This document provides an overview of privacy and information security awareness for healthcare workers. It covers key laws governing protected health information privacy including HIPAA, responsibilities for protecting sensitive data, examples of privacy incidents to report, and consequences for non-compliance. The objectives are to educate about privacy laws, recognizing sensitive data, responsibilities, how to protect information, how and to whom to report incidents, and penalties.
Confidentiality and Data Protection in Health Care
Privacy & Information Security Awareness
1. PRIVACY & INFORMATION SECURITY AWARNESS
Ashford University
MHA 690: Health Care Capstone
Dr. Sherry Grover
May 23, 2013
2. Course Objectives
Knowledge about the laws that governs the privacy
and protection of identifiable health information
Recognize the types of information that must be kept
private
Recognize your responsibilities to protect privacy
when dealing with sensitive information
How to protect the privacy of identifiable health
information
Examples of incidents to report
Knowledge of the process for reporting incidents and
penalties of non-compliance
3. Laws and Regulations
Privacy Act of 1974 – Governs the collection, use and distribution o
a person’s identifiable information kept in a system of record
Health Insurance Portability & Accountability Act (HIPPA)- law th
protects the privacy of ones person’s personal health information
Federal Information Security Management Act (FISMA) – law that
requires a risk assessment program, policies and procedures,
evaluation of security controls, and provide training of information
security to all employees
Health Information Technology for Economic and Clinical Health
Act (HITECH) – requires patients to be notified of security breach,
funds the adoption of health information technology for organization
and enforces HIPPA violation penalties
4. What to Protect
Sensitive information includes both our organizational
business information and patients’ private information.
Violations can be accidental or purposefully. Do not
disclose, modify, or destroy any sensitive information
unless you are authorized to do so. Sensitive information
includes:
Protected Health Information (PHI)
Personal Identifiable Information
Internal Business Information
5. Your Responsibilities to Protect It
Information security will be maintained when
you ensure the following:
Integrity – information is secure and
protected from being damaged or altered
Confidentiality – information is kept
private and not disclosed to those who do not
have permission to view it
Availability – access to information systems
and networks are available to those who have
been granted permission
6. How to Protect It
Follow the policies and procedures
Only access and view information that is
needed for you to do your job
Use encrypted email
Do not place sensitive information in
trash receptacles
Do not discuss sensitive information in
public places
8. Examples of Incidents
Observing someone access records that
he/she should not
Observing someone change or delete
records without proper permission
Finding a device with sensitive
information
Hearing a persons discussing sensitive
information to an unauthorized person
Accessing mail or email that you should
not access
9. Examples of Incidents
Observing someone access records that
he/she should not
Observing someone change or delete
records without proper permission
Finding a device with sensitive
information
Hearing a persons discussing sensitive
information to an unauthorized person
Accessing mail or email that you should
not access
10. How to Report an Incident
Immediately notify your supervisor and ISO of:
Person (s) involved
The time of the incident
What information was shared
If the incident is after hours or weekends, you can
call the Helpdesk @ 800-877-4327.
11. Consequences
Suspension of access to information systems
Disciplinary actions in your personnel file
Suspension or job loss
Civil or criminal prosecution
Fines and/or imprisonment
12. Civil and Criminal Penalties
Destroy records without being authorized -
$2000 in fines & 3 years in prison
Violation of the Privacy Act - $5000 & 1 year in
prison per occurrence
Intentional incident - $250,000 fines & 10 years
in prison
Deficiencies in the care of patients suffering from such chronic conditions like diabetes mellitus (DM), heart failure (HF), coronary artery disease (CAD), and asthma loom large in the United States health care system. It is understandable therefore, that managed care organizations with a high stake in reimbursements activities take a lead in developing chronic disease management programs for their patients (Wallace, 2005). This is exactly what CIGNA Health Insurance Company has done. CIGNA has an award-winning, Well Aware for Better Health programs for diabetes, CAD, chronic obstructive pulmonary disease, HF, asthma etc. This presentation will focus on the CIGNA Well Aware for Better Health diabetes program. CIGNA has a long standing relationship with Heathway, Inc. and the program is a joint effort by both companies (CIGNA, 2007). It will include the role of preventing disease, patient incentives, physician incentives, case management, facilities, quality of care, prescription benefits, and the future of data use and informatics. The Well Aware for Better Health for diabetes is a full-service disease management that provides telephone counseling to diabetic patients from a clinician, and education and support; it reinforces the physician’s care plans and uses tools that enable participants to effectively manage their condition. It is developed in accordance with nationally recognized clinical and professional guidelines of the American Diabetes Association; American Heart Association, and U.S. Preventive Services to name but a few (CIGNA, 2007).
Diabetes is one of the most common and costly of all the chronic conditions. The Center for Disease Control and Prevention estimates that, 14.5 million Americans have been diagnosed with diabetes, and 6.2 million are undiagnosed. In 2002 the cost of treating diabetes equaled $92 billion; additional indirect cost from disability, and lost work days associated with diabetes were estimate at about $40 billion. Health plans therefore, understand the need to manage this disease because it can be a good investment (Bealieu, Cutler, Ho, Isham, Lindquist, Nelson & O’Connor, 2006). Prevention of a disease starts with identifying those who are at risk. Some of the complications such as blindness, kidney failure, and stroke are associated with diabetes. CIGNA Well Aware for Better Health program starts with identification of the members who quality The initial assessment interview conducted by the clinician includes identification of risk factors, and the assignment of patients into the appropriate risk categories.
