ROCHESTER - PowerPoint PPT Presentation

1 / 23

About This Presentation

Title:

ROCHESTER

Description:

... United Memorial Medical Center became ... response and resolution of privacy events that arise from their area of responsibility Liaison is ... – PowerPoint PPT presentation

Number of Views:98

Avg rating:3.0/5.0

Slides: 24

Provided by: Tany108

Category:

more less

Transcript and Presenter's Notes

Title: ROCHESTER

1
ROCHESTER REGIONAL HEALTH

Developing a Privacy Program for a Merged Health
System
Elizabeth (Lisa) Wild, RHIA, CHPS
Manager of the Privacy Program

2
ROCHESTER REGIONAL HEALTH
An Integrated Health System Committed to Caring
for the Community
3
ROCHESTER REGIONAL HEALTH
Bringing Care To The Community
4
Rochester Regional HealthMerger History

July 2014 Unity Health System and Rochester
General Health System became affiliates and
formed Rochester Regional Health System
January 2015 United Memorial Medical Center
became an affiliate of Rochester Regional Health
System
April 2015 Clifton Springs Hospital became an
affiliate of Rochester Regional Health System
August 2015 Name change to

5
Health Insurance Portability and Accountability
Act of 1996

Why was the Privacy Program created?
To standardize, educate, and monitor policies and
procedures across the continuum of Rochester
Regional Health to assure that individuals
health information is properly protected and
supporting the flow of health information needed
to provide high quality health care and to
protect the public's health and well being.

6
45 CFR 164.530(a)(1)(i)

Privacy Personnel A covered entity must
designate a privacy official responsible for
developing and implementing its privacy policies
and procedures, and a contact person or contact
office responsible for receiving complaints and
providing individuals with information on the
covered entitys privacy practices
Cited source http//www.hhs.gov/hipaa/for-profes
sionals/privacy/laws-regulations

7
Privacy Program Organizational Chart
Privacy Council
8
Privacy Council
9
Purpose

The Rochester Regional Health (RRH) Privacy
Council will guide and develop the Rochester
Regional Health Privacy Program.
The Program fosters a culture of privacy and
security compliance to strengthen and further
demonstrate RRHs commitment to appropriately
safeguard the privacy of each individuals health
information.
The Privacy Council shall oversee all ongoing
activities related to the development,
implementation and maintenance of the RRH privacy
policies in accordance with applicable federal
and state laws.

10
Charter

Purpose / Focus Areas
Develop a comprehensive privacy program that
defines, develops, maintains and implements
policies and processes that enable consistent,
effective privacy practices for all RRH
affiliates. Ensure privacy, policies, standards,
and procedures are uniform and up-to-date.
Develop a communication strategy and training
program to provide ongoing workforce member
communications on our policies and procedures
related to the use and disclosure of protected
health information (PHI).

11
Charter

Purpose / Focus Areas
Collaborate with the information security officer
to ensure alignment between security and privacy
programs.
Establish a consolidated, ongoing breach and
event reporting process to track, investigate and
report inappropriate access and disclosure of
PHI. Monitor required breach determination and
notification processes under HIPAA. Monitor
patterns of inappropriate access and/or
disclosure of PHI and recommend process and
policy changes.

12
Charter

Purpose / Focus Areas
Establish and enforce accountability for use and
disclosure of PHI. Recognize workforce members
when they demonstrate good privacy and security
practices. Assist in creating a culture where
our workforce members will promptly inform their
supervisors as well as the Privacy Officer and/or
Security Officer when privacy and/or security
risks are identified.
Oversee periodic privacy risk assessment/analysis,
mitigation and remediation.

13
Charter

Purpose / Focus Areas
Assist in the analysis of breach and event data
and recommend program improvements, new or
revised policies and/or education and training
programs to reduce future events.
Participates in the development, implementation,
and ongoing compliance monitoring of all business
associates and business associate agreements, to
ensure all privacy concerns, requirements, and
responsibilities are addressed.

14
Charter

Purpose / Focus Areas
Ensure that patient rights to inspect, amend, and
request access restriction to protected health
information is managed following RRH procedure
and within required timeframes.
Define and establish a process for investigating
and acting on privacy and security complaints.

15
Privacy Council Members Responsibilities

Provide support to ensure that the RRH Privacy
Program is implemented uniformly across the
system
Assist the Privacy Department by highlighting the
importance of annual education and training for
employees and ongoing improvement of procedures
that promote effective communication concerning
the plan
Promote reporting of suspected inappropriate
access to the Privacy Department
Analyze the legal/regulatory requirements with
which RRH must comply and help identify risk
areas
Disseminate educational and training material
Participate and assist in the creation of Privacy
Program subcommittees where appropriate and
report such activities directly to RRH Privacy
Officer

16
RRH Privacy Liaisons
17
Privacy Liaison Responsibilities

Each facility/site based Liaison will coordinate
overall investigation, response and resolution of
privacy events that arise from their area of
responsibility
Liaison is involved with breach and event data
collection and reporting
Liaison reviews and follows up on routine audit
findings
Participates in weekly teleconferences to review
and score Risk Assessments
Promotes and monitors Privacy compliance in their
area

18
Accomplishments and Actions Taken