SlideShare une entreprise Scribd logo

Hippa final JU nursing informatics

Télécharger en tant que PPTX, PDF
K
kmcanty

HIPAA Presentation for JU BSN program

Formation
1  sur  40
HIPPA and Information Technology BULNES, STEPHANIE CANNADY, DEVIN CANTY, KRISTI CLARKSON, HEATHER
What is the Health Insurance Portability and Accountability Act (HIPAA)?  It is a federal law created in 1996, enforced by the Office of Civil Rights which protects the privacy of individually identifiable health information.
HIPAA RULES: The Privacy Rule  Provides standards to protect patients medical records and other personal health information.  Sets limits on uses and disclosures.  Gives patients rights over their health information.
HIPAA RULES: The Security Rule  Creates standards to protect patients electronic personal health information that is created, received, used, or maintained by a health plan, healthcare clearinghouse or health care provider  requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Health Information Privacy 2007)
HIPAA RULES: The Breach Notification Rule  requires HIPAA covered entities (health plans, healthcare clearinghouses, healthcare providers) and their business associates to provide notification following a breach of unsecure protected health information.
2011 HIPAA Violations Resource: onlinetech.com
Information System  Protection of information against threats to its integrity inadvertent disclosure or availability  Information systems can improve protection for client information in some ways and endanger it in others.  The electronic medical record cannot easily be viewed by anyone who doesn’t have access code. (Hebda, Czar 2013, p235)
Consent  The process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used.  When obtaining consent the patient should be made aware of any risks to privacy.  HIPAA has a consent form for the release of health related information that is intended to protect a patients privacy.  The consent form is based on rules and restrictions on who may see or be notified of a patients protected health information.
What would you do? You are the nurse for an elderly confused patient. The patient is becoming increasingly confused and keeps asking for her son Larry. You access her medical records and find that Larry is not the patients health care proxy but is listed as one the patient contacts. You are the nurse for an intubated comatose patient. A woman comes to visit the patient stating she is the patients sister. You access the patient records, there is no information about the patient having a sister. A family member calls and states he is the patients Health Care Proxy and would like information on the patient, you have never met the him but his name matches the one on the patients record.
System Security HIPAA PROTECTS THE SECURITY AND PRIVACY OF ALL PERSONAL HEALTH INFORMATION (PHI) WHICH REFERS TO MEDICAL RECORDS AND OTHER HEALTH INFORMATION USED OR STORED IN ANY FORM. THIS INCLUDES COMMUNICATION THAT IS WRITTEN, VERBAL, ELECTRONIC OR NON ELECTRONIC.
System Security Compliance  This includes computer screens, white boards, phone conversations, waste basket, patient chart, smart phones, conversation in elevator and many more.  Compliance with HIPAA is about people, policies and procedures that make good sense. Remember that it is always about what is best for the patient.
The Minimum Necessary Rule  In accordance with the Federal HIPAA law information may shared with other health care providers for the purpose of TPO: Treatment  Payment  Healthcare operations   Patient information should only be accessed, used, or disclosed in the amount that is the MINIMUM NECESSARY in order for an individual to perform his/her duties. For example: The lab does not need to know the admitting diagnosis to run an Hepatitis screen on a patient’s blood.
Breaches in Security  According to American Medical News 94% of facilities suffered a breach in security in the last 2 years. Leaving thousands of Americans at risk of Medical Identity theft.  An entity regulated by HIPAA must have reasonable administrative, technical and physical safeguards to protect against intentional or unintentional disclosure of protected health information. This may include, shredding documents when they are disposed of and keeping electronic documents under password protected or key code security.  Entities must have policies and procedures in place to keep employees from inadvertently sharing private information, such as closing computer screens before leaving the area and turning computer screens away from an area where they may be viewed by a family member.
Small Scale Snooping  According to a survey by Veriphyr, the majority of HIPAA violations and security breaches are due to insiders who are snooping into the medical records of their coworkers, relatives or even looking at their own medical record.  In this instance the facility must have policies and procedures in place to ensure all employees understand the electronic access needed to perform their job and sanctions in place if inappropriate access is discovered.
Penalties for violations of HIPAA  The American Recovery and Reinvestment act of 2009 established civil penalties for the violation of HIPAA Federal Law.  The penalties for violation of HIPAA laws have a tiered structure which is based on the nature and extent of the violation.  The Secretary of the Department of Health and Human Resources has the discretion to determine the amount of the penalty based on the nature of the violation and the resulting harm.  The Secretary is prohibited from imposing a civil penalty if the violation is corrected within 30 days except in cases of willful neglect.
