![Page 1: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/1.jpg)
HIPAA Training Presentationfor New Employees
How did we get here?
HIPAAPolice
1
![Page 2: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/2.jpg)
2
Goals of this sessionTo answer the following question:
• What is HIPAA?• What is HIPAA?
Health Insurance Portability and Accountability Act
(HIPAA) 1996
![Page 3: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/3.jpg)
3
Portable health
insurance
1992
The Origin of HIPAA
+
![Page 4: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/4.jpg)
4
Portability Enable people to easily change from one health insurance plan to another when changing jobs or becoming unemployed
AccountabilityEnable federal government to increase authority for fraud enforcement
Administrative Includes patient privacy, confidentiality and security of health information
H
IP
AA
Health Insurance Portability andAccountability Act 1996
Our Focus:
![Page 5: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/5.jpg)
5
HIPAA Privacy Rule
Privacy Rule
Accountabilit
y
Privacy Rul e
Accountabilit
y
Porta
bilit
y
Our Focus:
![Page 6: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/6.jpg)
6
HIPAA Privacy Rule
Enacted to:¨ increase the privacy protection of health
information identifying individuals who are living or deceased
![Page 7: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/7.jpg)
7
What does HIPAA require?
• Use patient information for Treatment, Payment and routine business Operations (TPO) only
• Limit access to patient information to Minimum Necessary to perform job duties
• Provide patient right to view own medical record, obtain copies and request amendments
![Page 8: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/8.jpg)
8
1) You cannot access or use patients’ identifiable health information without
their knowledge and consent.
Main Principles of HIPAA Privacy Rule
2) If you learn patients’ private health information, you must keep it
confidential.
![Page 9: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/9.jpg)
9
Implications for you
Privacy Rule As a patient
As an employee
![Page 10: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/10.jpg)
10
Goals of this sessionTo answer the following question:
• What is HIPAA?
• How does it affect me as a patient?
![Page 11: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/11.jpg)
11
Your rights as a patient
¨ You have the right to view your own medical record, obtain copies and request amendments
¨ You have the right to receive notification as to how healthcare providers use your information
¨ You have to provide authorization for uses other than Treatment, Payment or routine business Operations
¨ You have the right to rescind that authorization
![Page 12: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/12.jpg)
12
Goals of this sessionTo answer the following questions:
• What is HIPAA?
• How does it affect me as a patient?
• How does it affect me as an employee?
![Page 13: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/13.jpg)
13
Milton S. Hershey Medical Center and College of Medicine are Covered Entities under HIPAA
![Page 14: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/14.jpg)
14
Covered Entity
a health care provider
a health care
clearinghouse
a health plan
![Page 15: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/15.jpg)
15
Your obligations as an employee of a covered entity
Respect the confidentiality of patients, co-workers, and Penn State Milton S. Hershey Medical Center/College of Medicine
Keep confidential information confidential
![Page 16: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/16.jpg)
16
What is meant by “confidential information”?
• Patient healthcare and financial records
• Employee records and information
• Business or system information related to PSMSHMC/COM
![Page 17: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/17.jpg)
17
Obligations of the employee
• All MSHMC/PSCOM employees are expected to follow the terms of the HMC Privacy Notice.
http://www.hmc.psu.edu/visitors/privacynotice.pdf
![Page 18: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/18.jpg)
18
• Failure to follow the terms of the Privacy Notice will result in disciplinary action, including termination, expulsion, and possible pursuit of legal action!
• Signing and adhering to the conditions of the Confidentiality Statement are conditions of employment
• Report violations to Privacy Officer, Jim Bifano, x8059
Obligations of the employee
![Page 19: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/19.jpg)
19
Special considerations for electronic communications
• Follow security policies on Infonet.• Keep your passwords private, hidden.• Do not open email of unknown origin.• Confirm e-mail address prior to sending.• Maintain current anti-virus software.• Report violations or concerns to:
Information Security OfficerMatt Weber x5904
![Page 20: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/20.jpg)
20
How does this affect my work as an employee in Public Health Sciences?
I don't treat
patients!
![Page 21: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/21.jpg)
21
Train future researchers
PHS
Design, conduct, and support research
![Page 22: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/22.jpg)
22
HIPAA and Research
• Privacy Rule not originally enacted to regulate research; Code of Federal Regulations in place
• HIPAA does not apply to health information collected by a basic scientist solely for research purposes.
• Adoption of a common set of standards for patients and clinical research subjects
• Research at CoM treated the same as patient care with regard to privacy and confidentiality
• Oversight by the Human Subjects Protection Office
![Page 23: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/23.jpg)
23
HIPAA Privacy Rule: Definitions
What is protected health information (PHI)?Any information created or received by a healthcare provider related to past, present, or future physical or mental health condition of an individual.Examples: history of cardiovascular
disease, measles, psychiatric illness,...
![Page 24: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/24.jpg)
24
HIPAA Privacy Rule
Enacted to increase the privacy protection of health information of identifiable individuals who are living or deceased
![Page 25: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/25.jpg)
25
Protection of Health Information Identifying Individuals
Health Information +
Identifier
Protected Health Information (PHI)
Subject to Privacy Rule
![Page 26: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/26.jpg)
26
What is meant by “identifier”?
