SlideShare una empresa de Scribd logo

Hippa final JU nursing informatics

Descargar como PPTX, PDF
K
kmcanty

HIPAA Presentation for JU BSN program

Educación
1 de 40
HIPPA and Information Technology BULNES, STEPHANIE CANNADY, DEVIN CANTY, KRISTI CLARKSON, HEATHER
What is the Health Insurance Portability and Accountability Act (HIPAA)?  It is a federal law created in 1996, enforced by the Office of Civil Rights which protects the privacy of individually identifiable health information.
HIPAA RULES: The Privacy Rule  Provides standards to protect patients medical records and other personal health information.  Sets limits on uses and disclosures.  Gives patients rights over their health information.
HIPAA RULES: The Security Rule  Creates standards to protect patients electronic personal health information that is created, received, used, or maintained by a health plan, healthcare clearinghouse or health care provider  requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Health Information Privacy 2007)
HIPAA RULES: The Breach Notification Rule  requires HIPAA covered entities (health plans, healthcare clearinghouses, healthcare providers) and their business associates to provide notification following a breach of unsecure protected health information.
2011 HIPAA Violations Resource: onlinetech.com
Information System  Protection of information against threats to its integrity inadvertent disclosure or availability  Information systems can improve protection for client information in some ways and endanger it in others.  The electronic medical record cannot easily be viewed by anyone who doesn’t have access code. (Hebda, Czar 2013, p235)
Consent  The process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used.  When obtaining consent the patient should be made aware of any risks to privacy.  HIPAA has a consent form for the release of health related information that is intended to protect a patients privacy.  The consent form is based on rules and restrictions on who may see or be notified of a patients protected health information.
What would you do? You are the nurse for an elderly confused patient. The patient is becoming increasingly confused and keeps asking for her son Larry. You access her medical records and find that Larry is not the patients health care proxy but is listed as one the patient contacts. You are the nurse for an intubated comatose patient. A woman comes to visit the patient stating she is the patients sister. You access the patient records, there is no information about the patient having a sister. A family member calls and states he is the patients Health Care Proxy and would like information on the patient, you have never met the him but his name matches the one on the patients record.
System Security HIPAA PROTECTS THE SECURITY AND PRIVACY OF ALL PERSONAL HEALTH INFORMATION (PHI) WHICH REFERS TO MEDICAL RECORDS AND OTHER HEALTH INFORMATION USED OR STORED IN ANY FORM. THIS INCLUDES COMMUNICATION THAT IS WRITTEN, VERBAL, ELECTRONIC OR NON ELECTRONIC.
System Security Compliance  This includes computer screens, white boards, phone conversations, waste basket, patient chart, smart phones, conversation in elevator and many more.  Compliance with HIPAA is about people, policies and procedures that make good sense. Remember that it is always about what is best for the patient.
The Minimum Necessary Rule  In accordance with the Federal HIPAA law information may shared with other health care providers for the purpose of TPO: Treatment  Payment  Healthcare operations   Patient information should only be accessed, used, or disclosed in the amount that is the MINIMUM NECESSARY in order for an individual to perform his/her duties. For example: The lab does not need to know the admitting diagnosis to run an Hepatitis screen on a patient’s blood.
Breaches in Security  According to American Medical News 94% of facilities suffered a breach in security in the last 2 years. Leaving thousands of Americans at risk of Medical Identity theft.  An entity regulated by HIPAA must have reasonable administrative, technical and physical safeguards to protect against intentional or unintentional disclosure of protected health information. This may include, shredding documents when they are disposed of and keeping electronic documents under password protected or key code security.  Entities must have policies and procedures in place to keep employees from inadvertently sharing private information, such as closing computer screens before leaving the area and turning computer screens away from an area where they may be viewed by a family member.
Small Scale Snooping  According to a survey by Veriphyr, the majority of HIPAA violations and security breaches are due to insiders who are snooping into the medical records of their coworkers, relatives or even looking at their own medical record.  In this instance the facility must have policies and procedures in place to ensure all employees understand the electronic access needed to perform their job and sanctions in place if inappropriate access is discovered.
Penalties for violations of HIPAA  The American Recovery and Reinvestment act of 2009 established civil penalties for the violation of HIPAA Federal Law.  The penalties for violation of HIPAA laws have a tiered structure which is based on the nature and extent of the violation.  The Secretary of the Department of Health and Human Resources has the discretion to determine the amount of the penalty based on the nature of the violation and the resulting harm.  The Secretary is prohibited from imposing a civil penalty if the violation is corrected within 30 days except in cases of willful neglect.
