hipaa - The Bair Foundation

Download Report

Transcript hipaa - The Bair Foundation 

Before reviewing the following
presentation click on the links below
and print off the documents:
NAM-43 The Bair Foundation HIPAA Policy
NAM- 89 HIPAA Highlights
The Bair Foundation
Employee Training Presentation
H.I.P.A.A.
Click with your mouse anywhere on the
screen to change slides.
What is H.I.P.A.A.?
And how does it affect you?
H.I.P.P.O.?
No, not hippo. H.I.P.A.A.
Health
Give me
an ‘H’!
Insurance
Give me
an ‘I’!
Portability
Give me
an ‘P’!
(and)
Accountability
Give me
an ‘A’!
Act
Give me
an
another
‘A’!
Health Insurance
Portability and
Accountability Act
of 1996
So you know what
its name is… what
is its purpose?
HIPAA established a set of rules
governing privacy and
confidentiality of health care
information for covered entities.
The federal government has
mandated compliance and
employees must complete HIPAA
training on privacy and
confidentiality by April 13, 2003.
How does it affect
you at work?
The Bair Foundation
(TBF) has a policy for
HIPAA compliance.
You can find it on our website.
http://portal.bair.org
Form # NAM-43
Please refer to it
whenever you need
to review details of
our policy.
Here is a summary of
it in plain words:
(You’ll see the section numbers of the policy
where you can find the details.)
Our policy is: TBF will use and disclose
PERSONAL HEALTH INFORMATION (PHI)
for treatment, payment, and health care
operations. For uses beyond that, TBF must
have a signed client authorization unless the law
permits or requires TBF to disclose without
authorization.
The local director will determine what is
appropriate in accordance with our policy.
(Section III of the Policy.)
How it affects you:
The way you handle Personal
Health Information (PHI) for
our foster children must
respect their privacy.
Notice




How it affects you:
New clients must be given a HIPAA “Notice of
Privacy Practices”. You can find it on our website,
form # NAM-64. (section I.)
We need a receipt signed by the client or custodial
agency that we have given them the notice. They
should sign on the last page of the Notice. II.
If they refuse or fail to sign the receipt, make note of
it on the form. II. B
We keep this form on file for 6 years after the case is
closed. II. C.
How it affects you:
 The
NOTICE needs to be presented
no later than the date of first service
provision. I.A.1.b.
 In an emergency treatment situation,
you can wait to get the RECEIPT of
notice signed, but make note of it on
the form. II. A.
Violations of Policy - XI. C
(two examples of what NOT to do)
Misuse
or theft of PHI.
Discussion of the patient’s
conditions and medications
in the presence of unrelated
third parties.
Violations of Policy
If you witness or suspect a violation by a
TBF employee or a Business Associate,
you must report it in writing within 24
hours to the TBF Privacy Officer (Sheila
Palonen)
NAM-65, “Privacy or Security Violation Report”
To
Sheila
X. Violations of Policy
 Customer
service and privacy are
of the utmost importance to us.
 If a client complains of improper
use or disclosure of a PHI, we will
promptly receive, respond to and
resolve the complaint.
X. Violations of Policy
If a custodial agency or child complains to you
about a possible violation:




Tell them to submit it in writing. Only written
complaints constitute a formal complaint.
Submit it to the local office director.
They will forward it through proper channels within
24 hours.
It will be resolved and responded to in writing within
30 days & kept on file for 6 years.
Violations of Policy
will result in sanctions.
These can be:









Counseling
Verbal warning
Written warning
Probation
Suspension
Demotion
Termination of employment
Restitution
For details, see section XI. B. of the policy
Other things you need to know…
 More
about the Notice
 What clients can request
 Can others see the PHI?
 Can the PHI be changed?
 What about Business Associates?
Other things you need to know…
Each of the topics on the following slides are
detailed in our Policy statement.
The Policy gives specific:
Times for responses
 Procedures for denials
 Description of responses
 Record retention rules
 Guidelines for reimbursing our costs

Other things you need to know…
Please refer to the Policy for
these details whenever you
are dealing with PHI. The
section numbers in the
following slides refer to
where you will find this topic
in the Policy.
More about the PRIVACY NOTICE
See Section I. A.
In addition to giving it to each client
on first receipt of service:
 Post it in a conspicuous place
 Clients can request additional
copies
 It’s available on our website
What clients can request:
Additional restrictions. VI. A.
 Alternative communications. VI. B.
 Access to inspect and get a copy of their
own PHI. VII.
 A copy of their PHI for an Authorized
Representative. VII. A.
 Changes to their PHI. VIII.
 To know who their PHI has been disclosed
to. IX.

Can others see a PHI? III.
 We
can only disclose PHI for
treatment, payment, or health care
operations without signed permission
 Local directors will determine
appropriate disclosure.
 The Privacy Officer can be consulted if
there is uncertainty.
Can the PHI be changed?
 Clients
can request an amendment.
See VIII.
 Other health care providers can
notify us of amendments they have
made to our client’s PHI. We will
add it to our records. VIII. A. 4.
XII. Business Associates
We have a written contract with individuals
or companies which provide services to
TBF if this relationship involves sharing
PHI. See section XII.
 The local office director keeps the copies of
all signed ‘Business Associate Agreements’
 Business Associates may only use PHI
lawfully and per our contract with them.

SECURITY RULE
Guidelines for safeguarding PHI include,
but are not limited to:
The
HIPAA Security Rule ensures the
security of PHI by specifying how PHI is
stored, transmitted, and accessed.

PHI will be discussed with the
client or foster parent only in
private areas

PHI will be discussed with staff
members on a need-to-know basis
and in non-public areas only

telephone calls regarding PHI will
be held in areas in which the
conversation cannot be overheard


PHI will be handled according to the cell phone
policy that dictates passcode protection,
elimination of any text containing PHI along with
informing the sender not to send any PHI in text
format and the deletion of any confidential email
or texts as soon as possible.
computer monitors will be positioned in a way that
does not permit observation by an unauthorized
person.
computer screens will be password-locked
when the user leaves the area. Press
(windows key) + l to lock screen. Log back
on upon return. The desktop will be as it
was left. Locking is automatic after a time
period set by the I.T. Dept.
 any computers that are accessible to people
attending trainings should be turned off
 computer passwords will not be shared with
unauthorized persons and will be recorded
only in secure locations


PHI will be disclosed only by those staff
members authorized to do so

access to fax machines will be limited to
authorized staff . Fax cover sheets will
include a Privacy Notice.

case records, mail, documentation, and
other materials containing PHI will be
maintained in locked or otherwise secure
locations, away from the general public
PHI
will be discarded in
appropriate secure containers
or shredded.

Non-employees who need to go
beyond the reception area of any
Bair office will be escorted
Bair will maintain compliance with HIPAA Security
Rule administrative requirements including, but not
limited to:





development and enforcement of information
access control
completion of internal security audits
enforcement of physical safeguards including
workstation/office guidelines
enforcement of appropriate sanctions for failure to
comply with HIPAA regulations
development, implementation, and documentation
of security awareness training.
To report a security violation, use form
NAM-65,
“Privacy or Security Violation Report”
Any questions or concerns
regarding the security of EPHI can
be addressed to
the Trend Helpdesk at
[email protected] or
1-877-262-1389.
Summary






HIPAA protects the privacy of personally
identifiable health care records.
TBF has a specific policy in place to protect
records of our foster children.
TBF will review the Privacy Policy with the client
and the custodial agency.
All TBF employees must protect the privacy of
our clients’ PHI.
For details, please read the Policy available to you
on our website.
If you have questions, check with your local
director or Sheila Palonen, Privacy Officer