2010 "People have really gotten comfortable not only sharing more information and different kinds, but

352 views • 21 slides
HIPAA, Privacy, Confidentiality, Reasonable Safeguards of Information & 42 CFR Part 2

HIPAA, Privacy, Confidentiality, Reasonable Safeguards of Information & 42 CFR Part 2

HIPAA, Privacy, Confidentiality, Reasonable Safeguards of Information & 42 CFR Part 2 Presented to BHH ASOC Committee on 09/17/15 Patrick Garcia, MSW, MPA Mary Harnish, MFT, Dr. Noel M. Panlilio Compliance Officer Administration Division

674 views • 35 slides
Safety & Confidentiality Presentation The objectives of this presentation are to: *

Safety & Confidentiality Presentation The objectives of this presentation are to: *

Safety & Confidentiality Presentation The objectives of this presentation are to: * Familiarize you with basic safety precautions at VUMC *Familiarize you with HIPAA Basics and Privacy Policies HIPAA Basics Vanderbilt University Medical

1.33k views • 33 slides
Using s'cklebacks to illustrate important concepts in evolu'on

Using s'cklebacks to illustrate important concepts in evolu'on

Using s'cklebacks to illustrate important concepts in evolu'on Alison Bell Plan for today Lecture on parallel evolu'on in s'cklebacks Watch

629 views • 25 slides
#WeHelpED What is Ectodermal Dysplasia? Supporting a normal lifestyle Katie Price #DontSweatIt

#WeHelpED What is Ectodermal Dysplasia? Supporting a normal lifestyle Katie Price #DontSweatIt

#WeHelpED What is Ectodermal Dysplasia? Supporting a normal lifestyle Katie Price #DontSweatIt Katie Price #DontSweatIt Clara Murphy #HowToHelp Clara Murphy #HowToHelp Dylan Wert #EDucate Dylan Wert #EDucate Dylan Wert #EDucate

399 views • 15 slides
A Transcriptomic Comparison of Late- Ripening Cabernet Sauvignon Berry Skins from Bordeaux and

A Transcriptomic Comparison of Late- Ripening Cabernet Sauvignon Berry Skins from Bordeaux and

A Transcriptomic Comparison of Late- Ripening Cabernet Sauvignon Berry Skins from Bordeaux and Reno Grant R. Cramer Department of Biochemistry and Molecular Biology University of Nevada, Reno Talk Outline Experimental conditions

322 views • 10 slides
Biology-Driven Clustering of Microarray Data Applications to the NCI60 Data Set K.R. Coombes,

Biology-Driven Clustering of Microarray Data Applications to the NCI60 Data Set K.R. Coombes,

Biology-Driven Clustering of Microarray Data Applications to the NCI60 Data Set K.R. Coombes, K.A. Baggerly, D.N. Stivers, J. Wang, D. Gold, H.G. Sung, and S.J. Lee Introduction Microarray data is more than a large, unstructured matrix.

670 views • 25 slides
Sheep scab - developing resistance Sian Mitchell BVMS, PhD, Dip EVPC, Dip ECSRHM, MRCVS APHA

Sheep scab - developing resistance Sian Mitchell BVMS, PhD, Dip EVPC, Dip ECSRHM, MRCVS APHA

Sheep scab - developing resistance Sian Mitchell BVMS, PhD, Dip EVPC, Dip ECSRHM, MRCVS APHA Carmarthen Veterinary Investigation Centre and APHA Centre of Expertise in Extensively Managed Livestock Sheep scab- developing resistance

368 views • 21 slides
Canadian Assisted Reproductive Technologies Register Plus (CARTR Plus) Canadian Fertility and

Canadian Assisted Reproductive Technologies Register Plus (CARTR Plus) Canadian Fertility and

Canadian Assisted Reproductive Technologies Register Plus (CARTR Plus) Canadian Fertility and Andrology Society 62 nd Annual Meeting Toronto September 22-24, 2016 1 CARTR Plus presentation outline All ART treatment cycles 20112015

1.38k views • 103 slides
Cell-based therapies for cardiac repair NON-CLINICAL ASPECTS Presented by: Beuneu Claire

Cell-based therapies for cardiac repair NON-CLINICAL ASPECTS Presented by: Beuneu Claire

Cell-based therapies for cardiac repair NON-CLINICAL ASPECTS Presented by: Beuneu Claire CAT-DGTI-GSCN Workshop, 11 September 2014, Dresden An agency of the European Union Drug development Pre-marketing development Post-marketing Basic

925 views • 14 slides
The occupational safety and health ( OSH) of cleaning w orkers FPS Em ploym ent Brussels, 2 -3

The occupational safety and health ( OSH) of cleaning w orkers FPS Em ploym ent Brussels, 2 -3

The occupational safety and health ( OSH) of cleaning w orkers FPS Em ploym ent Brussels, 2 -3 Decem ber 2 0 0 9 Terry N Taylor Head of Working Environment Information Unit Emmanuelle Brun Project Manager European Risk Observatory

394 views • 25 slides

More recommend