Civil Penalties
Case Study  An Arkansas LPN may face 10 years in prison and/or a $250,000 fine.  Smith pleaded guilty to wrongfully disclosing individually identifiable health information for personal gain and malicious harm  According to the associated press, the nurse obtained private medical information on a patient while working at clinic in Arkansas.  She then shared the information with her husband who contacted the patient and threatened to use the information against him in a court proceeding the two were involved in,  The patient contacted the states attorney’s office and charges were filed against the nurse and her husband.
Case Study  An HIV positive patient relocating to another city asks his existing physician to fax his medical records to his new doctor.  The busy office manager mistakenly faxed the records to the patient’s new employer. The fax did not have a cover sheet that indicated that the content was confidential.  The patient was very upset that his new employer had private information about health. He contacted the US Department of Health and Human Services, who referred the case to the Office of Civil Rights (OCS).  The physician’s office was investigated and the staff underwent voluntary HIPAA privacy training.
Policies and Procedures ADMINISTRATION AND PERSONAL
Policy and Procedure  Administrative – Responsible for creating and managing an infrastructure which protects client privacy and confidentiality. This involves:  Developing a Plan  Policies designated structure for implementation  User access levels  Adequate budget
Administration – Centralized Security Function  Comprehensive Security Plan  Accurate and complete information  Information asset ownership and sensitivity classifications  Identification of a comprehensive security program  Information security training and user support  Awareness program
Administration – Centralized Security Function  Infrastructure consist of:  Comprehensive Security Plan: Defines security responsibilities for each level of personnel as well as a timeline for the development and implementation of policies, procedures and physical infrastructure.  Accurate and Complete Information: Publishing should be online for easy access with email notification of employees as new policies arises.
Administration – Centralized Security Function  Information asset ownership and sensitivity classifications    Ownership: Who is responsible for the information, including security Sensitivity Classification: determination of how damaging an item of information might be if it were disclosed inappropriately. Determines what information should be encrypted Identification of a comprehensive security program: Security plan can avert and minimized threats by the Identification of responsibility for :  Information integrity  Privacy  Confidentiality
Administration – Centralized Security Function  Information security training and user support: Important component in fostering a proper system is by incorporating education and proper training.  Awareness program: Remind user of the need to protect information
Level of Access  Strictly granted on a need-to-know basis  Access Limitation: On dependence to personnel levels or “user classification,” area in the system are accessible.   Example: Nursing Assistant would only have access to the documentation of hygiene, dietary intakes, vital signs, input and output but no other area in the patients records User Authentications: Authentication of the user through passwords, smartcards, fingerprint, voice recognition or a even third authentication system such as Kerberos and Sesame can be used
Personal Issues  Policies and procedures must be established and communicated to all personnel who handle Information.  Key element include:  Information Ethics training Including:  Audit Trails- Records of IS (Personnel) activity.  Acceptable Computer users- includes authorization access and only authorized and legal copies of software.  Collect only required Data – Limiting the collection of information to what is needed.  Encourage client review of file for accuracy and error correction - Ensuring accuracy  Establish controls for the use of information after hours and off-site – Policy limiting usage of accessing patient information after hours.
Personal Issues  Key elements include:  Access control  System monitoring  Data Entry  Backup procedures  Responsibilities for the use of information on mobile devices  Exchange of client information
HIPPA Education & Training FOR EMPLOYEES AND PATIENTS
HIPAA Education for Employees Institutions should:  Administer a HIPAA Policy handbook for new hires with privacy and confidentiality measures.  Have all staff read and sign a confidentiality statement which is to be stored in the employees file.  Implement required online training modules for all staff to complete.   Require annual mandatory re-training modules. Offer advanced HIPAA training appropriate to each individuals responsibilities at their institution.
HIPAA Education for Patients  It is required by law that all patients receive a Notice of Privacy Practices from a doctor, hospital, or any other health care provider that they see in person.   This form tells patients how the health care provider may use and share their health information and how the patient can exercise their health privacy rights. It is also required by law for each patient to sign a form stating they received a copy of the notice of privacy practices.  The notice must describe:  ways that the Privacy Rule allows the covered entity to use and disclose protected health information. It must also explain that the entity will get patient’s permission, or authorization, before using their health records for any other reason.  the covered entity’s duties to protect health information privacy.  privacy rights, including the right to complain to Health and Human Services (HHS) and to the covered entity if you believe your privacy rights have been violated.
