Title: WHAT IS HIPAA AND HOW TO COMPLY WITH IT?
1WHAT IS HIPAA AND HOW TO COMPLY WITH IT?
- Health Insurance Portability and Accountability
Act of 1996
2WHAT IS HIPAA?
- HIPAA stands for Health Insurance Portability and
Accountability Act, a federal law enacted in 1996
to help employees maintain health insurance when
they move to a different job, and to receive
health insurance regardless of preexisting
conditions.
3What is HIPAAcontinued
- The newest part of HIPAA also ensures privacy for
patients and their health information. -
- Covered entities include any health care
provider, health care clearing house, and health
care plans.
4LMC AND HIPAA
- LMC is dedicated to maintaining patient privacy
and securing any protected health information
(PHI) from inappropriate use or disclosure. - This presentation is intended to introduce you to
HIPAA and to the general guideline to help you
implement these requirements in your job.
5 HIPAA RIGHTS AND RESPONSIBILITIES
- Every patient will be given a Notice of Privacy
Practices (NPP) at the first point of service
delivery from LMC. The NPP will inform patients
of their privacy rights. These rights include - The right to restrict certain release of
information, which the patient can revoke or
change at any time. The patient may request that
their name not be included on the general
registry. - The right to request confidential communications.
Examples would include having their medical
information mailed to an alternate address, or
contacting them at an alternate phone number.
6PATIENTS RIGHTS continued
- The right to receive a paper copy of the Notice
of Privacy Practices (NPP). - The right to amend protected health information
(PHI) through a request to the Privacy Officer. - The right to an accounting of disclosures or
releases done without patient authorization.
Examples include disease reporting and animal
bite reporting. - The right to inspect and copy, and to obtain a
copy of their medical record.
7WHO DOES THE PATIENT GO TO FOR THESE SERVICES?
- Most of these restrictions can be handled by each
department. For those requests that cannot,
contact the LMC Privacy Officer - George Evans
- Director of Information Services
- 803-936-8235
- Email LMCprivacyofficer_at_lexhealth.org
8 WHO does HIPAA cover and protect?
- HIPAA covers all PATIENTS and their protected
health information (PHI). - HIPAA covers ANYONE who deals with patients or
their protected health information. - HIPAA covers any ORGANIZATION and their BUSINESS
ASSOCIATES who deal with patients and/or their
protected health information
9 THE PATIENT JOURNEY AND HIPAA
- At every point where we come in contact with the
patient or with protected health information, we
must each do our part to maintain privacy. - Think of the journey of a patient through the
LMC system
10WHERE DO WE INTERACT WITH THE PATIENT?
- Registration/scheduling process
- Waiting area
- Treatment area
- During transport
- Billing inquiry requests
11PASSWORD PROTECTION PLAN
- PASSWORD DOS AND DONTS
- DO protect your password
- DO use good password choices
- DO change your password if you feel it has been
violated - DONT share your password with anyone
- DONT use anyone elses password
- DONT work under anyone elses password
- DONT leave passwords displayed on keyboards or
monitors
12COMPUTER SECURITY
- Each user is responsible for maintaining the
integrity of his or her computer password. - Your password is linked to you.
- Protect yourself by protecting your password.
13 Computer Security What is the difference
between privacy and security?
- Privacy refers to WHAT is protected
- Health information about an individual, and the
determination of WHO is permitted to use or
disclose or access the information, is protected. - Security refers to HOW private information is
safeguarded - Privacy is ensured by controlling access to
information and protecting it from inappropriate
disclosure and accidental or intentional
destruction or loss.
14Privacy/Security Issues Types of Violations of
HIPAA
- Accidentally releasing patient information to a
non-intended recipient. Examples include
discussing patient information in public
location. - Accessing a patient record without a legitimate
business need to know - Using another persons user ID.
- Allowing another employee to access LMC
information systems with my password. - Failure to log off when leaving station, allowing
unattended and unauthorized access. - Purposeful break in Confidentiality Agreement.
15Ask Yourself this Question
- Before accessing protected health information
- Do I have a business need to know?
16Who can lodge a complaint?
- Privacy related complaints may be made by
- Patients
- Family members
- Visitors
- Anyone
17Where can people make complaints?