Civil Penalties
Case Study  An Arkansas LPN may face 10 years in prison and/or a $250,000 fine.  Smith pleaded guilty to wrongfully disclosing individually identifiable health information for personal gain and malicious harm  According to the associated press, the nurse obtained private medical information on a patient while working at clinic in Arkansas.  She then shared the information with her husband who contacted the patient and threatened to use the information against him in a court proceeding the two were involved in,  The patient contacted the states attorney’s office and charges were filed against the nurse and her husband.
Case Study  An HIV positive patient relocating to another city asks his existing physician to fax his medical records to his new doctor.  The busy office manager mistakenly faxed the records to the patient’s new employer. The fax did not have a cover sheet that indicated that the content was confidential.  The patient was very upset that his new employer had private information about health. He contacted the US Department of Health and Human Services, who referred the case to the Office of Civil Rights (OCS).  The physician’s office was investigated and the staff underwent voluntary HIPAA privacy training.
Policies and Procedures ADMINISTRATION AND PERSONAL
Policy and Procedure  Administrative – Responsible for creating and managing an infrastructure which protects client privacy and confidentiality. This involves:  Developing a Plan  Policies designated structure for implementation  User access levels  Adequate budget
Administration – Centralized Security Function  Comprehensive Security Plan  Accurate and complete information  Information asset ownership and sensitivity classifications  Identification of a comprehensive security program  Information security training and user support  Awareness program
Administration – Centralized Security Function  Infrastructure consist of:  Comprehensive Security Plan: Defines security responsibilities for each level of personnel as well as a timeline for the development and implementation of policies, procedures and physical infrastructure.  Accurate and Complete Information: Publishing should be online for easy access with email notification of employees as new policies arises.
Administration – Centralized Security Function  Information asset ownership and sensitivity classifications    Ownership: Who is responsible for the information, including security Sensitivity Classification: determination of how damaging an item of information might be if it were disclosed inappropriately. Determines what information should be encrypted Identification of a comprehensive security program: Security plan can avert and minimized threats by the Identification of responsibility for :  Information integrity  Privacy  Confidentiality
Administration – Centralized Security Function  Information security training and user support: Important component in fostering a proper system is by incorporating education and proper training.  Awareness program: Remind user of the need to protect information
Level of Access  Strictly granted on a need-to-know basis  Access Limitation: On dependence to personnel levels or “user classification,” area in the system are accessible.   Example: Nursing Assistant would only have access to the documentation of hygiene, dietary intakes, vital signs, input and output but no other area in the patients records User Authentications: Authentication of the user through passwords, smartcards, fingerprint, voice recognition or a even third authentication system such as Kerberos and Sesame can be used
Personal Issues  Policies and procedures must be established and communicated to all personnel who handle Information.  Key element include:  Information Ethics training Including:  Audit Trails- Records of IS (Personnel) activity.  Acceptable Computer users- includes authorization access and only authorized and legal copies of software.  Collect only required Data – Limiting the collection of information to what is needed.  Encourage client review of file for accuracy and error correction - Ensuring accuracy  Establish controls for the use of information after hours and off-site – Policy limiting usage of accessing patient information after hours.
Personal Issues  Key elements include:  Access control  System monitoring  Data Entry  Backup procedures  Responsibilities for the use of information on mobile devices  Exchange of client information
HIPPA Education & Training FOR EMPLOYEES AND PATIENTS
HIPAA Education for Employees Institutions should:  Administer a HIPAA Policy handbook for new hires with privacy and confidentiality measures.  Have all staff read and sign a confidentiality statement which is to be stored in the employees file.  Implement required online training modules for all staff to complete.   Require annual mandatory re-training modules. Offer advanced HIPAA training appropriate to each individuals responsibilities at their institution.
HIPAA Education for Patients  It is required by law that all patients receive a Notice of Privacy Practices from a doctor, hospital, or any other health care provider that they see in person.   This form tells patients how the health care provider may use and share their health information and how the patient can exercise their health privacy rights. It is also required by law for each patient to sign a form stating they received a copy of the notice of privacy practices.  The notice must describe:  ways that the Privacy Rule allows the covered entity to use and disclose protected health information. It must also explain that the entity will get patient’s permission, or authorization, before using their health records for any other reason.  the covered entity’s duties to protect health information privacy.  privacy rights, including the right to complain to Health and Human Services (HHS) and to the covered entity if you believe your privacy rights have been violated.