HIPAA Education Starts in the Classroom  HIPAA education and training should be implemented in the curriculum of all studies affiliated with the medical field.  Early education allows for full understanding of privacy and confidentiality policies prior to entering the clinical field.  This allows for staff at clinical sites to act as role models for students and aid in educating about HIPAA rules and regulations.
Proper Disposal of PHI (Protected Health Information) MANDATED THROUGH HIPAA
PHI DEFINED PHI stands for Protected Health Information and is used within HIPAA to describe the type of information that must never be seen by unauthorized individuals. PHI can come in many forms whether it be paper or electronic and can involve patient demographic information, diagnostic study results, treatment records, billing information, and any other form of information pertaining to the patients stay at any type of medical institution.
Required Proper PHI Disposal  The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form.  Improper disposal of PHI can result in a mandatory fine of up $1,500,000 as well a an investigation enforced by the State Attorney General and the Health and Human Services (HHS).  Under the HIPAA Privacy Rule institutions are not authorized to dispose of PHI in any containers that could be potentially accessible to the public.
Paper PHI Disposal  Paper forms of PHI are to disposed through, shredding, burning, pulping, or pulverizing.  Once disposed of the PHI must be rendered unreadable without the possibility of being reconstructed.  Many institutions use secure document disposal receptacles throughout the facility designated strictly for PHI paper records. A vendor then removes the paper PHI from the receptacle to be properly shredded and disposed of.
Electronic and Pharmaceutical PHI Disposal Electronic Disposal  PHI is automatically stored on the hard drives of computers therefore in order to properly dispose of the record:  The system could be cleared through software that will overwrite the recorded data.  Purging the system by disrupting the recorded magnetic domains  Complete destruction of the system to destroy any material that may be stored. Labeled Medication Disposal  Pharmaceuticals are always labeled with patient demographic information and must be properly disposed of.  Most institutions use opaque bags to store disposed labeled medication.  Vendors will then take the bags from the facility and properly dispose of the labeled medications without breaching privacy regulations.
Ensure Proper Disposing  Proper HIPAA education of all staff is very important to ensure privacy and confidentiality regulations are being followed. In order to be sure all staff are up to date on HIPAA regulations it is important to re-educate annually. Patients should be educated on their rights as well and should always receive a Notice of Privacy Practices upon admission. Educating all staff (including students) will ensure proper handling and disposing of all PHI information.
Video
References  PHI Disposal. (2011) Welcome to Proper PHI Disposal. Retrieved from http://www.properphidisposal.net/  University of California. (2008). Privacy Training. HIPAA checklist for new hires: UCSF staff employee/postdocs. Retrieved from http://hipaa.ucsf.edu/education/staff/default.html  U.S. Department of Health and Human Services. (2009). Frequently Asked Questions About the Disposal of Protected Health Information. The HIPAA Privacy and Security Rule. Retrieved from www.hhs.gov/ocr/.../disposalfaqs.pdf  Wimberley, P., Isaacson, J., & Walden, D. (2005). HIPAA and Nursing Education: How to Teach in a Paranoid Health Care Environment. Journal Of Nursing Education, 44(11), 489-492.  Czar. P, & Hebda, T. (2013) Handbook of informatics for nurses and healthcare professionals. Upper Saddle River, New Jersey  US Department of Health and Human Services
References  US Department of Health and Human Services (2010, July) http://www.hrsa.gov  American Medical Association. (2014). HIPAA Violations and Enforcement. HIPAA Violations and Enforcement. Retrieved February 02, 2014, from http://www.amaassn.org//ama/pub/physician-resources/solutions-managing-your-practice/coding-billinginsurance/hipaahealth-insurance-portability-accountability-act/hipaa-violationsenforcement.page  Associated press. (2008, April 17). Nurse admits to privacy violation in HIPAA case. Healthcare Business News, Research and Events from Modern Healthcare. Retrieved February 1, 2014, fromhttp://www.modernhealthcare.com/article/20080417/NEWS/621626204  Gungor, F. (2013, June 09). Resources. 10 Examples of HIPAA Violations. Retrieved January 31, 2014, from http://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAAViolations  Dept of Health and Human Resources. (2003). Office of Civil Rights Privacy brief [Brochure]. Author. Retrieved February 02, 2014, from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf  Latner, A. (2013, June). Fax Sent to Wrong Number Results in HIPAA Violation. - Renal and Urology News. Retrieved February 2, 2014, from http://www.renalandurologynews.com/faxsent-to-wrong-number-results-in-hipaa-violation/article/305022/

