HIPAA & Security Awareness Training Annual Mandatory
Education Slide 2 Objectives Define the Health Insurance
Portability and Accountability Act (HIPAA) Describe patient rights
and protections under the HIPAA Privacy Rule Identify good
practices for treatment of patient information under the HIPAA
Privacy and Security Rules Identify appropriate physical safeguards
to assist in the protection of electronic patient information Slide
3 Introduction The Health Insurance Portability and Accountability
Act (HIPAA) of 1996 is an enacted Federal Law created by President
Bill Clinton and enforced by the Department of Health and Human
Services to address patient information in relation to: Privacy and
Confidentiality of Patient Information Security of Electronic
Protected Health Information Transactions and Code Sets Slide 4 The
Rules Address the Need To: Standardize the format of health care
data across the industry Standardize rules for treatment of health
care data Share health care data among providers Slide 5 Evolve
from paper to electronic records thereby reducing the cost of
maintaining health care data Establish rules that grant rights to
patients own health care information Protect patient information
from unauthorized use and disclosure The Rules Address the Need To:
Slide 6 Protected Health Information Names Addresses Employers
Relatives Names Telephone, cell or fax numbers Email Addresses
Social Security Number Medical Record Number Member or Account
Number Certificate Numbers Voiceprints Fingerprints Photos Codes
Any other characteristic that may identify a person or a
combination of information Slide 7 Patient Privacy Rights Notice of
Privacy Practices File Complaints Request restrictions on uses and
disclosures Request confidential communication Slide 8 Request
access to PHI for inspection and copying Request amendments Request
accounting of disclosures All rights apply to all patients, living
or deceased Patient Privacy Rights Slide 9 Question #1 Which is not
a benefit of the HIPAA Rules? A.Standardize rules for the treatment
of health information B.Reduce health care costs C.Prevent data
from being shared among current care providers D.Protect patient
information from unauthorized use and disclosure Slide 10 Question
#2 A.Request restrictions on uses and disclosures B.Request an
accounting of all disclosures C.Request confidential communications
D.Request that certain data is stricken from their medical record
Which is not a patient right under the HIPAA Rules? Slide 11 Use
and Disclosure Payment Health Care Operations Three kinds of use or
disclosure that need NO prior authorization are: Treatment Slide 12
Authorization Obtained for any reason other than treatment,
payment, health care operations Specific in how the information
will be used, by whom and for how long Right to revoke
authorizations at any time All requests that require authorization
must go to Medical Records for review Slide 13 Minimum Necessary
Standard In circumstances other than treatment, including payment
and health care operations, only the minimum amount of information
necessary for the task or purpose should be released. This is
called the Minimum Necessary Standard Slide 14 Known Individuals
Family, friends or well known figures Cannot access for personal
reasons Only access what you need to do your job Slide 15 Personal
Representatives May have legal authority to act on behalf of a
patient May have a court- appointed document Family member or
friend providing care Treated no differently than the patient with
respect to HIPAA Slide 16 Question #3 Authorization is needed to
disclose patient information to another care provider currently
caring for a patient. A.True B.False Slide 17 Question #4 When
patient information is requested for reasons other than treatment,
payment or health care operations, to which department should the
request be forwarded? A.Information Technology Department B.Medical
Records C.Patient Accounting D.Access Department Slide 18 Privacy
Rule Privacy and confidentiality are an essential part of CHPCs
policies and procedures. Our privacy policies apply to Protected
Health Information in three forms. Written Verbal Electronic Slide
19 Best Practices for Written PHI Medical Records Keep locked in a
secure area Always sign out and sign in Cover with a
Confidentiality Statement page When traveling keep secure in car or
on person Slide 20 Best Practices for Written PHI File Cabinets,
Whiteboards, etc. Keep cabinets locked Place in secure area and/or
behind locked doors Keep the general public or those who have no
need to know out of the secure areas Dont allow whiteboards to face