HIPAA Education Starts in the Classroom  HIPAA education and training should be implemented in the curriculum of all studies affiliated with the medical field.  Early education allows for full understanding of privacy and confidentiality policies prior to entering the clinical field.  This allows for staff at clinical sites to act as role models for students and aid in educating about HIPAA rules and regulations.
Proper Disposal of PHI (Protected Health Information) MANDATED THROUGH HIPAA
PHI DEFINED PHI stands for Protected Health Information and is used within HIPAA to describe the type of information that must never be seen by unauthorized individuals. PHI can come in many forms whether it be paper or electronic and can involve patient demographic information, diagnostic study results, treatment records, billing information, and any other form of information pertaining to the patients stay at any type of medical institution.
Required Proper PHI Disposal  The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form.  Improper disposal of PHI can result in a mandatory fine of up $1,500,000 as well a an investigation enforced by the State Attorney General and the Health and Human Services (HHS).  Under the HIPAA Privacy Rule institutions are not authorized to dispose of PHI in any containers that could be potentially accessible to the public.
Paper PHI Disposal  Paper forms of PHI are to disposed through, shredding, burning, pulping, or pulverizing.  Once disposed of the PHI must be rendered unreadable without the possibility of being reconstructed.  Many institutions use secure document disposal receptacles throughout the facility designated strictly for PHI paper records. A vendor then removes the paper PHI from the receptacle to be properly shredded and disposed of.
Electronic and Pharmaceutical PHI Disposal Electronic Disposal  PHI is automatically stored on the hard drives of computers therefore in order to properly dispose of the record:  The system could be cleared through software that will overwrite the recorded data.  Purging the system by disrupting the recorded magnetic domains  Complete destruction of the system to destroy any material that may be stored. Labeled Medication Disposal  Pharmaceuticals are always labeled with patient demographic information and must be properly disposed of.  Most institutions use opaque bags to store disposed labeled medication.  Vendors will then take the bags from the facility and properly dispose of the labeled medications without breaching privacy regulations.
Ensure Proper Disposing  Proper HIPAA education of all staff is very important to ensure privacy and confidentiality regulations are being followed. In order to be sure all staff are up to date on HIPAA regulations it is important to re-educate annually. Patients should be educated on their rights as well and should always receive a Notice of Privacy Practices upon admission. Educating all staff (including students) will ensure proper handling and disposing of all PHI information.
Video
References  PHI Disposal. (2011) Welcome to Proper PHI Disposal. Retrieved from http://www.properphidisposal.net/  University of California. (2008). Privacy Training. HIPAA checklist for new hires: UCSF staff employee/postdocs. Retrieved from http://hipaa.ucsf.edu/education/staff/default.html  U.S. Department of Health and Human Services. (2009). Frequently Asked Questions About the Disposal of Protected Health Information. The HIPAA Privacy and Security Rule. Retrieved from www.hhs.gov/ocr/.../disposalfaqs.pdf  Wimberley, P., Isaacson, J., & Walden, D. (2005). HIPAA and Nursing Education: How to Teach in a Paranoid Health Care Environment. Journal Of Nursing Education, 44(11), 489-492.  Czar. P, & Hebda, T. (2013) Handbook of informatics for nurses and healthcare professionals. Upper Saddle River, New Jersey  US Department of Health and Human Services
References  US Department of Health and Human Services (2010, July) http://www.hrsa.gov  American Medical Association. (2014). HIPAA Violations and Enforcement. HIPAA Violations and Enforcement. Retrieved February 02, 2014, from http://www.amaassn.org//ama/pub/physician-resources/solutions-managing-your-practice/coding-billinginsurance/hipaahealth-insurance-portability-accountability-act/hipaa-violationsenforcement.page  Associated press. (2008, April 17). Nurse admits to privacy violation in HIPAA case. Healthcare Business News, Research and Events from Modern Healthcare. Retrieved February 1, 2014, fromhttp://www.modernhealthcare.com/article/20080417/NEWS/621626204  Gungor, F. (2013, June 09). Resources. 10 Examples of HIPAA Violations. Retrieved January 31, 2014, from http://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAAViolations  Dept of Health and Human Resources. (2003). Office of Civil Rights Privacy brief [Brochure]. Author. Retrieved February 02, 2014, from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf  Latner, A. (2013, June). Fax Sent to Wrong Number Results in HIPAA Violation. - Renal and Urology News. Retrieved February 2, 2014, from http://www.renalandurologynews.com/faxsent-to-wrong-number-results-in-hipaa-violation/article/305022/