Recomendados

Hippa laws
Hippa lawsHippa laws
Hippa lawsBecky Bauer
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021John Reardon
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide showheathercool
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshowheronimus92
 

Recomendados

Hippa laws
Hippa lawsHippa laws
Hippa lawsBecky Bauer
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021John Reardon
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide showheathercool
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliancedixibee
 
Hippa training on confidentiality
Hippa training on confidentialityHippa training on confidentiality
Hippa training on confidentialitycraig45365
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshowheronimus92
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceManny Oliverez
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690AMSIMM9932
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio PresentationLisa Shannon, RN, BSN, JD.
 
Hippa breaches
Hippa breachesHippa breaches
Hippa breachesViSolve, Inc.
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA DamianKnowles1
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
Hipaa
HipaaHipaa
Hipaamario.mendoza99
 
Hippa
HippaHippa
Hippacameonicole
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017Ashley Valenzuela
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12O2 TESTING SERVICES
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13University of North Alabama - Academic Affairs
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamAtlantic Training, LLC.
 
HIPAA
HIPAAHIPAA
HIPAAKarna *
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 
Hippa
HippaHippa
HippaBetty Davis
 
Patient privacy
Patient privacyPatient privacy
Patient privacyshstre3745
 

Más contenido relacionado

La actualidad más candente

HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690AMSIMM9932
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAAMargery Lynn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information securityHiggi123
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowCompliancy Group
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
 

La actualidad más candente (20)

HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio Presentation
 
Hippa breaches
Hippa breachesHippa breaches
Hippa breaches
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
The Basics of HIPAA
The Basics of HIPAA The Basics of HIPAA
The Basics of HIPAA
 
Personal Health Records & HIPAA
Personal Health Records & HIPAAPersonal Health Records & HIPAA
Personal Health Records & HIPAA
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information security
 
Hipaa
HipaaHipaa
Hipaa
 
Hippa
HippaHippa
Hippa
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12
 
HIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to knowHIPAA 101- What all Doctors NEED to know
HIPAA 101- What all Doctors NEED to know
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian Fleetham
 
HIPAA
HIPAAHIPAA
HIPAA
 
Health Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) ComplianceHealth Insurance Portability and Accountability Act (HIPAA) Compliance
Health Insurance Portability and Accountability Act (HIPAA) Compliance
 

Destacado

Patient privacy
Patient privacyPatient privacy
Patient privacyshstre3745
 
Webinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your BusinessWebinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your BusinessBhavna Dalal
 
Certification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT SystemsCertification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT SystemsMaurice Dawson
 
A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...Ukam John Victor
 
Ubiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong LearnersUbiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong Learnersbtabuenca
 
Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)Earnest Sweat
 
Cyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online ThreatsCyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online Threatsmkinzie
 
Data Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information SystemsData Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information SystemsApollo Hospitals Group and ATNF
 
Decision support system for financial liquidity planning
Decision support system for financial liquidity planningDecision support system for financial liquidity planning
Decision support system for financial liquidity planningErik Kaju
 
Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)Earnest Sweat
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health recordsJocelyn Garcia
 
Introduction to Information Technology (IT)
Introduction to Information Technology (IT)Introduction to Information Technology (IT)
Introduction to Information Technology (IT)Amber Bhaumik
 
Effects of Technological Device to Students
Effects of Technological Device to StudentsEffects of Technological Device to Students
Effects of Technological Device to StudentsKollins Lolong
 
Information technology ppt
Information technology ppt Information technology ppt
Information technology ppt Babasab Patil
 
Introduction to information technology lecture 1
Introduction to information technology lecture 1Introduction to information technology lecture 1
Introduction to information technology lecture 1adpafit
 

Destacado (20)

Hippa
HippaHippa
Hippa
 
Patient privacy
Patient privacyPatient privacy
Patient privacy
 
Webinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your BusinessWebinar - How To Be An Author An Grow Your Business
Webinar - How To Be An Author An Grow Your Business
 
Hippa presentation2
Hippa presentation2Hippa presentation2
Hippa presentation2
 
Certification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT SystemsCertification and Accreditation for Health IT Systems
Certification and Accreditation for Health IT Systems
 
A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...A review on a thesis, titled The Impact Of Information Technology On Producti...
A review on a thesis, titled The Impact Of Information Technology On Producti...
 
Techno-Unemployment
Techno-UnemploymentTechno-Unemployment
Techno-Unemployment
 
Ubiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong LearnersUbiquitous Technology for Lifelong Learners
Ubiquitous Technology for Lifelong Learners
 
Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)Early Stage Real Estate Tech Investment Thesis (Sept 2016)
Early Stage Real Estate Tech Investment Thesis (Sept 2016)
 
Cyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online ThreatsCyber Safety How Children Can Protect Themselves From Online Threats
Cyber Safety How Children Can Protect Themselves From Online Threats
 
Data Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information SystemsData Standardization Interoperability - 3M Health Information Systems
Data Standardization Interoperability - 3M Health Information Systems
 
Decision support system for financial liquidity planning
Decision support system for financial liquidity planningDecision support system for financial liquidity planning
Decision support system for financial liquidity planning
 
Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)Early Stage Edtech Investment Thesis (Sept 2016)
Early Stage Edtech Investment Thesis (Sept 2016)
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
 
Introduction to Information Technology (IT)
Introduction to Information Technology (IT)Introduction to Information Technology (IT)
Introduction to Information Technology (IT)
 
Effects of Technological Device to Students
Effects of Technological Device to StudentsEffects of Technological Device to Students
Effects of Technological Device to Students
 
Windows 10
Windows 10Windows 10
Windows 10
 
IT ppt
IT pptIT ppt
IT ppt
 
Information technology ppt
Information technology ppt Information technology ppt
Information technology ppt
 
Introduction to information technology lecture 1
Introduction to information technology lecture 1Introduction to information technology lecture 1
Introduction to information technology lecture 1
 

Similar a Hippa final JU nursing informatics

HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA BasicsKarna *
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcherEmed32
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013LeRoy Ulibarri
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOsnobumoto
 
Protected health information
Protected health informationProtected health information
Protected health informationmiszkeeta
 
Hippa compliance training
Hippa compliance trainingHippa compliance training
Hippa compliance trainingscapoccia
 
MHA 690-Confidentiality
MHA 690-ConfidentialityMHA 690-Confidentiality
MHA 690-Confidentialitysuzettedavis
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)bholmes
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarcEtienne6
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentialityTheresa Tapley
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcareQueen Myers
 
Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)DonnaShockley
 
Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690BrooklynRose1267
 
Protecting yourself and others
Protecting yourself and othersProtecting yourself and others
Protecting yourself and otherssatart1944
 

Similar a Hippa final JU nursing informatics (20)

HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcher
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013Mha690 health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
Protected health information
Protected health informationProtected health information
Protected health information
 
Hippa compliance training
Hippa compliance trainingHippa compliance training
Hippa compliance training
 
MHA 690-Confidentiality
MHA 690-ConfidentialityMHA 690-Confidentiality
MHA 690-Confidentiality
 
Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)Sylvia hipaa powerpoint presentation 2010(1)
Sylvia hipaa powerpoint presentation 2010(1)
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentation
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training
 
Upholding confidentiality
Upholding confidentialityUpholding confidentiality
Upholding confidentiality
 
Patient Privacy and Safety in Healthcare
Patient Privacy and Safety in HealthcarePatient Privacy and Safety in Healthcare
Patient Privacy and Safety in Healthcare
 
Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)Patient Confidentiality Training Presentation (1)
Patient Confidentiality Training Presentation (1)
 
Confidentiality Training
Confidentiality Training Confidentiality Training
Confidentiality Training
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690Patient Confidentiality wk1_dq2_mha690
Patient Confidentiality wk1_dq2_mha690
 
Protecting yourself and others
Protecting yourself and othersProtecting yourself and others
Protecting yourself and others
 

