logging in or signing up HIPAATraining Aric85 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 98 Category: Entertainment License: All Rights Reserved Like it (2) Dislike it (0) Added: December 28, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: aziiiza (13 month(s) ago) naic Saving..... Post Reply Close Saving..... Edit Comment Close By: aziiiza (13 month(s) ago) naic Saving..... Post Reply Close Saving..... Edit Comment Close By: aziiiza (13 month(s) ago) it is very helpful and clear.. thanks Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript HIPAA Training: HIPAA Training C6440 Ethics in CounselingTraining Goals: Training Goals This training will help you understand what you must do to comply with the HIPAA law and policies to make sure you are in compliance.Patient Rights: Patient Rights Patient Rights: Patient Rights Patients have new rights under HIPAA. They are: Notice of Privacy Practices Right to an Accounting of Disclosures Right to Alternative Communications Right to Access/Copy Records Right to Restrict Uses/Disclosures Right to Communicate Privacy Issues Right to Amend Records Notice of Privacy Practices: Notice of Privacy Practices All patients must get a Notice of Privacy Practices when they arrive at the time of registration. This tells them how you use and share their health information and what their rights are under HIPAA. Every patient signs your Patient Agreement & Consent Form which includes a statement that the patients have received the Notice of Privacy Practices unless they refuse or are unable to, which must be documented on the form. Right to an Accounting of Disclosures: Right to an Accounting of Disclosures You must keep track of all releases of a patient’s information when it does not have to do with treatment, payment, or operations (TPO) unless you get the patient’s written permission. For example, when you report suspected abuse or neglect, or release information to law enforcement. Right to an Accounting of Disclosures: Right to an Accounting of Disclosures These releases are to be entered into the patient’s record. If you release, you are responsible for documenting the release in the record. Patients have the right to request a report of these releases. All requests for a report are to be sent to you and must be in writing.Right to Alternative Communications: Right to Alternative Communications All patients have the right to request you contact them at a different location for safety reasons (post office box instead of street address). You must agree to all reasonable requests. These requests are noted on a Confidential/Alternative Communications Request Form. Right to Access/Copy Records : Right to Access/Copy Records Patients generally have the right to see or get a copy of their medical record. Hospitalized patients cannot get a copy until after discharge from a hospital, but can ask their doctor to review their record with them. Patients must sign an Authorization Form to get a copy of their record. These requests must be directed to you or Medical Records. Right to Restrict : Right to Restrict All patients have the right to request a limit (“restriction”) on how you use or share their health information. Patients must fill out a Request for Restriction Form. The form must be given to you directly. Right to Communicate Privacy Issues : Right to Communicate Privacy Issues Patients have the right to file a complaint if they feel their information is not kept private. If you receive a privacy complaint, document it on a Patient Complaint Form.Right to Amend Records : Right to Amend Records Patients have the right to request their medical record be corrected (“amended”) if they feel their information is wrong or not complete. Special Requirements: Special Requirements Facility Directory: Facility Directory So that you can tell visitors where patients are located in your facility when they ask for someone by name, you tell patients you will list them in your directory unless they object. If a patient objects, it is documented on the Patient Agreement & Consent Form. This is the same form that patients sign stating they have received your Notice of Privacy Practices.Facility Directory: Facility Directory If the patient agrees to be listed in the directory: The patient’s condition and location can be given to anyone who asks for the patient by name, even via telephone. Clergy can be given directory information and the patient’s religion. The Information Desks and Switchboard Operators have access to patients in the facility directory only. Facility Directory: Facility Directory If a patient does not agree to be listed in the facility directory, the Info Desk and Switchboard will not have any information on the patient and therefore will say “I have no information on that patient.” Patients that do not agree to be listed will not receive flowers or mail and visitors will be told the organization has no information on the patient. The patient is a “no info” patient. Sharing Information with Family & Friends : Sharing Information with Family & Friends You must get the patient’s permission prior to sharing the patient’s detailed health information (more than the patient’s condition/location) with family and friends. You can do this orally. There is no need for a patient to sign a form. Before discussing health information with the patient in front of family and friends, you must first ask the patient for permission. He has the right to decide if he wants others to hear. Sharing Information with Family & Friends : Sharing Information with Family & Friends If it is necessary to notify a family member or a friend of a patient’s condition, for example if a patient is brought to an Emergency Center alone and the patient is in critical condition, a doctor or nurse can try to contact family members or friends to notify them of the patient’s condition if they feel it is in the patient’s best interest. Releasing Patient Information: Releasing Patient Information Your patients trust that you will keep their information private. You may be exposed to news-worthy information. Remember: Keep patient information private! Do not share information with the media, other staff, friends, or relatives! Never take pictures!Releasing Patient Information : Releasing Patient Information Generally, patient information may be released for treatment, payment, or operations purposes (TPO). Patient information may not be released for marketing purposes without the patient’s permission. Make sure you know your organization’s policies for releasing patient information. If patients ask you for their own information, always verify their identity before you release it.Use & Release of Health Information - TPO: Use & Release of Health Information - TPO Health information may be released to other treating doctors/providers. The treatment relationship must be verified. If a patient is being transferred to another facility, sharing information for transfer is permitted if the patient has consented to the transfer. Health information may be released so that you can get paid. Health information may be used for day to day operations purposes (evaluations, grievances, etc.)Use & Release of Health Information - TPO: Use & Release of Health Information - TPO Example – primary care physician contacts ER to obtain information on a patient that was seen in ER. You fax information – BAD! (Physician was really asking for information on neighbor, not a patient of his.) Example – primary care physician contacts ER to obtain information on a patient that was seen in ER. We verify patient named the physician as his primary care physician first and then fax the information – GOOD!Use & Release of Health Information – Non Routine: Use & Release of Health Information – Non Routine When releasing Protected Health Information (PHI) for non-TPO reasons (such as marketing), or if a provider is not documented on the patient’s record, a patient’s authorization should be obtained (unless required or permitted by law). The approved Authorization Form must be used.Safeguards: Safeguards Role-Based Access : Role-Based Access You are required to obtain and/or access information only if it is needed for you to do your job. This is called role-based access.Examples of Inappropriate Accesses:: Examples of Inappropriate Accesses: Accessing celebrity information Accessing friend or relative information Accessing information for other companies/providers who want the information for marketing purposes Accessing information for personal reasons Accessing co-workers’ patient information Accessing your own informationConfidentiality : Confidentiality These inappropriate accesses are against the law (HIPAA-the Federal Privacy Law, and other state laws). Computer Screens : Computer Screens Whenever you leave a computer that is used for accessing confidential information, completely log off application. If possible, computer screens are to be turned so that visitors cannot see the information.Sending PHI Externally: Sending PHI Externally Never send PHI externally in an e-mail or in an attachment to an e-mail unless the information is encrypted. Electronic Disposal/Storage: Electronic Disposal/Storage Do not throw away any CDs, floppy disks, or tapes that have patient information. First make sure the information is erased. Store these items in an area that is locked. Faxing : Faxing You can fax health information. A fax cover sheet with the approved confidentiality statement must be used. Your name and telephone number must be on the cover sheet. Faxing : Faxing Be careful that any and all health information that is faxed is not faxed to a wrong number outside of you facility. Fax machines must be placed in a secure area. Fax numbers that are used a lot should be programmed into the fax machine. Faxing : Faxing Use programmed fax numbers if you can. Fax machines should be checked often so that faxes can be given to the right person quickly. If the person cannot be found, the information should be put in an envelope or folder, or placed in an area where others cannot see the information. Faxing : Faxing No sexually-transmitted disease; alcohol/drug abuse; or mental health information shall be faxed unless it is for treatment, payment, or required by law. Transporting Patients and/or Patient Information : Transporting