Recommandé

Hippa laws
Hippa lawsHippa laws
Hippa lawsBecky Bauer
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021John Reardon
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide showheathercool
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshowheronimus92
 

Recommandé

Hippa laws
Hippa lawsHippa laws
Hippa lawsBecky Bauer
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021John Reardon
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide showheathercool
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshowheronimus92
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690AMSIMM9932
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio PresentationLisa Shannon, RN, BSN, JD.
 
Hippa breaches
Hippa breachesHippa breaches
Hippa breachesViSolve, Inc.
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA DamianKnowles1
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
Hipaa
HipaaHipaa
Hipaamario.mendoza99
 
Hippa
HippaHippa
Hippacameonicole
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017Ashley Valenzuela
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12O2 TESTING SERVICES
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13University of North Alabama - Academic Affairs
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamAtlantic Training, LLC.
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
Hippa
HippaHippa
HippaBetty Davis
 
Patient privacy
Patient privacyPatient privacy
Patient privacyshstre3745
 

Contenu connexe

Tendances

HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690AMSIMM9932
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 

Tendances (20)

HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio Presentation
 
Hippa breaches
Hippa breachesHippa breaches
Hippa breaches
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAA
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information security
 
Hipaa
HipaaHipaa
Hipaa
 
Hippa
HippaHippa
Hippa
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian Fleetham
 
HIPAA
HIPAAHIPAA
HIPAA
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
 

En vedette

Patient privacy
Patient privacyPatient privacy
Patient privacyshstre3745
 
Webinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your BusinessWebinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your BusinessBhavna Dalal
 
Certification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT SystemsCertification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT SystemsMaurice Dawson
 
A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...Ukam John Victor
 
Ubiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong LearnersUbiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong Learnersbtabuenca
 
Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)Earnest Sweat
 
Cyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online ThreatsCyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online Threatsmkinzie
 
Data Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information SystemsData Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information SystemsApollo Hospitals Group and ATNF
 
Decision support system for financial liquidity planning
Decision support system for financial liquidity planningDecision support system for financial liquidity planning
Decision support system for financial liquidity planningErik Kaju
 
Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)Earnest Sweat
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health recordsJocelyn Garcia
 
Introduction to Information Technology (IT)
Introduction to Information Technology (IT)Introduction to Information Technology (IT)
Introduction to Information Technology (IT)Amber Bhaumik
 
Effects of Technological Device to Students
Effects of Technological Device to StudentsEffects of Technological Device to Students
Effects of Technological Device to StudentsKollins Lolong
 
Information technology ppt
Information technology ppt Information technology ppt
Information technology ppt Babasab Patil
 
Introduction to information technology lecture 1
Introduction to information technology lecture 1Introduction to information technology lecture 1
Introduction to information technology lecture 1adpafit
 

En vedette (20)

Hippa
HippaHippa
Hippa
 
Patient privacy
Patient privacyPatient privacy
Patient privacy
 
Webinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your BusinessWebinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your Business
 
Hippa presentation2
Hippa presentation2Hippa presentation2
Hippa presentation2
 
Certification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT SystemsCertification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT Systems
 
A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...
 