Último

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 

Último (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 

Hippa final JU nursing informatics

  • 1. HIPPA and Information Technology BULNES, STEPHANIE CANNADY, DEVIN CANTY, KRISTI CLARKSON, HEATHER
  • 2. What is the Health Insurance Portability and Accountability Act (HIPAA)?  It is a federal law created in 1996, enforced by the Office of Civil Rights which protects the privacy of individually identifiable health information.
  • 3. HIPAA RULES: The Privacy Rule  Provides standards to protect patients medical records and other personal health information.  Sets limits on uses and disclosures.  Gives patients rights over their health information.
  • 4. HIPAA RULES: The Security Rule  Creates standards to protect patients electronic personal health information that is created, received, used, or maintained by a health plan, healthcare clearinghouse or health care provider  requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. (Health Information Privacy 2007)
  • 5. HIPAA RULES: The Breach Notification Rule  requires HIPAA covered entities (health plans, healthcare clearinghouses, healthcare providers) and their business associates to provide notification following a breach of unsecure protected health information.
  • 6. 2011 HIPAA Violations Resource: onlinetech.com
  • 7. Information System  Protection of information against threats to its integrity inadvertent disclosure or availability  Information systems can improve protection for client information in some ways and endanger it in others.  The electronic medical record cannot easily be viewed by anyone who doesn’t have access code. (Hebda, Czar 2013, p235)
  • 8. Consent  The process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used.  When obtaining consent the patient should be made aware of any risks to privacy.  HIPAA has a consent form for the release of health related information that is intended to protect a patients privacy.  The consent form is based on rules and restrictions on who may see or be notified of a patients protected health information.
  • 9. What would you do? You are the nurse for an elderly confused patient. The patient is becoming increasingly confused and keeps asking for her son Larry. You access her medical records and find that Larry is not the patients health care proxy but is listed as one the patient contacts. You are the nurse for an intubated comatose patient. A woman comes to visit the patient stating she is the patients sister. You access the patient records, there is no information about the patient having a sister. A family member calls and states he is the patients Health Care Proxy and would like information on the patient, you have never met the him but his name matches the one on the patients record.
  • 10. System Security HIPAA PROTECTS THE SECURITY AND PRIVACY OF ALL PERSONAL HEALTH INFORMATION (PHI) WHICH REFERS TO MEDICAL RECORDS AND OTHER HEALTH INFORMATION USED OR STORED IN ANY FORM. THIS INCLUDES COMMUNICATION THAT IS WRITTEN, VERBAL, ELECTRONIC OR NON ELECTRONIC.
  • 11. System Security Compliance  This includes computer screens, white boards, phone conversations, waste basket, patient chart, smart phones, conversation in elevator and many more.  Compliance with HIPAA is about people, policies and procedures that make good sense. Remember that it is always about what is best for the patient.
  • 12. The Minimum Necessary Rule  In accordance with the Federal HIPAA law information may shared with other health care providers for the purpose of TPO: Treatment  Payment  Healthcare operations   Patient information should only be accessed, used, or disclosed in the amount that is the MINIMUM NECESSARY in order for an individual to perform his/her duties. For example: The lab does not need to know the admitting diagnosis to run an Hepatitis screen on a patient’s blood.
  • 13. Breaches in Security  According to American Medical News 94% of facilities suffered a breach in security in the last 2 years. Leaving thousands of Americans at risk of Medical Identity theft.  An entity regulated by HIPAA must have reasonable administrative, technical and physical safeguards to protect against intentional or unintentional disclosure of protected health information. This may include, shredding documents when they are disposed of and keeping electronic documents under password protected or key code security.  Entities must have policies and procedures in place to keep employees from inadvertently sharing private information, such as closing computer screens before leaving the area and turning computer screens away from an area where they may be viewed by a family member.
  • 14. Small Scale Snooping  According to a survey by Veriphyr, the majority of HIPAA violations and security breaches are due to insiders who are snooping into the medical records of their coworkers, relatives or even looking at their own medical record.  In this instance the facility must have policies and procedures in place to ensure all employees understand the electronic access needed to perform their job and sanctions in place if inappropriate access is discovered.
  • 15. Penalties for violations of HIPAA  The American Recovery and Reinvestment act of 2009 established civil penalties for the violation of HIPAA Federal Law.  The penalties for violation of HIPAA laws have a tiered structure which is based on the nature and extent of the violation.  The Secretary of the Department of Health and Human Resources has the discretion to determine the amount of the penalty based on the nature of the violation and the resulting harm.  The Secretary is prohibited from imposing a civil penalty if the violation is corrected within 30 days except in cases of willful neglect.
