Transcript Pasadena Villa Network of Services

Pasadena Villa Network of
Services
Employee HIPAA Training
HIPAA –Who?
• We are bound by Federal and State laws that
govern the privacy and confidentiality of our
residents.
• They govern how we access, use and disclose
Protected Health Information (PHI).
• Included in this rule are employees, interns,
volunteers and any business associates of
Pasadena Villa Network of Services.
HIPAA—Who?
• We are not alone. The Federal rule covers the
following:
Health care provider, health plan
Public health authority
Insurer (life, health, etc)
Schools, universities
Employers
Healthcare clearinghouse
HIPAA—What?
• HIPAA is the federal Health Insurance
Portability and Accountability Act of 1996. The
primary goal of the law is to make it easier for
people to keep health insurance, protect the
confidentiality and security of healthcare
information and help the healthcare industry
control administrative costs.
HIPAA—What?
HIPAA protects an individual’s health information and
his/her demographic information. This is called
“protected health information” or “PHI”. Information
meets the definition of PHI if, even without the
patient’s name, if you look at certain information and
you can tell who the person is then it is PHI.
The PHI can relate to past, present or future physical or
mental health of the individual. PHI describes a
disease, diagnosis, procedure, prognosis, or condition
of the individual and can exist in any medium – files,
voice mail, email, fax, or verbal communications.
HIPAA—What?
• HIPAA provides the framework for the
establishment of nationwide security
standards and confidentiality of health
information.
• Under HIPAA we must maintain reasonable
and appropriate administrative, technical and
physical safeguards to ensure the integrity and
confidentiality of PHI.
HIPAA—What?
HIPAA defines information as protected health
information if it contains the following information
about the patient, the patient’s household members,
or the patient’s employers:
•
•
Names
Dates relating to a patient , i.e. birthdates, dates of medical treatment, admission
and discharge dates, and dates of death
• Telephone numbers, addresses (including city, county, or zip code) fax numbers
and other contact information
• Social Security numbers
• Medical records numbers
• Photographs
• Finger and voice prints
• Any other unique identifying number
*Information included in this rule may be written, recorded or oral
HIPAA—What?
The PHI can relate to past, present or future
physical or mental health of the individual.
PHI describes a disease, diagnosis, procedure,
prognosis, or condition of the individual and can
exist in any medium – files, voice mail, email, fax,
or verbal communications.
HIPAA provides the framework for the
establishment of nationwide security standards
and confidentiality of health information
State of Florida
• Florida Statute 397 prohibits disclosure or use
of patient records (any information that is
written or not) unless permitted by the
patient or regulation.
HIPAA—What?
Electronic Health Records
The Obama Administration wants everyone to
have an EHR by 2015.
Defined as: An electronic record of healthrelated information on an individual that is
created, gathered, managed and consulted by
authorized health care clinicians and staff.
Electronic Records
Electronic records are more convenient, more
efficient and allow us to do more with the
data.
EHRs increase the ability to access, transmit
and copy large volumes of data quickly.
EHRs increase the ability to combine data
from different sources quickly.
Electronic Records
• The risk of harmful transmission of
information rises exponentially as the number
of people who have access to that information
rises.
• HIPPA criminal convictions to date did not
involve the clinical data, but rather the
financial and demographic data, used
primarily for identity theft.
HIPAA & YOU
It is your responsibility to curb human nature
(curiosity, sharing of information), to be
sensitive to the residents information, to
respect the resident’s right to privacy and to
know our policies and procedures. When we
provide our residents with quality services, it
includes protecting their confidential
information.
HIPAA & the Resident
• HIPAA stipulates the following patient’s right under its privacy rule:
• Patients have a right to receive a notice of the privacy practices of
any health care provider health clearing house, or health plan.
• Patients have a right to see their PHI and get a copy.
• Patients have a right to request that changes be made to correct
errors in their records or to add information that ha been omitted.
• Patients have a right to see a list of some of the disclosures that
have been made of their PHI.
• Patients have a right to request that you give special treatment to
their PHI.
• Patients have a right to request confidential communications.
• Patients have a right to complain.