Techno-Unemployment
Techno-UnemploymentTechno-Unemployment
Techno-Unemployment
 
Ubiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong LearnersUbiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong Learners
 
Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)
 
Cyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online ThreatsCyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online Threats
 
Data Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information SystemsData Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information Systems
 
Decision support system for financial liquidity planning
Decision support system for financial liquidity planningDecision support system for financial liquidity planning
Decision support system for financial liquidity planning
 
Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
 
Introduction to Information Technology (IT)
Introduction to Information Technology (IT)Introduction to Information Technology (IT)
Introduction to Information Technology (IT)
 
Effects of Technological Device to Students
Effects of Technological Device to StudentsEffects of Technological Device to Students
Effects of Technological Device to Students
 
Windows 10
Windows 10Windows 10
Windows 10
 
IT ppt
IT pptIT ppt
IT ppt
 
Information technology ppt
Information technology ppt Information technology ppt
Information technology ppt
 
Introduction to information technology lecture 1
Introduction to information technology lecture 1Introduction to information technology lecture 1
Introduction to information technology lecture 1
 

Similaire à Hippa final JU nursing informatics

HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcherEmed32
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
Protected health information
Protected health informationProtected health information
Protected health informationmiszkeeta
 
Hippa compliance training
Hippa compliance trainingHippa compliance training
Hippa compliance trainingscapoccia
 
MHA 690-Confidentiality
MHA 690-ConfidentialityMHA 690-Confidentiality
MHA 690-Confidentialitysuzettedavis
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)bholmes
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarcEtienne6
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentialityTheresa Tapley
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcareQueen Myers
 
Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)DonnaShockley
 
Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690BrooklynRose1267
 
Protecting yourself and others
Protecting yourself and othersProtecting yourself and others
Protecting yourself and otherssatart1944
 

Similaire à Hippa final JU nursing informatics (20)

HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcher
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
Protected health information
Protected health informationProtected health information
Protected health information
 
Hippa compliance training
Hippa compliance trainingHippa compliance training
Hippa compliance training
 
MHA 690-Confidentiality
MHA 690-ConfidentialityMHA 690-Confidentiality
MHA 690-Confidentiality
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentation
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentiality
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in Healthcare
 
Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)
 
Confidentiality Training
Confidentiality Training Confidentiality Training
Confidentiality Training
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690
 
Protecting yourself and others
Protecting yourself and othersProtecting yourself and others
Protecting yourself and others
 

Dernier

Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 

Dernier (20)

Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 

Hippa final JU nursing informatics

  • 1. HIPPA and Information Technology BULNES, STEPHANIE CANNADY, DEVIN CANTY, KRISTI CLARKSON, HEATHER
  • 2. What is the Health Insurance Portability and Accountability Act (HIPAA)?  It is a federal law created in 1996, enforced by the Office of Civil Rights which protects the privacy of individually identifiable health information.
  • 3. HIPAA RULES: The Privacy Rule  Provides standards to protect patients medical records and other personal health information.  Sets limits on uses and disclosures.  Gives patients rights over their health information.
  • 4. HIPAA RULES: The Security Rule  Creates standards to protect patients electronic personal health information that is created, received, used, or maintained by a health plan, healthcare clearinghouse or health care provider  requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Health Information Privacy 2007)
  • 5. HIPAA RULES: The Breach Notification Rule  requires HIPAA covered entities (health plans, healthcare clearinghouses, healthcare providers) and their business associates to provide notification following a breach of unsecure protected health information.
  • 6. 2011 HIPAA Violations Resource: onlinetech.com
  • 7. Information System  Protection of information against threats to its integrity inadvertent disclosure or availability  Information systems can improve protection for client information in some ways and endanger it in others.  The electronic medical record cannot easily be viewed by anyone who doesn’t have access code. (Hebda, Czar 2013, p235)
  • 8. Consent  The process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used.  When obtaining consent the patient should be made aware of any risks to privacy.  HIPAA has a consent form for the release of health related information that is intended to protect a patients privacy.  The consent form is based on rules and restrictions on who may see or be notified of a patients protected health information.
  • 9. What would you do? You are the nurse for an elderly confused patient. The patient is becoming increasingly confused and keeps asking for her son Larry. You access her medical records and find that Larry is not the patients health care proxy but is listed as one the patient contacts. You are the nurse for an intubated comatose patient. A woman comes to visit the patient stating she is the patients sister. You access the patient records, there is no information about the patient having a sister. A family member calls and states he is the patients Health Care Proxy and would like information on the patient, you have never met the him but his name matches the one on the patients record.
  • 10. System Security HIPAA PROTECTS THE SECURITY AND PRIVACY OF ALL PERSONAL HEALTH INFORMATION (PHI) WHICH REFERS TO MEDICAL RECORDS AND OTHER HEALTH INFORMATION USED OR STORED IN ANY FORM. THIS INCLUDES COMMUNICATION THAT IS WRITTEN, VERBAL, ELECTRONIC OR NON ELECTRONIC.
  • 11. System Security Compliance  This includes computer screens, white boards, phone conversations, waste basket, patient chart, smart phones, conversation in elevator and many more.  Compliance with HIPAA is about people, policies and procedures that make good sense. Remember that it is always about what is best for the patient.
  • 12. The Minimum Necessary Rule  In accordance with the Federal HIPAA law information may shared with other health care providers for the purpose of TPO: Treatment  Payment  Healthcare operations   Patient information should only be accessed, used, or disclosed in the amount that is the MINIMUM NECESSARY in order for an individual to perform his/her duties. For example: The lab does not need to know the admitting diagnosis to run an Hepatitis screen on a patient’s blood.
  • 13. Breaches in Security  According to American Medical News 94% of facilities suffered a breach in security in the last 2 years. Leaving thousands of Americans at risk of Medical Identity theft.  An entity regulated by HIPAA must have reasonable administrative, technical and physical safeguards to protect against intentional or unintentional disclosure of protected health information. This may include, shredding documents when they are disposed of and keeping electronic documents under password protected or key code security.  Entities must have policies and procedures in place to keep employees from inadvertently sharing private information, such as closing computer screens before leaving the area and turning computer screens away from an area where they may be viewed by a family member.
  • 14. Small Scale Snooping  According to a survey by Veriphyr, the majority of HIPAA violations and security breaches are due to insiders who are snooping into the medical records of their coworkers, relatives or even looking at their own medical record.  In this instance the facility must have policies and procedures in place to ensure all employees understand the electronic access needed to perform their job and sanctions in place if inappropriate access is discovered.
  • 15. Penalties for violations of HIPAA  The American Recovery and Reinvestment act of 2009 established civil penalties for the violation of HIPAA Federal Law.  The penalties for violation of HIPAA laws have a tiered structure which is based on the nature and extent of the violation.  The Secretary of the Department of Health and Human Resources has the discretion to determine the amount of the penalty based on the nature of the violation and the resulting harm.  The Secretary is prohibited from imposing a civil penalty if the violation is corrected within 30 days except in cases of willful neglect.