![Page 27: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/27.jpg)
27
Individual Identifiers
1. Names 2. All geographic subdivisions smaller than a State• street address• city• county• precinct• zip code
![Page 28: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/28.jpg)
28
Individual Identifiers (continued)
3. All elements of dates (except year):• birth date• admission date• discharge date• date of death
All elements of datesfor ages over 89
![Page 29: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/29.jpg)
29
Individual Identifiers (continued)
4. Telephone number5. Fax number6. Email address7. Social security #8. Medical Record
Number9. Health plan
beneficiary #
![Page 30: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/30.jpg)
30
Individual Identifiers (continued)
10. Account numbers
11.Certificate/license #s
12.Vehicle identifiers and serial #s, including license plates
13. Device identifiers & serial #s
![Page 31: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/31.jpg)
31
Individual Identifiers (continued)
14. Web Universal Resource Locators (URLs)
15. Internet Protocol (IP) address #s16. Finger & voice prints17. Full face photos18. Any other unique identifying
number, characteristic, or code
![Page 32: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/32.jpg)
32
Breakdowns in Confidentiality
• Accessing PHI not directly related to your job
• Leaving confidential information unattended
• Conversations in public areas• Sending confidential information
unsecured • Co-mingling of confidential and general
information• Improper disposal of confidential
records, both paper and electronic
![Page 33: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/33.jpg)
33
Implications of Privacy Rule For investigators
Does the study involve health information about human subjects?
Does the study involve health information
about human subjects?
![Page 34: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/34.jpg)
34
HIPAA algorithm
![Page 35: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/35.jpg)
35
HIPAA algorithm
Does the study involve health information about human subjects?
No
![Page 36: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/36.jpg)
36
HIPAA algorithm
Does the study involve health information about human subjects?
No
No HIPAA issues
![Page 37: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/37.jpg)
37
HIPAA algorithm
Does the study involve health information about human subjects?
Yes No
No HIPAA issues
![Page 38: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/38.jpg)
38
HIPAA algorithm
Does the study involve health information about human subjects?
Yes No
No HIPAA issuesAre any of the18 identifiers present?
![Page 39: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/39.jpg)
39
HIPAA algorithm
Does the study involve health information about human subjects?
Yes No
No HIPAA issuesAre any of the18 identifiers present?
No
No HIPAA issues
![Page 40: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/40.jpg)
40
HIPAA algorithm
Does the study involve health information about human subjects?
Yes No
No HIPAA issuesAre any of the18 identifiers present?
No
No HIPAA issues
Yes
![Page 41: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/41.jpg)
41
HIPAA algorithm
Does the study involve health information about human subjects?
Yes No
No HIPAA issuesAre any of the18 identifiers present?
No
No HIPAA issues
Yes
HIPAA issues
![Page 42: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/42.jpg)
42
HIPAA algorithm
Does the study involve health information about human subjects?
Yes No
No HIPAA issuesAre any of the18 identifiers present?
No
No HIPAA issues
Yes
HIPAA issues
![Page 43: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/43.jpg)
43
What does this mean to investigators?
Health information + Identifier
![Page 44: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/44.jpg)
44
What does this mean to investigators?
Does the study involve living human subjects?Health information + Identifier
![Page 45: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/45.jpg)
45
What does this mean to investigators?
Does the study involve living human subjects?
Yes
HIPAA issues
Health information + Identifier
![Page 46: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/46.jpg)
46
What does this mean to investigators?
Does the study involve living human subjects?
Yes
HIPAA issuesUse of non-living human subjects?
No
HIPAA issues only
Health information + Identifier
![Page 47: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/47.jpg)
47
What does this mean to investigators?
Does the study involve living human subjects?
Yes
IRB and HIPAA issues
Use of non-living human subjects?
No
HIPAA issues only
Unsure?
Health information + Identifier
![Page 48: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/48.jpg)
48
Is my research subject to the Privacy Rule?
health data+
personal identifiers
health data –
personal identifiers
NOT subject toPrivacy Rule
Subject to Privacy Rule
![Page 49: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/49.jpg)
49
Quick Review
We know:• what HIPAA stands for• that the Privacy Rule of HIPAA is of utmost
concern to Milton S. Hershey Medical Center/Penn State College of Medicine
• what is meant by Confidentiality, Protected Health Information, and Identifiers
• the standards you are held to as an employee of Penn State College of Medicine
• that research at PSCoM is treated the same as patient care with respect to HIPAA regulations
![Page 50: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/50.jpg)
50
When can an investigator use PHI?
When he/she:
1. Seeks authorization from study subject to use subject’s PHI
2. Seeks waiver of authorization from HSPO
because it would be impossible to get authorization from subject
3. Uses a limited data set4. Uses data only as preparation for
research project
![Page 51: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/51.jpg)
51
Implications of Privacy Rule
• For investigators• For staff
![Page 52: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/52.jpg)
52
PHS Employees who work with PHI
Study datasets:
• What PHI is contained?
• What identifiers are contained?
• Who has access to them?
![Page 53: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/53.jpg)
53
Implications of Privacy Rule
• For investigators• For staff• For business associates
![Page 54: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/54.jpg)
54
Business Associates
Person or entity that performs certain functions which involve the use or disclosure of
Protected Health InformationE.g., pulmonary function test quality control
over-reader
In this example, certain personal identifiers are required to determine age-correct values: date of birth, date of
service
Must sign Business Associate Agreement through Purchasing
Department
![Page 55: HIPAA Training Presentation for New Employees](https://reader031.vdocuments.net/reader031/viewer/2022011718/56813b2f550346895da3fa4d/html5/thumbnails/55.jpg)
55
End of Presentation
Thank you. Thank you very much.