WHAT%20IS%20HIPAA%20AND%20HOW%20TO%20COMPLY%20WITH%20IT?

1
WHAT IS HIPAA AND HOW TO COMPLY WITH IT?

• Health Insurance Portability and Accountability
  Act of 1996

2
WHAT IS HIPAA?

• HIPAA stands for Health Insurance Portability and
  Accountability Act, a federal law enacted in 1996
  to help employees maintain health insurance when
  they move to a different job, and to receive
  health insurance regardless of preexisting
  conditions.

3
What is HIPAAcontinued

• The newest part of HIPAA also ensures privacy for
  patients and their health information.
•  
• Covered entities include any health care
  provider, health care clearing house, and health
  care plans.

4
LMC AND HIPAA

• LMC is dedicated to maintaining patient privacy
  and securing any protected health information
  (PHI) from inappropriate use or disclosure.
• This presentation is intended to introduce you to
  HIPAA and to the general guideline to help you
  implement these requirements in your job.

5
HIPAA RIGHTS AND RESPONSIBILITIES

• Every patient will be given a Notice of Privacy
  Practices (NPP) at the first point of service
  delivery from LMC. The NPP will inform patients
  of their privacy rights. These rights include
• The right to restrict certain release of
  information, which the patient can revoke or
  change at any time. The patient may request that
  their name not be included on the general
  registry.
• The right to request confidential communications.
  Examples would include having their medical
  information mailed to an alternate address, or
  contacting them at an alternate phone number.

6
PATIENTS RIGHTS continued

• The right to receive a paper copy of the Notice
  of Privacy Practices (NPP).
• The right to amend protected health information
  (PHI) through a request to the Privacy Officer.
• The right to an accounting of disclosures or
  releases done without patient authorization.
  Examples include disease reporting and animal
  bite reporting.
• The right to inspect and copy, and to obtain a
  copy of their medical record.

7
WHO DOES THE PATIENT GO TO FOR THESE SERVICES?

• Most of these restrictions can be handled by each
  department. For those requests that cannot,
  contact the LMC Privacy Officer
• George Evans
• Director of Information Services
• 803-936-8235
• Email LMCprivacyofficer_at_lexhealth.org

8
WHO does HIPAA cover and protect?

• HIPAA covers all PATIENTS and their protected
  health information (PHI).
• HIPAA covers ANYONE who deals with patients or
  their protected health information.
• HIPAA covers any ORGANIZATION and their BUSINESS
  ASSOCIATES who deal with patients and/or their
  protected health information

9
THE PATIENT JOURNEY AND HIPAA

• At every point where we come in contact with the
  patient or with protected health information, we
  must each do our part to maintain privacy.
• Think of the journey of a patient through the
  LMC system

10
WHERE DO WE INTERACT WITH THE PATIENT?

• Registration/scheduling process
• Waiting area
• Treatment area
• During transport
• Billing inquiry requests

11
PASSWORD PROTECTION PLAN

• PASSWORD DOS AND DONTS
• DO protect your password
• DO use good password choices
• DO change your password if you feel it has been
  violated
• DONT share your password with anyone
• DONT use anyone elses password
• DONT work under anyone elses password
• DONT leave passwords displayed on keyboards or
  monitors

12
COMPUTER SECURITY

• Each user is responsible for maintaining the
  integrity of his or her computer password.
• Your password is linked to you.
• Protect yourself by protecting your password.

13
Computer Security What is the difference
between privacy and security?

• Privacy refers to WHAT is protected
• Health information about an individual, and the
  determination of WHO is permitted to use or
  disclose or access the information, is protected.
• Security refers to HOW private information is
  safeguarded
• Privacy is ensured by controlling access to
  information and protecting it from inappropriate
  disclosure and accidental or intentional
  destruction or loss.

14
Privacy/Security Issues Types of Violations of
HIPAA

• Accidentally releasing patient information to a
  non-intended recipient. Examples include
  discussing patient information in public
  location.
• Accessing a patient record without a legitimate
  business need to know
• Using another persons user ID.
• Allowing another employee to access LMC
  information systems with my password.
• Failure to log off when leaving station, allowing
  unattended and unauthorized access.
• Purposeful break in Confidentiality Agreement.

15
Ask Yourself this Question

• Before accessing protected health information
• Do I have a business need to know?

