Health Insurance Portability & Accountability Act

clearsleepingbagΑσφάλεια

30 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

81 εμφανίσεις

Health Insurance Portability &
Accountability Act

“HIPAA”

To every patient, every time, we will provide the care that we
would want for our own loved ones.

Health, healing and hope.

The Privacy Rule


Protects information known as PROTECTED HEALTH
INFORMATION (PHI) that exists in written, oral and
electronic formats.

Examples of PHI


Name


Date of Birth


Fax Number


Account Number


Web Universal Resource Locator
(URL)


Street Address


Electronic mail address


Certificate/License Number


License Plate Number


City


Discharge Date


Social Security Number


Vehicle and Serial Number


Device Identifier and Serial
Number


Precinct


Date of Death


Medical Record Number


Internet Protocol Number


Full Face Photographic Images


Zip Code


Telephone Number


Health Plan Beneficiary Number


Biometrics Identifiers (i.e. finger
prints)


Any other Unique Identifying
Number, Characteristic, or Code

The Privacy Rule


Limits the way in which members of the GBMC workforce may
use and disclose (release) PHI.
GBMC workforce must have a
job
-
related reason to use or disclose PHI.



Requires that all GBMC workforce use only the minimum amount
of PHI necessary to get the job done. This is what HIPAA defines
as the MINIMUM NECESSARY standard.


“Workforce” means employees, volunteers, trainees, and other
persons who conduct work for GBMC and are under the direct
control of GBMC, whether or not they are paid by GBMC.

The Privacy Rule


Provides patients with certain rights


these rights are
commonly referred to as the PATIENT PRIVACY RIGHTS.



These rights are communicated to the patient in the Notice
of Privacy Practices.



If a patient wishes to exercise any of these Patient Privacy
Rights (which are outlined on the next slide), they must do so
in writing. You should contact Medical Records
Correspondence Department (443
-
849
-
2274) for the correct
forms.

The Patient Privacy Rights


Right to access PHI.



Right to request an amendment to PHI.



Right to request restrictions on how PHI is used for
treatment, payment, and healthcare operations.



Right to receive confidential communications.



Right to request an accounting of disclosures.



Right to complain to the Department of Health and Human
Services’ Office for Civil Rights.

HIPAA Privacy

The Notice of Privacy Practices



The Notice is a useful tool not only for you
but also for the patient. The NOPP:


* describes how GBMC may use a


patient’s PHI



* provides a clear and concise


description of the patient’s rights



* discusses how a patient may opt
-
out


of the facility directory



* discusses how the medical staff may


interact with the patient’s family



The Privacy Rule


Requires that GBMC provide a way for patients and workforce to

REPORT PRIVACY CONCERNS or ask privacy questions.

Reporting Privacy Concerns

Stacey McGreevy, GBMC Privacy 443
-
849
-
4325

Officer


HIPAA GroupWise Resource


To send an email, type in

HIPAA




the “To” field


1
-
800
-
299
-
7991


The Business Ethics Line is

now the Privacy Hotline too


The Compliance Home Page GBMC Infoweb

is your source for HIPAA

information

Privacy Compliance Tips


Keep all PHI locked and secured when you are away from your work
area.



Do not include any patient identifiers in the subject line of an email.



Do not discuss PHI in public or common areas.



Make sure to check the fax number for accuracy before sending a fax that
contains PHI. All faxes must include a
completed

GBMC standard fax
cover sheet (see fax policy for limited exceptions).



If a fax is sent to the wrong recipient in error, you must complete the
Accounting of Disclosures log located on the Compliance page of the
InfoWeb and send it to Medical Records.



Sign
-
in sheets are allowed as long as we continue to follow the standard
protocols that have always been in place at GBMC. Sign
-
in sheets should
be limited to patient name and appointment time.

The Security Rule


Requires administrative, physical, and technical
safeguards

be implemented to address the confidentiality, integrity, and
availability of
ELECTRONIC PROTECTED HEALTH
INFORMATION (ePHI).



Security of patient information is
EVERYONE’S
job! We
owe it to our patients!

Electronic Protected Health Information

The Security Rule


Requires GBMC provide each computer system user with a unique
user identity.



You user identity is the combination of your user ID and your
password


do not share or write down your password where it can
be easily retrieved by someone other than you.



Your user identity is what is used to monitor your activity on the
system (s).



Do not leave yourself signed onto a computer and then walk away
without signing off. You are responsible for any activity that
occurs under your user identity. Your user identity appears on audit
reports which are frequently monitored.

User Identity

Security Compliance Tips


Do not store electronic patient health information (ePHI)
on your local drive (C:).


If you use mobile media devices such as laptops and
USB drives, make sure they are encrypted.


Avoid emailing PHI but if it is necessary, be sure to
encrypt the email by typing the word “SECURE” as the
first word in the subject line of the email.


If you believe the PHI in paper or electronic form has
been used or released in an unauthorized manner, contact
the Privacy Office at 443
-
849
-
4325.

Protecting Your Password


In order to protect against unauthorized access to our computers,
GBMC has taken appropriate steps to monitor all activity on the
network to ensure that people are not trying to break
-
in to those
systems.



However, as a user of a GBMC system, it is important that you
also take measures to ensure that people cannot access GBMC
systems


that is partly accomplished through
password
management.



Password management includes selecting a
strong

password,
protecting

your password, as well as frequently
changing

your
password.

Password Management

Examples of How to Create a Strong Password

1.
Mix upper and lowercase characters






3bLINdmice




5gOLDenrings




4cALLingbirdS



2.
Replace letters with numbers





Replace “E” with “3”




“Sp3cial” or “3l3gant”


3.
Combine two words by using a


special character





Roof^Top




Sugar$Daddy




B@ttercup!


4.
Use the first letter from each
word of a phrase from a song





“Oops! I did it again”


becomes “O!idia”

In general, passwords should have a minimum length of 6 characters but
each application may have other requirements/limitations.

Password Management