- Secretary of Department of Health and Human
Services (federal government) - LMC Privacy Officer
- NOTE All privacy-related complaints handled by
LMC staff must be forwarded to the LMC Privacy
Officer for tracking purposes according to the
law.
18What are LMC Privacy Policies and Where Can I
Find Them?
- The LMC Privacy Policies are
- Protected Health Information
- Privacy Compliance
- Notice of Privacy Practices
- Business Associates
- Patient Complaints and Grievances
- These policies may be viewed as needed upon
arrival to Lexington Medical Center via access to
the Intranet
19Heres the situation. What would you do?
- You notice that your department has a broken
computer that can no longer be used. What should
you do? - Call Help Desk at 2022 so they can pick up the
computer. - Take computer and have it repaired and then take
it home. - Throw it in the dumpster.
Press enter to see answer
Correct Answer 1. Call Help Desk at 2022 so
they can pick up the computer.
20What would you do?
- You have printed too many copies of a document
containing PHI. What should you do with the extra
copies? - Throw copies in the nearest waste basket.
- Shred copies and throw them away.
- Dispose of copies in locked recycle bin.
Press enter to see answer
Correct Answer 3. Dispose of copies in locked
recycle bin.
21What would you do?
- Your friend is having lab work done today. She
contacts you at work and requests that you access
her lab results on the computer and let her know
the outcome. What should you do?
- Look up her labs and call her back with her
results. - Do not look up her labs. Tell her to contact her
physician for the results.
Press enter to see answer
- Correct Answer
- Do not look up her labs. Tell her to contact her
physician for the results.
22What would you do?
- A Mayday is called for ICU Bed 1. You are
concerned about a coworker who was admitted to
ICU during the night. It is OK for you to access
the patient record online to see if this is your
coworker. - True
- False
Press enter to see answer
- Correct Answer
- False. It is NOT OK for you to access the patient
record online to see if this is your coworker.
23What would you do?
- You see a well-known local football coach waiting
in the ED with his family. He is also a family
friend. You are concerned. What should you do?
- Go online and search for medical information
pertaining to your friend and or his family
member. - Ask a co-worker why this family is here.
- Say hello to your friend and respect their right
to privacy.
Press enter to see answer
Correct Answer 3. Say hello to your friend and
respect their right to privacy.
24What is HIPAA?
- Health Insurance Portability and Accountability
Act - Health Insurance Privacy and Authorization Act
- Health Insurance Procurement Action Act
Health Insurance Portability and Accountability
Act
Press enter to see answer
25True or False ?
Press enter to see answer
- The following indicators are considered PHI
(protected health information) - Patients name
- Patients date of birth
- Patients diagnosis
- Patients visit or account number for billing
purposes - Patients social security number
- Patients billing information
Correct Answer True. Any individual
identifiable health information is considered
PHI.
26HIPAA Reminders
- Be aware of WHERE you discuss patient
information - SHRED paper containing PHI
- LOG OFF computer before you walk away
- Do not access PHI in any medium unless you have
the RIGHT OR NEED TO KNOW - DO NOT SHARE your computer LOGIN or password
- KEEP patient RECORDS in SECURE location
27THIS IS SERIOUS CIVIL AND CRIMINAL PENALTIES
- CAN BE APPLIED TO INDIVIDUALS OR ORGANIATION
- 100.00 per violation, not to exceed 25,000 per
violation per person or incident - 50,000 and up to one year in prison for
knowingly obtaining or disclosing individual
identifiable health information (IIHI) illegally - 100,000 and up to 5 years in prison if done
under false pretenses. - 250,000 and up to ten years in prison if done
with the intent to sell, transfer, or use for
commercial advantage, personal gain or malicious
harm.
28How to get more information on HIPAA
- Ask your supervisor or director
- Go to
- Contact George Evans, Director of Information
Services LMC Privacy Officer or - Contact Tammy Grubbs in Information Services
- Both can be reached at 803-936-8235
- or via email LMCPrivacyOfficer_at_lexhealth.org
29DOCUMENTATION OF TRAINING
- Your clinical rotation group will be asked to
sign a HIPAA Training Confirmation Form along
with a Confidentiality Acknowledgement upon
arrival to clinical areas.