hipaa privacy & security evms health services 2004 training
TRANSCRIPT
![Page 1: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/1.jpg)
HIPAA Privacy & Security
EVMS Health Services 2004 Training
![Page 2: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/2.jpg)
Privacy & Security
• Privacy– what should be protected
• Security– how to protect it
![Page 3: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/3.jpg)
Privacy
What should be protected?
Any health informationthat can be used to identify the patient
![Page 4: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/4.jpg)
Patient Identifiers
Name
Date of Birth
Date of Visit
Social Security #
Postal Address (even zip)
Telephone/Fax #
Medical record/Chart #
Email Address/URL
Account #
Photographs
![Page 5: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/5.jpg)
Privacy
Ways to protect patient information:
– Turn computer screens inward
– Keep patient schedules covered– Talk quietly – don’t use
patient’s name
– Shred documents
– Verify identity before disclosure
– Use security controls
![Page 6: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/6.jpg)
Security
• Is a process not a product
Examples of Security Controls
– Set automatic log offs after 20 minutes
– Use screensavers w/ password features
– Virus protection software
– Log-on trails
![Page 7: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/7.jpg)
Security
• Weakest link in security is people
why?
Don’t see it as importantLazinessAverse to technology Don’t know controls are there
![Page 8: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/8.jpg)
People Controls- management/leadership
• Don’t assign system passwords until employees have Privacy Training
• Tell staff how to safeguard work areas
• Store confidential information on network drive – not hard drive
• Don’t ever share passwords
![Page 9: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/9.jpg)
People Controls
Monitor Behavior
Are staff logging off computers?
Are they accessing information not needed for their job?
Is sensitive information removed whenever possible (minimum necessary rule?)
Are fax cover sheets used?
Are recycling bins used?
![Page 10: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/10.jpg)
People Controls
Monitor Actions
Is the Privacy Notice prominently displayed?
Are new patients being asked to initial/sign the privacy notice acknowledgement?
Are accidental disclosures logged in the patient’s disclosure log?
Are privacy complaints being forwarded to the privacy office?
![Page 11: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/11.jpg)
Fax Transmittals- controls
Always use a fax cover sheet that lets the recipient know who to contact “just in case” there is a transmission error
– If you make a mistake, the “unauthorized” disclosure must be logged in the patient’s medical record.
![Page 12: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/12.jpg)
Disclosure Log- in the medical record
We are required by law to “log” the following types of disclosures:
• Public health
• Social Services
• Law enforcement
• Unauthorized (or accidental) disclosures
![Page 13: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/13.jpg)
Data bases
#1 Risk area
Do it right
Get patient authorization (even for prospective research)
Protect data w/ security controls
Limit access
Don’t store on portable devices
Update data fields
![Page 14: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/14.jpg)
EVMS Privacy & Security Manuals
• It is your responsibility to follow the EVMS HIPAA Privacy & Security Policy & Procedures
• Each manager is required to review the Privacy & Security procedures with staff
• Privacy Policy & Procedures: http://hsmail.evms.edu/compliance/complianceweb/
• Security Policy & Procedures:
http://info.evms.edu/bfis/postdocs/itac_1/hipaa_/policies_/bov20030710secu/default.htm
![Page 15: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/15.jpg)
Mini Quiz
Someone is caught accessing the PHI of a co-worker. How do you handle this situation? Report person to
supervisor/Privacy Office Tell person that she can get fired,
but don’t report to Privacy Office Find out what person was looking
at so you can report it (click mouse for answer)
Report person to supervisor/Privacy Office immediately
![Page 16: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/16.jpg)
Mini Quiz
What are some ways to protect patient information?
Turn computer screens inward
Keep schedules covered up
Talk quietly, without using the patient’s name
All of the above
(click mouse for answer)
All of the above
![Page 17: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/17.jpg)
Mini Quiz
You use an electronic device to store/use health information. How do you protect the information? Log off system when not in use Store information on password
protected network drive Keep portable devices on you or
locked up at all time All of the above
(click mouse for answer)
All of the above
![Page 18: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/18.jpg)
Mini Quiz
The following are patient identifiers:A) Date of birth
B) Date of office visit
C) Strep throat diagnosis
D) A & C
E) A & B(click mouse for answer)
E) A & B
![Page 19: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/19.jpg)
Mini Quiz
A patient does not want to be contacted by EVMS for fundraising purposes. What should be done?A) remove patient’s address &
telephone # from IDX
B) ask patient to complete an opt-out fundraising form & forward to Privacy Office
C) call the EVMS Institutional Advancement office for advice
(click mouse for answer)
Answer is B!
![Page 20: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/20.jpg)
Mini Quiz
Are you allowed to share passwords? It is ok to give passwords to nurses,
but no one else
IDX passwords can be shared but not electronic medical record passwords
No one is allowed to share passwords – ever
(click mouse for answer)
No one is allowed to share passwords!
![Page 21: HIPAA Privacy & Security EVMS Health Services 2004 Training](https://reader035.vdocuments.net/reader035/viewer/2022062421/56649dbd5503460f94aaf518/html5/thumbnails/21.jpg)
Privacy- questions/concerns
Contact the Privacy Office: