property of wcdhhs1 waukesha county department of health and human services hipaa volunteer h1n1...

Property of WCDHHS 1

WAUKESHA COUNTY DEPARTMENT OF

HEALTH AND HUMAN SERVICES

HIPAA VOLUNTEER

H1N1 CLINIC TRAINING

2009

NOTE: To move from slide to slide use the Page

Up or Page Down buttons on your

keyboard


What is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act Originally it focused on ensuring the portability of health insurance

for individuals and improving fraud and abuse protections – passed in 1996.

Provides the framework for the establishment of a nationwide protection of the confidentiality of health information, security standards and standards and requirements for the electronic transmission of health information.


What is HIPAA?

A federal act (law) that sets provisions for use of patient information by health care agencies. Federal Regulation 45 CFR Parts 160,162 and 164

Gives individuals more control and access to their medical information.

A law that protects individually identifiable medical information from threats of loss or disclosure.

Simplify the administration of health insurance claims and lower costs.

Mandates the standardization of electronic data exchange.

Waukesha County Department of Health and Human Services is governed by this law.


Why is Privacy and Security training important?

It outlines your role as a volunteer in keeping patient information confidential and secure.

It outlines ways to prevent accidental and intentional misuse of protect health information (PHI).

To make protected health information secure with minimum impact to staff and business processes.

Its not just about HIPAA – it about our organization doing the right thing for our clients/patients!

We are required to do it.


Why is Privacy and Security training important?

We should treat personal electronic data with the same care and respect as weapons-grade plutonium -- it is dangerous, long-lasting and once it has leaked there's no getting it back. -- Corey Doctorow


HIPAA has three parts:

ELECTRONIC DATA EXCHANGE

SECURITY

PRIVACY

Each part has separate regulations to comply with and HIPAA mandates accountability from us.


What is Protected Health Information (PHI)?

PHI is individually identifiable health information relating to information: That reveals the physical or mental state of a person’s

health. About the payment for the health care services of an

individual. That identifies with reasonable accuracy and speed

the identity of a patient. Information can be in the form of written, oral, email or

other computer generated health information that reveals the identity of the person.


Who or what protects PHI?

1. The Federal Government through the laws of HIPAA. There are civil and criminal penalties associated with failure to follow the federal laws. The national news media reports patient information breaches to the public the penalties imposed on health care organizations and their staff.

2. Waukesha County through a. Our established HIPAA policies and proceduresb. Training sessionsb. The distribution of the Notice of Privacy Practices (NPP) to our patients/clients.

3. You, by following our policies and procedures and the information presented in this training.


To maintain Confidentiality- we need both Privacy and Security


HIPAA PRIVACY RULE


What is the HIPAA Privacy Rule?

The Privacy Regulations went into effect

April 14, 2003 Privacy refers to the

protection of an individual’s health care data/information.

Defines how patient information is used and disclosed.


Why is the Privacy Rule Important?

Gives individuals rights to control the use and disclosure of their PHI.

Puts boundaries on the use of health care information.

Sets procedures for maintaining past, present and future patient records.

Sets procedures for the sharing and maintaining written, electronic and verbal patient information.


Names Medical Record Numbers Social Security Numbers Account Numbers License/Certification numbers Vehicle Identifiers/Serial

numbers/License plate numbers

Internet protocol addresses Health plan numbers Full face photographic

images and any comparable images

Web universal resource locaters (URLs)

Any dates related to any individual (date of birth)

Telephone numbers Fax numbers Email addresses Biometric identifiers including

finger and voice prints Any other unique identifying

number, characteristic or code

What are examples of written PHI that must be protected?


What are examples of verbal PHI that must be protected?

One patient hearing personal information about the person ahead of them in line.

Any medical information that a patient/client would share with you while you are working.

Talking about a patient in areas that can be overhead by others, especially the public.

Telephone calls where the public can overhear conversations where PHI is discussed. If you speak loud close your door.


How do you know what PHI you can access?

Ask yourself “Do I need this information to do my volunteer job?”

This is the first check. If you don’t need it to do your volunteer job, you shouldn’t be using it.


What is Misuse of protected health information?

U n a u t h o r i z e d: Access to………. Using….. Taking……….. Possession of…….. Release of ……. Edit of …….. Destruction of……

PHI Without Authorization.


What is TPO?

HIPAA allows the Use and/or Disclosure of PHI without an authorization for the purpose of:

Treatment – the provision of health care Payment – the provision of benefits & premium payment Operations – normal business activities (reporting, data

collection & eligibility checks, etc.) These terms are collectively referred to as TPO. PHI released outside of TPO is not allowed except under an

authorization or required by law! Minimum necessary applies when releasing information under

TPO and only that necessary to perform your job!


Notice of Privacy Practices

Informs patients of their rights. Describes our plan to protect the patient’s information

under the law. Informs patients about how WCDHHS will use or

disclose their health information. Explains how a patient can:

Access/amend/change/restrict or obtain copies of their health information.

File a complaint. Request a list of disclosures. Receive confidential communications.

Notice of Privacy Practices

Waukesha County is REQUIRED to issue a written Notice of Privacy Practices to patients.


HIPAA SECURITY RULE


What is the HIPAA Security Rule?

The Security regulations went into effect

April 21,2005.

Security means controlling: how patient data is stored. how patient data is accessed.


Why is Security important?

Security outlines ways how we can prevent accidental and intentional misuse of protected information.


What is the HIPAA Security Rule?

The security policies requires that we: Know our policies, standards and

procedures. Apply physical and technical

safeguards.


System Security

How do we protect our computer systems and our patients’ information in them?

Read on to explore this…


How to apply the Security Rule?

ADMINISTRATIVE SAFEGUARDS - Our policies and procedures tell us what we need to do to maintain security.

TECHNICAL SAFEGUARDS – Many technical devices are needed to maintain security. These include computer passwords, screen savers, devices to scan ID badges and safe disposal of paper with patient information on it.

PHYSICAL SAFEGUARDS– Many physical barriers and devices are needed to maintain security. These include locks on doors, identifying visitors, storing records in file cabinets that protect our property and the health information that we store.

PERSONNEL SAFEGUARDS – Policies and procedures that manage the assignment of access authority to staff. Includes such things as who has access to what computer systems, access based on a person’s role in the organization and what systems they need to do their job and effective training to include HIPAA.


Facility Security

How can I help protect our facilities? (Applies if you work in one of the buildings) Wear your ID Badge at all times (it helps identify

you as a WCDHHS volunteer). Only let authorized personnel through

“authorized personnel entrances. If you notice that someone has gained access, report it to your supervisor.

Report any security concern or suspicious behavior to Supervisory Staff.


What are considered Restricted Areas?

Restricted areas are those areas within our facilities where PHI and/or organizationally sensitive information is stored or utilized.

Examples include: Area where nurses are giving shots. Area where medical supplies and

equipment are stored. Area that contains the refrigerators

that stores the vaccinations.


ELECTRONIC DATA EXCHANGE


What is Electronic Data Exchange?

The rules that govern the format of the electronic transfer of information between providers and payers to carry out financial or administrative activities related to health care.

Information includes coding, billing and insurance verification.


HIPAA PRIVACY AND SECURITY VIOLATION EXAMPLES


Access Violation – Access of PHI by a Coworker

A volunteer asked an employee friend who had a computer look up to see if they had any records in our computer systems.

Is this against Waukesha County’s policies?


Access Violation

Yes. It is inappropriate to ask your coworkers or other employees to do this if it is not part of their regular assigned job responsibilities.


Talking with Friends About Work

You had a negative encounter with a patient at the clinic or overhead a negative encounter and really need to vent to a friend or spouse after work. What can you discuss? Working in health care isn’t easy and

patient confidentiality MUST be maintained at all times – at work, during non-work hours and even after your assignment ends with Waukesha County. Here are some helpful tips………….


Talking with Friends About Work

Do not share with family, friends, or anyone else a patient’s name, or any other information that may identify him/her, for instance: It would not be a good idea to tell anyone that a patient

came in to have their flu shot. Why? Because this person may not want you to do

that. Do not inform anyone that you know a famous person, or

their family member, was seen at our organization. You cannot swear your family, friends or anyone else to

secrecy that they not tell your story to anyone else.


Safeguards to Protect Information


1. Be knowledgeable about HIPAA

This training will provide you with a basic understanding of HIPAA.

Waukesha County is placing trust in you to follow the policies.

Choosing not to follow these rules Could put you at risk. Could put our organization - Waukesha

County- at risk.


2. Think before you share/disclose patient information in public areas.

Discussions should occur in private areas.

Remember- you can be overheard anywhere.


2. Think before you share information- Releasing information

Share patient information only with authorized individuals.

In most cases, a written authorization is required for patient information to be released.

Check with a Supervisor if you should have a question.


3. Protect access to information

If you DO NOT need certain information to do your job….. DON’T ASK DON’T READ IT DON’T BE NOSEY


4. Keep information out of site from the public.

Ensure that paperwork with patient information (completed clinic forms) are placed in designated areas.

Cover clipboards

Never leave paper with PHI unattended.

Carry paperwork so others cannot see any patient names.

Transportation of patient information must be done in locked designed Waukesha County containers.


5.Properly destroy patient information

Any paper with confidential patient information on it that is to be destroyed shall be placed in the designed County shredding containers or shredded on site.

This paper CANNOT go into the regular trash.

Ask an employee for assistance if you are unsure where the containers are located.


How and whom do you report a concern to ?

It is your duty to report any concerns, any suspicious activity you have about privacy and security.

Tell a supervisor right away.


To receive credit for the HIPAA training, complete the following forms and send or give to Colleen Martin The Training Acknowledgment Form

Read it. Complete test and record test answers on this form. Sign it.The Confidentiality/Non-Disclosure Statement Read it. Sign it.

Note there are two other forms that need to be completed and returned as well. Permission to Perform A Background Check Background Information Disclosure


Thank you for your participation

H and

I n-Hand

P rotecting

A ltogether

A ll patientinformation

property of wcdhhs1 waukesha county department of health and human services hipaa volunteer h1n1...

Documents

persons health

health care services

health care organizations

health care agencies

health insurance portability

use of patient information

property of wcdhhs6

laws of hipaa