  • 17. Case Study  An Arkansas LPN may face 10 years in prison and/or a $250,000 fine.  Smith pleaded guilty to wrongfully disclosing individually identifiable health information for personal gain and malicious harm  According to the associated press, the nurse obtained private medical information on a patient while working at clinic in Arkansas.  She then shared the information with her husband who contacted the patient and threatened to use the information against him in a court proceeding the two were involved in,  The patient contacted the states attorney’s office and charges were filed against the nurse and her husband.
  • 18. Case Study  An HIV positive patient relocating to another city asks his existing physician to fax his medical records to his new doctor.  The busy office manager mistakenly faxed the records to the patient’s new employer. The fax did not have a cover sheet that indicated that the content was confidential.  The patient was very upset that his new employer had private information about health. He contacted the US Department of Health and Human Services, who referred the case to the Office of Civil Rights (OCS).  The physician’s office was investigated and the staff underwent voluntary HIPAA privacy training.
  • 20. Policy and Procedure  Administrative – Responsible for creating and managing an infrastructure which protects client privacy and confidentiality. This involves:  Developing a Plan  Policies designated structure for implementation  User access levels  Adequate budget
  • 21. Administration – Centralized Security Function  Comprehensive Security Plan  Accurate and complete information  Information asset ownership and sensitivity classifications  Identification of a comprehensive security program  Information security training and user support  Awareness program
  • 22. Administration – Centralized Security Function  Infrastructure consist of:  Comprehensive Security Plan: Defines security responsibilities for each level of personnel as well as a timeline for the development and implementation of policies, procedures and physical infrastructure.  Accurate and Complete Information: Publishing should be online for easy access with email notification of employees as new policies arises.
  • 23. Administration – Centralized Security Function  Information asset ownership and sensitivity classifications    Ownership: Who is responsible for the information, including security Sensitivity Classification: determination of how damaging an item of information might be if it were disclosed inappropriately. Determines what information should be encrypted Identification of a comprehensive security program: Security plan can avert and minimized threats by the Identification of responsibility for :  Information integrity  Privacy  Confidentiality
  • 24. Administration – Centralized Security Function  Information security training and user support: Important component in fostering a proper system is by incorporating education and proper training.  Awareness program: Remind user of the need to protect information
  • 25. Level of Access  Strictly granted on a need-to-know basis  Access Limitation: On dependence to personnel levels or “user classification,” area in the system are accessible.   Example: Nursing Assistant would only have access to the documentation of hygiene, dietary intakes, vital signs, input and output but no other area in the patients records User Authentications: Authentication of the user through passwords, smartcards, fingerprint, voice recognition or a even third authentication system such as Kerberos and Sesame can be used
  • 26. Personal Issues  Policies and procedures must be established and communicated to all personnel who handle Information.  Key element include:  Information Ethics training Including:  Audit Trails- Records of IS (Personnel) activity.  Acceptable Computer users- includes authorization access and only authorized and legal copies of software.  Collect only required Data – Limiting the collection of information to what is needed.  Encourage client review of file for accuracy and error correction - Ensuring accuracy  Establish controls for the use of information after hours and off-site – Policy limiting usage of accessing patient information after hours.
  • 27. Personal Issues  Key elements include:  Access control  System monitoring  Data Entry  Backup procedures  Responsibilities for the use of information on mobile devices  Exchange of client information
  • 28. HIPPA Education & Training FOR EMPLOYEES AND PATIENTS
  • 29. HIPAA Education for Employees Institutions should:  Administer a HIPAA Policy handbook for new hires with privacy and confidentiality measures.  Have all staff read and sign a confidentiality statement which is to be stored in the employees file.  Implement required online training modules for all staff to complete.   Require annual mandatory re-training modules. Offer advanced HIPAA training appropriate to each individuals responsibilities at their institution.
  • 30. HIPAA Education for Patients  It is required by law that all patients receive a Notice of Privacy Practices from a doctor, hospital, or any other health care provider that they see in person.   This form tells patients how the health care provider may use and share their health information and how the patient can exercise their health privacy rights. It is also required by law for each patient to sign a form stating they received a copy of the notice of privacy practices.  The notice must describe:  ways that the Privacy Rule allows the covered entity to use and disclose protected health information. It must also explain that the entity will get patient’s permission, or authorization, before using their health records for any other reason.  the covered entity’s duties to protect health information privacy.  privacy rights, including the right to complain to Health and Human Services (HHS) and to the covered entity if you believe your privacy rights have been violated.
