SCT102 - HIPAA
ePHI Security Measures
1. don't face monitors towards patient view 2. log out when leaving work station 3. encrypt emails with PHI 4. never share passwords 5. take extra precautions with portable PHI devices (cell phones, tablet, laptop, etc.)
What rights do patients have with HIPAA?
1. right to access their PHI 2. right to request an amendment of their PHI 3. right to request a restriction on who can see their PHI 4. right to have a confidential communication 5. right to accounting of disclosures (who looked at their info) 6. right to file a complaint 7. right to receive notice on how PHI is used
How do you report a suspected HIPAA violation?
1.Inform your supervisor 2 Call the Compliance Office at the facility if you are not comfortable talking to your supervisor 3.Call the Compliance Hotline - anonymous call
Who does the HIPAA Privacy Rule apply to?
Covered entities - 1. Healthcare providers (hospitals, nursing homes, etc.) 2. Health plans (ins co) 3. Healthcare clearing houses (billing)
HIPAA - definition
Federal Law that is designed to protect the privacy and security of patient health information
What does HIPAA stand for?
H - Health I - Insurance P - Portability A - Accountability A - Act
Minimum Necessary
HIPAA principle that states that any person using or disclosing PHI must only use or disclose the minimum amount of information necessary to perform the particular task at hand, applies to all disclosures For disclosures - only release the information needed to process the request. Only share PHI with others who need to know and are legally allowed to know
Safeguards - Mailing, Fax
Mailing - use secure carriers such as UPS, certified mail Fax - attach coversheet, double-check fax #
Safeguards - Disclosure to third parties
Never assume that you may freely discuss a patient's condition when friends or family members of the patient are present. Always get the approval of the patient or their guardian first before discussing their health information in front of these individuals.
TPO - O
Operations - all of the day-to-day functions a health care provider must perform in order to provide health care services
TPO - P
Payment - the activities undertaken to obtain or provide reimbursement for the provision of health careT
PHI
Protected Health Information; any individually identifiable health information a covered entity has regarding a patient. Patient identifier + health info = PHI
TPO - T
Treatment - the provision, coordination, or management of health care and related services by one or more health care providers
TPO
Treatment, Payment & Operations
ePHI
electronic protected health information
HIPAA Privacy Rule
exists to ensure the confidentiality of patient health information
Non-retaliation Policy
policy that states any employees making good faith reports of suspected violations will not be retaliated against.
HIPAA Security Rule
requires that all PHI stored in any electronic form is confidential, available, and accurate
Safeguards - Storage, Transport, Disposal
storage - keep physical files in locked medical cabinets away from public access and return all files to here once done using them transport - used a locked briefcase during transit disposal - never use regular garbage cans, shred or put in designated host container
Under the Privacy Rule, providers must get _________ _________ from a patient before using or disclosing their PHI to any third party
written authorization