16
Who can lodge a complaint?

• Privacy related complaints may be made by
• Patients
• Family members
• Visitors
• Anyone

17
Where can people make complaints?

• Secretary of Department of Health and Human
  Services (federal government)
• LMC Privacy Officer
• NOTE All privacy-related complaints handled by
  LMC staff must be forwarded to the LMC Privacy
  Officer for tracking purposes according to the
  law.

18
What are LMC Privacy Policies and Where Can I
Find Them?

• The LMC Privacy Policies are
• Protected Health Information
• Privacy Compliance
• Notice of Privacy Practices
• Business Associates
• Patient Complaints and Grievances
• These policies may be viewed as needed upon
  arrival to Lexington Medical Center via access to
  the Intranet

19
Heres the situation. What would you do?

• You notice that your department has a broken
  computer that can no longer be used. What should
  you do?
• Call Help Desk at 2022 so they can pick up the
  computer.
• Take computer and have it repaired and then take
  it home.
• Throw it in the dumpster.

Press enter to see answer
Correct Answer 1. Call Help Desk at 2022 so
they can pick up the computer.
20
What would you do?

• You have printed too many copies of a document
  containing PHI. What should you do with the extra
  copies?
• Throw copies in the nearest waste basket.
• Shred copies and throw them away.
• Dispose of copies in locked recycle bin.

Press enter to see answer
Correct Answer 3. Dispose of copies in locked
recycle bin.
21
What would you do?

• Your friend is having lab work done today. She
  contacts you at work and requests that you access
  her lab results on the computer and let her know
  the outcome. What should you do?

1. Look up her labs and call her back with her
   results.
2. Do not look up her labs. Tell her to contact her
   physician for the results.

Press enter to see answer

• Correct Answer
• Do not look up her labs. Tell her to contact her
  physician for the results.

22
What would you do?

• A Mayday is called for ICU Bed 1. You are
  concerned about a coworker who was admitted to
  ICU during the night. It is OK for you to access
  the patient record online to see if this is your
  coworker. 
• True
• False

Press enter to see answer

• Correct Answer
• False. It is NOT OK for you to access the patient
  record online to see if this is your coworker. 

23
What would you do?

• You see a well-known local football coach waiting
  in the ED with his family. He is also a family
  friend. You are concerned. What should you do?

1. Go online and search for medical information
   pertaining to your friend and or his family
   member.
2. Ask a co-worker why this family is here.
3. Say hello to your friend and respect their right
   to privacy.

Press enter to see answer
Correct Answer 3. Say hello to your friend and
respect their right to privacy.
24
What is HIPAA?

• Health Insurance Portability and Accountability
  Act
• Health Insurance Privacy and Authorization Act
• Health Insurance Procurement Action Act

Health Insurance Portability and Accountability
Act
Press enter to see answer
25
True or False ?
Press enter to see answer

• The following indicators are considered PHI
  (protected health information)
• Patients name
• Patients date of birth
• Patients diagnosis
• Patients visit or account number for billing
  purposes
• Patients social security number
• Patients billing information

Correct Answer True. Any individual
identifiable health information is considered
PHI.
26
HIPAA Reminders

• Be aware of  WHERE you discuss patient
  information
• SHRED paper containing PHI
• LOG OFF computer  before you walk  away
• Do not access PHI in any medium unless  you have
  the RIGHT OR NEED TO KNOW
• DO NOT SHARE your computer LOGIN or password
• KEEP patient RECORDS  in SECURE location

27
THIS IS SERIOUS CIVIL AND CRIMINAL PENALTIES

• CAN BE APPLIED TO INDIVIDUALS OR ORGANIATION

• 100.00 per violation, not to exceed 25,000 per
  violation per person or incident
• 50,000 and up to one year in prison for
  knowingly obtaining or disclosing individual
  identifiable health information (IIHI) illegally
• 100,000 and up to 5 years in prison if done
  under false pretenses.
• 250,000 and up to ten years in prison if done
  with the intent to sell, transfer, or use for
  commercial advantage, personal gain or malicious
  harm.

28
How to get more information on HIPAA

• Ask your supervisor or director
• Go to

• Contact George Evans, Director of Information
  Services LMC Privacy Officer or
• Contact Tammy Grubbs in Information Services
• Both can be reached at 803-936-8235
• or via email LMCPrivacyOfficer_at_lexhealth.org

29
DOCUMENTATION OF TRAINING

• Your clinical rotation group will be asked to
  sign a HIPAA Training Confirmation Form along
  with a Confidentiality Acknowledgement upon
  arrival to clinical areas.