Patients and/or Patient Information Hide names and other information when delivering or transporting. Do not leave documents unattended. When moving offices, make sure information is secure. Ask visitors to wait for another elevator or transport on designated elevators. Leaving Messages for Patients: Leaving Messages for Patients You CAN leave general messages for patients. No information regarding a patient’s condition can be left on an answering machine, unless he tells you it is OK. Leaving Messages for Patients: Leaving Messages for Patients Example: “This is John Doe from City Hospital calling for Jane Smith. Please return my call at 825-1100; or “This is John Doe from City Hospital calling to remind Jane Smith about her appointment tomorrow at 10:00.” Sign In Sheets: Sign In Sheets Sign in sheets may be used by your facility or department. If they are used, only the patient’s name can be recorded on them. Document Disposal/Storage: Document Disposal/Storage All printed confidential information must be shredded or burned. Know how to dispose of confidential info at your facility. All patient information papers that must be stored must be stored in an area that is lockable. Don’t leave paperwork where other patients and visitors can see, unlocked, or unattended. Markings on Medical Records : Markings on Medical Records No information about a patient’s diagnosis shall be on the outside of a medical record. Always store charts in chart racks with the patients name faced in so that others cannot see it. Computer Safeguards: Computer Safeguards NEVER SHARE YOUR COMPUTER USER I.D. OR PASSWORD! ALWAYS LOG OFF BEFORE LEAVING YOUR COMPUTER! YOU ARE RESPONSIBLE FOR ANY ACTIONS FOR WHICH YOUR USER I.D. WAS USED!Federal Penalties: Federal Penalties Non-Intentional Non Compliance: $100 per violation For example, did not give patient a Notice of Privacy Practices Intentional Non Compliance: Up to 10 years in jail and $250,000 fine For example, selling patient information Stating you are someone that you are not in order to obtain a patient’s informationReport Concerns: Report Concerns It is your responsibility to report concerns! To report concerns: Talk with your supervisor Call the Chief Privacy Officer at your organizationSummary: Summary Only access information needed to perform your duties. Never share your user I.D. and password. Always log off when leaving your computer. Make sure you know when releasing patient information is appropriate. Patient privacy is serious! Report concerns. You are required by HIPAA to audit accesses. You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
HIPAATraining Aric85 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 98 Category: Entertainment License: All Rights Reserved Like it (2) Dislike it (0) Added: December 28, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: aziiiza (13 month(s) ago) naic Saving..... Post Reply Close Saving..... Edit Comment Close By: aziiiza (13 month(s) ago) naic Saving..... Post Reply Close Saving..... Edit Comment Close By: aziiiza (13 month(s) ago) it is very helpful and clear.. thanks Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript HIPAA Training: HIPAA Training C6440 Ethics in CounselingTraining Goals: Training Goals This training will help you understand what you must do to comply with the HIPAA law and policies to make sure you are in compliance.Patient Rights: Patient Rights Patient Rights: Patient Rights Patients have new rights under HIPAA. They are: Notice of Privacy Practices Right to an Accounting of Disclosures Right to Alternative Communications Right to Access/Copy Records Right to Restrict Uses/Disclosures Right to Communicate Privacy Issues Right to Amend Records Notice of Privacy Practices: Notice of Privacy Practices All patients must get a Notice of Privacy Practices when they arrive at the time of registration. This tells them how you use and share their health information and what their rights are under HIPAA. Every patient signs your Patient Agreement & Consent Form which includes a statement that the patients have received the Notice of Privacy Practices unless they refuse or are unable to, which must be documented on the form. Right to an Accounting of Disclosures: Right to an Accounting of Disclosures You must keep track of all releases of a patient’s information when it does not have to do with treatment, payment, or operations (TPO) unless you get the patient’s written permission. For example, when you report suspected abuse or neglect, or release information to law enforcement. Right to an Accounting of Disclosures: Right to an Accounting of Disclosures These releases are to be entered into the patient’s record. If you release, you are responsible for documenting the release in the record. Patients have the right to request a report of these releases. All requests for a report are to be sent to you and must be in writing.Right to Alternative Communications: Right to Alternative Communications All patients have the right to request you contact them at a different location for safety reasons (post office box instead of street address). You must agree to all reasonable requests. These