Participants receive calls from clinicians and those identified as higher risk receive more calls. Factors such as clinical status, utilization, co-morbidities and clinical assessments determine the frequency of the clinical calls. Reassessments are conducted periodically, and patients are reassigned into other categories as needed. Interventions include access to more specific education and support from specialist such as nutritionist etc. One goal of the diabetes program is to minimize, delay or prevent disease progress and complications if possible (CIGNA, 2007). Diabetes screening is a potent tool for disease prevention, allowing for early risk identification and the institution of treatment modalities to prevent the onset of the disease. Participants receive resources at the beginning of the program to help them track their progress. They are provided a diabetes workbook, a list of good health guidelines, and aplace to record results and test dates. They also receive annual flu and/or pneumonia vaccine reminder letter, access to toll-free 24/7 Well Aware for Better Health clinicians, online access to Well Aware for Better Health materials, self-care plan to record participant-identified goals during calls with clinicians, and yearly patient satisfaction surveys (CIGNA, 2007).
Measures commonly used to assess quality of care for diabetes was designed by the Centers for Medicare and Medicaid Services, and the National Committee on Quality Assurance (NCOA). These measures became part of the NCQA’s Health Plan Employer Data and Information Set (HEDIS) in 2000. These screening measures comprise of HbA1C testing, blood pressure testing, and cholesterol testing (Beaulieu, et al., 2006). CIGNA is evaluated by NCQA for quality and patient safety. Result from 2002-2006; HEDIS Effectiveness of Care showed an 89.50% HgbA1c screening, and 52.97% annual eye exams for diabetic patients. For cardiac conditions, there was 98.41% beta blocker treatment after heart attack, a 79.74% cholesterol management (LDL screen), and a 73.08% controlling high blood pressure. These are evidence of high quality care provided by chronic disease management programs at CIGNA (CIGNA, 2013).
CIGNA informatics helps facilitate strategic decision-making, improve employee enragement, help customers make better choices, and keep pace with clinicians online in the diabetes program. CIGNA has integrated data across claims, eligibility, clinical interventions, and consumer actions are readily available for analysis by members. It builds consumer-centric profile by leveraging data from traditional data sources, as well as clinical interventions, member events like the use of myCIGNA.com, and health risk assessment. This is valuable to participants in the Well Aware programs including the one on diabetes. Its comprehensive analytical framework is based on member-level data set that allows the company to break an employee/dependent population into action-oriented cohorts to identify potential strategies (CIGNA, 2008).
The importance of medication compliance for those with diabetes cannot be over-emphasized. CIGNA‘s Well Aware for Better Health diabetes program helps diabetics to take their medications appropriately and to monitor and control blood sugar levels. The Pharmacy Management’s Coach Rx program reaches involves reaching out to participants who are not compliant or regular with their medication regimen. Pharmacy coaches are available to assist those with challenges to medication compliance include the uneducated, the elderly and disable, in order to bring about change in behavior, and in the end consequently improve their health (Center for Health Value Innovation,2013)
The importance of medication compliance for those with diabetes cannot be over-emphasized. CIGNA‘s Well Aware for Better Health diabetes program helps diabetics to take their medications appropriately and to monitor and control blood sugar levels. The Pharmacy Management’s Coach Rx program reaches involves reaching out to participants who are not compliant or regular with their medication regimen. Pharmacy coaches are available to assist those with challenges to medication compliance include the uneducated, the elderly and disable, in order to bring about change in behavior, and in the end consequently improve their health (Center for Health Value Innovation,2013)
CIGNA’s analytical tools are a leader in the health plan industry. They are based on member-level data sets that allow examination of trend by cohorts to drive action. COGNOS 8 technology is leveraged to deliver access to all information to the desk of the analyst. The analyst can rapidly identify problem areas. Expert consultation team consists of experts from different specialties who can provide additional value through the interpretation of results. A typical team will consist of an informatics consultant, a Customer Value Analyst (CVA), and a Medical Director, and a licensed physician (CIGNA, 2008).
Case managers provide a personal touch; checking in with patients regularly by phone, coordinating their care, and helping them overcome their challenges and frustrations. Diabetes patients in the Well Aware for Better Health program have clinicians available 24/7 on the phone to address any pertinent issues related to the program success. It helps diabetic patients follow their doctor’s plan of treatment, avoid complications, and improve quality of life. The CIGNA Well Aware for Better Health program identifies gaps, omissions, and errors in an individual’s health by analyzing medical, behavioral, pharmacy, and laboratory data (Center for Health Value Innovation, 2013).
At CIGNA physician groups must maintain quality at or above market average or improve quality as measured by evidence-based medicine standards. If the requirements are met, the group is paid based on a periodic care management fee per aligned patient. This unique approach provides motivation to achieve improvement in quality and affordability outcomes (CIGNA, 2011). CIGNA also demonstrates quality care through its Well Aware for diabetes selection process which involves a random selection of medical records form network Primary Care Physicians (PCPs) who have more than 50 members as patients. Medical records are current, detailed, and organized to ensure that members receive effective, safe, confidential patient care. Confidentially of patient information is enforced, performance goals are established by the Quality Management Committee to serve as Benchmark for the medical record documentation, uses utilizes medical records best practices-electronic medical record documentation resulting in higher scores for legible documentation and fewer errors and omissions. Also allergy and type of reactions are noted on the front of patients charts using stamp or stickers and the consistent use of pr-printed assessments, planning and follow-up needs forms increase overall performance.