  • 17. Case Study  An Arkansas LPN may face 10 years in prison and/or a $250,000 fine.  Smith pleaded guilty to wrongfully disclosing individually identifiable health information for personal gain and malicious harm  According to the associated press, the nurse obtained private medical information on a patient while working at clinic in Arkansas.  She then shared the information with her husband who contacted the patient and threatened to use the information against him in a court proceeding the two were involved in,  The patient contacted the states attorney’s office and charges were filed against the nurse and her husband.
  • 18. Case Study  An HIV positive patient relocating to another city asks his existing physician to fax his medical records to his new doctor.  The busy office manager mistakenly faxed the records to the patient’s new employer. The fax did not have a cover sheet that indicated that the content was confidential.  The patient was very upset that his new employer had private information about health. He contacted the US Department of Health and Human Services, who referred the case to the Office of Civil Rights (OCS).  The physician’s office was investigated and the staff underwent voluntary HIPAA privacy training.
  • 20. Policy and Procedure  Administrative – Responsible for creating and managing an infrastructure which protects client privacy and confidentiality. This involves:  Developing a Plan  Policies designated structure for implementation  User access levels  Adequate budget
  • 21. Administration – Centralized Security Function  Comprehensive Security Plan  Accurate and complete information  Information asset ownership and sensitivity classifications  Identification of a comprehensive security program  Information security training and user support  Awareness program
  • 22. Administration – Centralized Security Function  Infrastructure consist of:  Comprehensive Security Plan: Defines security responsibilities for each level of personnel as well as a timeline for the development and implementation of policies, procedures and physical infrastructure.  Accurate and Complete Information: Publishing should be online for easy access with email notification of employees as new policies arises.
  • 23. Administration – Centralized Security Function  Information asset ownership and sensitivity classifications    Ownership: Who is responsible for the information, including security Sensitivity Classification: determination of how damaging an item of information might be if it were disclosed inappropriately. Determines what information should be encrypted Identification of a comprehensive security program: Security plan can avert and minimized threats by the Identification of responsibility for :  Information integrity  Privacy  Confidentiality
  • 24. Administration – Centralized Security Function  Information security training and user support: Important component in fostering a proper system is by incorporating education and proper training.  Awareness program: Remind user of the need to protect information
  • 25. Level of Access  Strictly granted on a need-to-know basis  Access Limitation: On dependence to personnel levels or “user classification,” area in the system are accessible.   Example: Nursing Assistant would only have access to the documentation of hygiene, dietary intakes, vital signs, input and output but no other area in the patients records User Authentications: Authentication of the user through passwords, smartcards, fingerprint, voice recognition or a even third authentication system such as Kerberos and Sesame can be used
  • 26. Personal Issues  Policies and procedures must be established and communicated to all personnel who handle Information.  Key element include:  Information Ethics training Including:  Audit Trails- Records of IS (Personnel) activity.  Acceptable Computer users- includes authorization access and only authorized and legal copies of software.  Collect only required Data – Limiting the collection of information to what is needed.  Encourage client review of file for accuracy and error correction - Ensuring accuracy  Establish controls for the use of information after hours and off-site – Policy limiting usage of accessing patient information after hours.
  • 27. Personal Issues  Key elements include:  Access control  System monitoring  Data Entry  Backup procedures  Responsibilities for the use of information on mobile devices  Exchange of client information
  • 28. HIPPA Education & Training FOR EMPLOYEES AND PATIENTS
  • 29. HIPAA Education for Employees Institutions should:  Administer a HIPAA Policy handbook for new hires with privacy and confidentiality measures.  Have all staff read and sign a confidentiality statement which is to be stored in the employees file.  Implement required online training modules for all staff to complete.   Require annual mandatory re-training modules. Offer advanced HIPAA training appropriate to each individuals responsibilities at their institution.
  • 30. HIPAA Education for Patients  It is required by law that all patients receive a Notice of Privacy Practices from a doctor, hospital, or any other health care provider that they see in person.   This form tells patients how the health care provider may use and share their health information and how the patient can exercise their health privacy rights. It is also required by law for each patient to sign a form stating they received a copy of the notice of privacy practices.  The notice must describe:  ways that the Privacy Rule allows the covered entity to use and disclose protected health information. It must also explain that the entity will get patient’s permission, or authorization, before using their health records for any other reason.  the covered entity’s duties to protect health information privacy.  privacy rights, including the right to complain to Health and Human Services (HHS) and to the covered entity if you believe your privacy rights have been violated.
