2. • Welcome to the ITC training module for confidentiality
awareness. This program will present a brief overview of
ITC’s policies and the federal HIPAA regulations that
deal with privacy and data security.
• ITC is committed to compliance with federal and state
laws that protect the privacy of our consumers’ health
information. There are federal and state laws and
standards that pertain to any individual that enters a
health care organization and may directly or indirectly
impact the quality and safety of consumer care.
3. • Caregivers who will have access or potential access to
consumers, health information, or other sensitive
information are required to know how to handle and
protect consumer privacy and data security.
• If you have any questions about privacy issues, please
contact your ITC Supervisor.
4. • HIPAA is the acronym for the Health Insurance
Portability and Accountability Act passed by Congress in
1996.
• The purpose of HIPAA regulations is to establish
national standards for safeguarding an individual’s
privacy and their Protected Health Information (PHI).
• All ITC facilities, employees, and caregivers must comply
with federal HIPAA regulations.
5. • HIPAA includes:
– Privacy Rules that keep Protected Health Information
(PHI) confidential, and provide penalties for
individuals who fail to keep consumer information
confidential.
– Security Rules to ensure the confidentiality and
integrity of all electronic Protected Health Information.
• There are also other federal and state laws that protect
PHI and provide penalties for individuals who violate
these laws.
6. • The HIPAA Privacy Rule gives consumers
important rights over their Protected Health
Information (PHI)
– Maintain the consumer’s basic right to respect,
dignity and privacy.
– Never share any consumer sensitive information
with anyone not associated with the consumer.
– Never discuss consumer sensitive information in
hallways, elevators or public spaces.
– Never post consumer information anywhere in or
out of the ITC office where it can be viewed by
others.
– Access the medical record only when necessary
for the care of the consumer .
– Comply with all HIPPA rules and regulations.
7. • Protected Health Information (PHI) is any health
information created, received, transmitted, or maintained
that:
– Relates to part, present or future physical or mental health, the
provision of health care, or payment for health care.
– Identifies the consumer, or could reasonably be expected to
identify the consumer.
8. • PHI includes all kinds of identifying
information including:
– Name: a consumer , relatives, employers,
caregivers, etc.
– Personal Data: date of birth, date of death,
address, phone number, etc.
– Numbers: Social Security number, medical
record, account, telephone, passport, health
insurance, etc.
– Graphics: photographs, videos, radiographs,
voice prints, fingerprints, etc.
– A document does not have to include a
consumer’s name to be considered PHI. It is
considered PHI if it includes any information
that can identify an individual.
9. • (PHI) comes in many forms:
– Paper records of all types
• Documents and forms
• Labels on consumer care items
• Photos and graphics
– Electronic records
• computer-based records
• portable storage media
• video recordings
– Verbal/Oral communications
– Observation
10. • Access to PHI is Limited to persons
who:
– Have a valid medical need for the
information
– Have a valid business need for the
information
– Are authorized to know the information
• There are multiple safeguards in
place to limit access to PHI and
confidential information.
– Attempts to bypass these safeguards is a
violation of HIPAA laws and ITC’s policies.
11. • The Professional Need to Know Rule limits
use, disclosures and requests for PHI to the
“professional need to know” to accomplish the task for
which the information is needed.
12. • Some examples of privacy violations:
– Accessing consumer information outside of
your “professional need to know”
activity, either from personal curiosity or for
any other unauthorized purpose.
– Removing an original or a copy of any
Protected Health Information from an ITC
office without authorization.
– Selling or inappropriately giving consumer
information to the news media.
13. • Some examples of privacy violations:
– Discussing consumer information in a
public area without taking reasonable
precautions.
– If in the course of your job duties you
observe or overhear information about
someone you know, you are responsible
to keep the information confidential, and
not share it with anyone.
– PHI or confidential documents should
never be discarded in the garbage. Place
in a secure shred bin or use a shredder.
14. • Violating federal Privacy and Security Rules can result in
personal liability, either civil or criminal sanctions,
including fines, jail time or both.
• Violating some state privacy and security laws can result
in personal liability, either civil or criminal sanctions,
including fines, jail time or both
– law allows consumers to seek damages as a result of
privacy/security incidents.
– law places liability directly on the individual who knowingly,
willfully or negligently obtains discloses or uses medical
information inappropriately.
15. • You are responsible for protecting your consumer or
other sensitive information that you have access to,
whether it is in a document, electronic, transmitted, or
received.
• You are responsible for protecting consumers or other
sensitive information that you may overhear or observe.
16. • Limit use, disclosure or requests for Protected Health
Information (PHI) to the “minimum necessary” to get your
work done.
• You are responsible for reporting a known or suspected
privacy incident.
17. • A breach of privacy that is known to any caregiver is to
be reported immediately.
• Some examples of situations that require reporting:
– Anyone accessing or removing PHI without authorization.
– A lost print job that you are unable to locate (containing PHI or
sensitive Information)
– Misdirected faxes
– If you observe or overhear inappropriate disclosure of PHI.
– A consumer who receives information about an unrelated
consumer.
• Report known or possible privacy incidents to your
immediate supervisor.