requests are noted on a Confidential/Alternative Communications Request Form. Right to Access/Copy Records : Right to Access/Copy Records Patients generally have the right to see or get a copy of their medical record. Hospitalized patients cannot get a copy until after discharge from a hospital, but can ask their doctor to review their record with them. Patients must sign an Authorization Form to get a copy of their record. These requests must be directed to you or Medical Records. Right to Restrict : Right to Restrict All patients have the right to request a limit (“restriction”) on how you use or share their health information. Patients must fill out a Request for Restriction Form. The form must be given to you directly. Right to Communicate Privacy Issues : Right to Communicate Privacy Issues Patients have the right to file a complaint if they feel their information is not kept private. If you receive a privacy complaint, document it on a Patient Complaint Form.Right to Amend Records : Right to Amend Records Patients have the right to request their medical record be corrected (“amended”) if they feel their information is wrong or not complete. Special Requirements: Special Requirements Facility Directory: Facility Directory So that you can tell visitors where patients are located in your facility when they ask for someone by name, you tell patients you will list them in your directory unless they object. If a patient objects, it is documented on the Patient Agreement & Consent Form. This is the same form that patients sign stating they have received your Notice of Privacy Practices.Facility Directory: Facility Directory If the patient agrees to be listed in the directory: The patient’s condition and location can be given to anyone who asks for the patient by name, even via telephone. Clergy can be given directory information and the patient’s religion. The Information Desks and Switchboard Operators have access to patients in the facility directory only. Facility Directory: Facility Directory If a patient does not agree to be listed in the facility directory, the Info Desk and Switchboard will not have any information on the patient and therefore will say “I have no information on that patient.” Patients that do not agree to be listed will not receive flowers or mail and visitors will be told the organization has no information on the patient. The patient is a “no info” patient. Sharing Information with Family & Friends : Sharing Information with Family & Friends You must get the patient’s permission prior to sharing the patient’s detailed health information (more than the patient’s condition/location) with family and friends. You can do this orally. There is no need for a patient to sign a form. Before discussing health information with the patient in front of family and friends, you must first ask the patient for permission. He has the right to decide if he wants others to hear. Sharing Information with Family & Friends : Sharing Information with Family & Friends If it is necessary to notify a family member or a friend of a patient’s condition, for example if a patient is brought to an Emergency Center alone and the patient is in critical condition, a doctor or nurse can try to contact family members or friends to notify them of the patient’s condition if they feel it is in the patient’s best interest. Releasing Patient Information: Releasing Patient Information Your patients trust that you will keep their information private. You may be exposed to news-worthy information. Remember: Keep patient information private! Do not share information with the media, other staff, friends, or relatives! Never take pictures!Releasing Patient Information : Releasing Patient Information Generally, patient information may be released for treatment, payment, or operations purposes (TPO). Patient information may not be released for marketing purposes without the patient’s permission. Make sure you know your organization’s policies for releasing patient information. If patients ask you for their own information, always verify their identity before you release it.Use & Release of Health Information - TPO: Use & Release of Health Information - TPO Health information may be released to other treating doctors/providers. The treatment relationship must be verified. If a patient is being transferred to another facility, sharing information for transfer is permitted if the patient has consented to the transfer. Health information may be released so that you can get paid. Health information may be used for day to day operations purposes (evaluations, grievances, etc.)Use & Release of Health Information - TPO: Use & Release of Health Information - TPO Example – primary care physician contacts ER to obtain information on a patient that was seen in ER. You fax information – BAD! (Physician was really asking for information on neighbor, not a patient of his.) Example – primary care physician contacts ER to obtain information on a patient that was seen in ER. We verify patient named the physician as his primary care physician first and then fax the information – GOOD!Use & Release of Health Information – Non Routine: Use & Release of Health Information – Non Routine When releasing Protected Health Information (PHI) for non-TPO reasons (such as marketing), or if a provider is not documented on the patient’s record, a patient’s authorization should be obtained (unless required or permitted by law). The approved Authorization Form must be used.Safeguards: Safeguards Role-Based Access : Role-Based Access You are required to obtain and/or access information only if it is needed for you to do your job. This is called role-based access.Examples of Inappropriate Accesses:: Examples of Inappropriate Accesses: Accessing celebrity information Accessing friend or relative information Accessing information for other companies/providers who want the information for marketing purposes Accessing information for personal reasons Accessing co-workers’ patient information Accessing your own informationConfidentiality : Confidentiality These inappropriate accesses are against the law (HIPAA-the Federal Privacy Law, and other state laws). Computer Screens : Computer Screens Whenever you leave a computer that is used for accessing confidential information, completely log off application. If possible, computer screens are to be turned so that visitors cannot see the information.Sending PHI Externally: Sending PHI Externally Never send PHI externally in an e-mail or in an attachment to an e-mail unless the information is encrypted. Electronic Disposal/Storage: Electronic Disposal/Storage Do not throw away any CDs, floppy disks, or tapes that have patient information. First make sure the information is erased. Store these items in an area that is locked. Faxing : Faxing You can fax health information. A fax cover sheet with the approved confidentiality statement must be used. Your name and telephone number must be on the cover sheet. Faxing : Faxing Be careful that any and all health information that is faxed is not faxed to a wrong number outside of you facility. Fax machines must be placed in a secure area. Fax numbers that are used a lot should be programmed into the fax machine. Faxing : Faxing Use programmed fax numbers if you can. Fax machines should be checked often so that faxes can be given to the right person quickly. If the person cannot be found, the information should be put in an envelope or folder, or placed in an area where others cannot see the information. Faxing : Faxing No sexually-transmitted disease; alcohol/drug abuse; or mental health information shall be faxed unless it is for treatment, payment, or required by law. Transporting Patients and/or Patient Information : Transporting Patients and/or Patient Information Hide names and other information when delivering or transporting. Do not leave documents unattended. When moving offices, make sure information is secure. Ask visitors to wait for another elevator or transport on designated elevators. Leaving Messages for Patients: Leaving Messages for Patients You CAN leave general messages for patients. No information regarding a patient’s condition can be left on an answering machine, unless he tells you it is OK. Leaving Messages for Patients: Leaving Messages for Patients Example: “This is John Doe from City Hospital calling for Jane Smith. Please return my call at 825-1100; or “This is John Doe from City Hospital calling to remind Jane Smith about her appointment tomorrow at 10:00.” Sign In Sheets: Sign In Sheets Sign in sheets may be used by your facility or department. If they are used, only the patient’s name can be recorded on them. Document Disposal/Storage: Document Disposal/Storage All printed confidential information must be shredded or burned. Know how to dispose of confidential info at your facility. All patient information papers that must be stored must be stored in an area that is lockable. Don’t leave paperwork where other patients and visitors can see, unlocked, or unattended. Markings on Medical Records : Markings on Medical Records No information about a patient’s diagnosis shall be on the outside of a medical record. Always store charts in chart racks with the patients name faced in so that others cannot see it. Computer Safeguards: Computer Safeguards NEVER SHARE YOUR COMPUTER USER I.D. OR PASSWORD! ALWAYS LOG OFF BEFORE LEAVING YOUR COMPUTER! YOU ARE RESPONSIBLE FOR ANY ACTIONS FOR WHICH YOUR USER I.D. WAS USED!Federal Penalties: Federal Penalties Non-Intentional Non Compliance: $100 per violation For example, did not give patient a Notice of Privacy Practices Intentional Non Compliance: Up to 10 years in jail and $250,000 fine For example, selling patient information Stating you are someone that you are not in order to obtain a patient’s informationReport Concerns: Report Concerns It is your responsibility to report concerns! To report concerns: Talk with your supervisor Call the Chief Privacy Officer at your organizationSummary: Summary Only access information needed to perform your duties. Never share your user I.D. and password. Always log off when leaving your computer. Make sure you know when releasing patient information is appropriate. Patient privacy is serious! Report concerns. You are required by HIPAA to audit accesses.