  • 31. HIPAA Education Starts in the Classroom  HIPAA education and training should be implemented in the curriculum of all studies affiliated with the medical field.  Early education allows for full understanding of privacy and confidentiality policies prior to entering the clinical field.  This allows for staff at clinical sites to act as role models for students and aid in educating about HIPAA rules and regulations.
  • 32. Proper Disposal of PHI (Protected Health Information) MANDATED THROUGH HIPAA
  • 33. PHI DEFINED PHI stands for Protected Health Information and is used within HIPAA to describe the type of information that must never be seen by unauthorized individuals. PHI can come in many forms whether it be paper or electronic and can involve patient demographic information, diagnostic study results, treatment records, billing information, and any other form of information pertaining to the patients stay at any type of medical institution.
  • 34. Required Proper PHI Disposal  The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form.  Improper disposal of PHI can result in a mandatory fine of up $1,500,000 as well a an investigation enforced by the State Attorney General and the Health and Human Services (HHS).  Under the HIPAA Privacy Rule institutions are not authorized to dispose of PHI in any containers that could be potentially accessible to the public.
  • 35. Paper PHI Disposal  Paper forms of PHI are to disposed through, shredding, burning, pulping, or pulverizing.  Once disposed of the PHI must be rendered unreadable without the possibility of being reconstructed.  Many institutions use secure document disposal receptacles throughout the facility designated strictly for PHI paper records. A vendor then removes the paper PHI from the receptacle to be properly shredded and disposed of.
  • 36. Electronic and Pharmaceutical PHI Disposal Electronic Disposal  PHI is automatically stored on the hard drives of computers therefore in order to properly dispose of the record:  The system could be cleared through software that will overwrite the recorded data.  Purging the system by disrupting the recorded magnetic domains  Complete destruction of the system to destroy any material that may be stored. Labeled Medication Disposal  Pharmaceuticals are always labeled with patient demographic information and must be properly disposed of.  Most institutions use opaque bags to store disposed labeled medication.  Vendors will then take the bags from the facility and properly dispose of the labeled medications without breaching privacy regulations.
  • 37. Ensure Proper Disposing  Proper HIPAA education of all staff is very important to ensure privacy and confidentiality regulations are being followed. In order to be sure all staff are up to date on HIPAA regulations it is important to re-educate annually. Patients should be educated on their rights as well and should always receive a Notice of Privacy Practices upon admission. Educating all staff (including students) will ensure proper handling and disposing of all PHI information.
  • 38. Video
  • 39. References  PHI Disposal. (2011) Welcome to Proper PHI Disposal. Retrieved from http://www.properphidisposal.net/  University of California. (2008). Privacy Training. HIPAA checklist for new hires: UCSF staff employee/postdocs. Retrieved from http://hipaa.ucsf.edu/education/staff/default.html  U.S. Department of Health and Human Services. (2009). Frequently Asked Questions About the Disposal of Protected Health Information. The HIPAA Privacy and Security Rule. Retrieved from www.hhs.gov/ocr/.../disposalfaqs.pdf  Wimberley, P., Isaacson, J., & Walden, D. (2005). HIPAA and Nursing Education: How to Teach in a Paranoid Health Care Environment. Journal Of Nursing Education, 44(11), 489-492.  Czar. P, & Hebda, T. (2013) Handbook of informatics for nurses and healthcare professionals. Upper Saddle River, New Jersey  US Department of Health and Human Services
  • 40. References  US Department of Health and Human Services (2010, July) http://www.hrsa.gov  American Medical Association. (2014). HIPAA Violations and Enforcement. HIPAA Violations and Enforcement. Retrieved February 02, 2014, from http://www.amaassn.org//ama/pub/physician-resources/solutions-managing-your-practice/coding-billinginsurance/hipaahealth-insurance-portability-accountability-act/hipaa-violationsenforcement.page  Associated press. (2008, April 17). Nurse admits to privacy violation in HIPAA case. Healthcare Business News, Research and Events from Modern Healthcare. Retrieved February 1, 2014, fromhttp://www.modernhealthcare.com/article/20080417/NEWS/621626204  Gungor, F. (2013, June 09). Resources. 10 Examples of HIPAA Violations. Retrieved January 31, 2014, from http://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAAViolations  Dept of Health and Human Resources. (2003). Office of Civil Rights Privacy brief [Brochure]. Author. Retrieved February 02, 2014, from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf  Latner, A. (2013, June). Fax Sent to Wrong Number Results in HIPAA Violation. - Renal and Urology News. Retrieved February 2, 2014, from http://www.renalandurologynews.com/faxsent-to-wrong-number-results-in-hipaa-violation/article/305022/