HIPAA & the Resident
• A health provider can disclose an individual’s
PHI without the patient’s authorization if the
disclosure deals with treatment, payment,
operations, or if the information is mandated
by law. Otherwise, for most other uses, the
patient will need to authorize the provider to
make the disclosure.
Right to Inspect
• The Individual Right to Inspect: Residents may
request to see or copy their chart and must fill
out the appropriate form to do so.
• In limited cases, we may deny this request in
writing (such as legal action being brought on
my an individual, psychotherapy notes).
• Requests and Denials will be handled by the
Compliance Manager (so please forward them
directly).
Authorization to Release Information
• This form will be signed at admission and
anytime records are requested.
• A copy of the request and/or ROI will be
loaded into Best Notes
• Any records sent out will also be documented
into Best Notes when release.
• Documentation creates a Log of PHI
ROI Requirements
• Specific information to be released
• The name and/or other information to identify who
information will be sent or received
• An expiration date (1 year from signature if not
specified)
• A statement about the individual’s right to revoke the
authorization
• Signature, Witness, & Date
• Statement about potential for re-disclosure
• This form should be completed entirely to be valid
Request to Amend
• Clients have the right to request an
amendment (clarification or challenge) to
their medical/clinical file. *Remember
psychotherapy notes are not disclosed.
• However, the remaining parts of their file,
group notes, daily progress notes, medication
records, demographic information are subject
to their review.
Request to Amend
• If the client does not agree with certain
documentation in their records, they may
request for the entry to amended. The client
must put the request in writing (there is a
form).
• Requests and Denials will be handled by the
Compliance Manager.
Log of Disclosure
• HIPAA states that residents have a right to
receive an accounting of certain instances
when protected health information about
them is disclosed by us.
• Disclosures are logged into Best Notes by
adding the LOG of PHI form to the record.
Log of Disclosure
• Disclosures will include the Date, Name of the
individual to whom information was sent, a
brief description of information sent and
reason (Disability Determination, Continuity of
Care, etc)
• Each Disclosure should have an accompanying
Release of Information loaded into the chart.
• Accounting will be sent no later than 60 days
from requests.
Minimum Necessary
• HIPAA requires us to make “reasonable
efforts” to limit PHI to the minimum necessary
to accomplish the intended purpose of the
use, disclosure, or request.
• Our employees must reasonably safeguard
protected health information from any
intentional or unintentional use or disclosure
that is in violation of the Privacy Rule (HIPAA /
42 CFR).
HIPAA & Security
• We must have in place appropriate
administrative, technical and physical
safeguards to protect the privacy of PHI.
– Visitor Sign-In sheets
– Electronic, password protected client records
– Clean Desk protocol: limit paper laying around
– Limited fax use: mailing information is preferred
– Low tone of voice
HIPAA & Security
Our company utilizes an e-mail system to assist
in the communication of daily operations.
This tool has it’s positives and negatives. Email permits us to communicate effortlessly
and at great speed, and to copy and distribute
documents as never before. The flip side of
these enormous opportunities for more
effective communications are equally
enormous risks that PHI will be distributed
improperly.
HIPAA & Security
• All Emails MUST be sent through your
Pasadena Villa account
• All Emails MUST have a HIPAA signature
attached.
• ROI must be in place to communicate about
the resident.
• Policies & Procedures are found in the
Information Management section of the P&P
Violations/Complaints
Knowingly obtains or discloses individually
identifiable health information:
• $50,000 fine and imprisonment for one year.
• $100,000 fine and imprisonment for five
years.
Violations/Complaints
THE BIGGIE!
For obtaining or disclosing individually
identifiable health information with the intent
to sell, transfer or use the information for
commercial advantage, personal gain, or
malicious harm. (Identify theft)
A maximum fine of $250,000 and/or up to
TEN YEARS imprisonment.
Violations/Complaints
• A resident has the right to submit a complaint if he
believes that the health provider has:
• Improperly used or disclosed their PHI
• Concerns about their HIPAA Privacy policies
• Concerns about the provider’s compliance of its privacy
policies.
• The patient may file the complaint with either of the
following:
• The Privacy Officer: Heather McMahon
• The US Department of Health and Human Services,
Office of Civil Rights, www.hhs.gov/ocr/hipaa