windows or open doors Slide 21 Best Practices for Written PHI Desks
and Loose Papers Never leave desks with PHI unattended Dispose of
unnecessary paper PHI in recycle bins Dont bring paper PHI into
general areas Clean desk policy applies Slide 22 Best Practices for
Written PHI Copiers, Printer and Fax Machines Located in secure
areas Pick up print and copy jobs immediately Use coversheets with
Confidentiality Statements on all faxes Call recipient of fax to
confirm they received Check fax machines frequently for PHI Slide
23 Best Practices for Written PHI Staff Mailboxes Must be either
located in secure area or must NOT contain PHI Check frequently
Slide 24 Question #5 A.Double check the fax number before you send
the fax B.Use a cover sheet with a confidentiality statement C.Call
the recipient to make sure they received it D.Never send faxes with
PHI because it is not secure Which is not a best practice when
using fax machines to send or receive PHI? Slide 25 Question #6
Where should written PHI be disposed of when it is no longer
needed? A.Turn it in to Medical Records B.Trashcans C.Shredders
D.Recycle Bins Slide 26 Best Practices for Verbal PHI Conversations
Need to know Hold in private areas at all times Never in public
areas Incidental disclosures Slide 27 Best Practices for Verbal PHI
Telephones and Voicemails Hold conversations in a secure area, not
public areas or within earshot of the public Try to ensure the
person on the other end is the person who should be receiving the
PHI Never leave PHI on a voicemail Slide 28 Question #7 Which is a
secure area for holding conversations containing patient
information? A.Cubicles in the team area B.Hallways C.Around the
nursing station D.In the restrooms Slide 29 The Security Rule
Administrative Safeguards Policies and Procedures Technical
Safeguards Restricting access to data transmitted over the network
Physical Safeguards Physical computer and network facilities The
Security Rule only applies to PHI in an electronic format whereas
the Privacy Rule applies to PHI in any format. The Security Rule
has three types of safeguards: Slide 30 Facility Security Plan
Badges must be worn at all times Visitors must sign in and remain
in non-PHI areas Reception areas control who enters the facility
Reception areas are only open doors, all others remain locked when
not in use Slide 31 Security button to access areas Security
cameras Alarm System Facility Security Plan Slide 32 Workstation
Use Equipment and access determined by job description and
supervisor Use for business purposes only May not leave workstation
unattended while logged in May not attach any peripheral device
Only organization-issued software and hardware may be used Slide 33
Workstation Use Position monitors so they cannot be seen though
doors, windows or in high-traffic areas Computers and other
technology may only be used by the person to whom the equipment it
was issued Never share passwords or log another person in Slide 34
Information Security All information on the network belongs to CHPC
May not send and receive files from home May not email PHI or
transmit PHI unless encrypted Slide 35 Technology Accountability
You are responsible for the security and care of company issued
hardware resources Equipment and software may not be removed from
the premises without permission from IT Turn in all equipment upon
termination of employment Slide 36 Internet Usage Business purposes
only No downloads No streaming video or audio Internet usage is
monitored Slide 37 Email Etiquette Email is an official
communication tool Dont use email for sensitive issues that should
be discussed face-to-face NO PHI IS SENT VIA EMAIL OUTSIDE OUR
ORGANIZATION Email usage is monitored Slide 38 Question #8 Which of
the following is not a good workstation use practice? A.Logging out
when you step away from your computer B.Using the workstation to
research medications or medical conditions C.Using an external
drive such as a thumb or jump drive with my workstation D.Being
cognizant of who can view my computers monitor Slide 39 Questions
#9 Emails containing PHI may be sent to my co- worker internally,
if they have a need to know, but may never be sent outside the
network. A.True B.False Slide 40 Thank you Amy Smith
Privacy/Security Officer 989-2076 Sue Zogaria Privacy Officer
(Alternate) 989-2113 Gordon Grieble Security Officer (Alternate)
989-2085
![HCCA BYO [Read-Only] · • Liability coverage due to HIPAA non-compliance • Employee training and awareness 22 BYOD Dos in HIPAA 1. Make sure your vendor and its sub-vendors are](https://img.dokumen.tips/doc/110x75/5e157fe93fe57b53f0428eb1/hcca-byo-read-only-a-liability-coverage-due-to-hipaa-non-compliance-a-employee.jpg)