  • 31. HIPAA Education Starts in the Classroom  HIPAA education and training should be implemented in the curriculum of all studies affiliated with the medical field.  Early education allows for full understanding of privacy and confidentiality policies prior to entering the clinical field.  This allows for staff at clinical sites to act as role models for students and aid in educating about HIPAA rules and regulations.
  • 32. Proper Disposal of PHI (Protected Health Information) MANDATED THROUGH HIPAA
  • 33. PHI DEFINED PHI stands for Protected Health Information and is used within HIPAA to describe the type of information that must never be seen by unauthorized individuals. PHI can come in many forms whether it be paper or electronic and can involve patient demographic information, diagnostic study results, treatment records, billing information, and any other form of information pertaining to the patients stay at any type of medical institution.
  • 34. Required Proper PHI Disposal  The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form.  Improper disposal of PHI can result in a mandatory fine of up $1,500,000 as well a an investigation enforced by the State Attorney General and the Health and Human Services (HHS).  Under the HIPAA Privacy Rule institutions are not authorized to dispose of PHI in any containers that could be potentially accessible to the public.
  • 35. Paper PHI Disposal  Paper forms of PHI are to disposed through, shredding, burning, pulping, or pulverizing.  Once disposed of the PHI must be rendered unreadable without the possibility of being reconstructed.  Many institutions use secure document disposal receptacles throughout the facility designated strictly for PHI paper records. A vendor then removes the paper PHI from the receptacle to be properly shredded and disposed of.
  • 36. Electronic and Pharmaceutical PHI Disposal Electronic Disposal  PHI is automatically stored on the hard drives of computers therefore in order to properly dispose of the record:  The system could be cleared through software that will overwrite the recorded data.  Purging the system by disrupting the recorded magnetic domains  Complete destruction of the system to destroy any material that may be stored. Labeled Medication Disposal  Pharmaceuticals are always labeled with patient demographic information and must be properly disposed of.  Most institutions use opaque bags to store disposed labeled medication.  Vendors will then take the bags from the facility and properly dispose of the labeled medications without breaching privacy regulations.
  • 37. Ensure Proper Disposing  Proper HIPAA education of all staff is very important to ensure privacy and confidentiality regulations are being followed. In order to be sure all staff are up to date on HIPAA regulations it is important to re-educate annually. Patients should be educated on their rights as well and should always receive a Notice of Privacy Practices upon admission. Educating all staff (including students) will ensure proper handling and disposing of all PHI information.
  • 38. Video
  • 39. References  PHI Disposal. (2011) Welcome to Proper PHI Disposal. Retrieved from http://www.properphidisposal.net/  University of California. (2008). Privacy Training. HIPAA checklist for new hires: UCSF staff employee/postdocs. Retrieved from http://hipaa.ucsf.edu/education/staff/default.html  U.S. Department of Health and Human Services. (2009). Frequently Asked Questions About the Disposal of Protected Health Information. The HIPAA Privacy and Security Rule. Retrieved from www.hhs.gov/ocr/.../disposalfaqs.pdf  Wimberley, P., Isaacson, J., & Walden, D. (2005). HIPAA and Nursing Education: How to Teach in a Paranoid Health Care Environment. Journal Of Nursing Education, 44(11), 489-492.  Czar. P, & Hebda, T. (2013) Handbook of informatics for nurses and healthcare professionals. Upper Saddle River, New Jersey  US Department of Health and Human Services
  • 40. References  US Department of Health and Human Services (2010, July) http://www.hrsa.gov  American Medical Association. (2014). HIPAA Violations and Enforcement. HIPAA Violations and Enforcement. Retrieved February 02, 2014, from http://www.amaassn.org//ama/pub/physician-resources/solutions-managing-your-practice/coding-billinginsurance/hipaahealth-insurance-portability-accountability-act/hipaa-violationsenforcement.page  Associated press. (2008, April 17). Nurse admits to privacy violation in HIPAA case. Healthcare Business News, Research and Events from Modern Healthcare. Retrieved February 1, 2014, fromhttp://www.modernhealthcare.com/article/20080417/NEWS/621626204  Gungor, F. (2013, June 09). Resources. 10 Examples of HIPAA Violations. Retrieved January 31, 2014, from http://www.onesourcedoc.com/blog/bid/95168/10-Examples-of-HIPAAViolations  Dept of Health and Human Resources. (2003). Office of Civil Rights Privacy brief [Brochure]. Author. Retrieved February 02, 2014, from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf  Latner, A. (2013, June). Fax Sent to Wrong Number Results in HIPAA Violation. - Renal and Urology News. Retrieved February 2, 2014, from http://www.renalandurologynews.com/faxsent-to-wrong-number-results-in-hipaa-violation/article/305022/