MHA690: Health Care Capstone (MNL1331BSandra Dee Garrison

Ashford University Dr. Teresita Gonzalez

HIPAA TRAINING: TRAINING EMPLOYEES ON PROTECTING PATIENT HEALTH INFORMATION AND CONFIDENTIALITY.

WHAT IS HIPAA

• HIPAA stands for Health Insurance Portability and Accountability Act

• This law, known as public law 104-191, was signed by President Bill Clinton on August 2, 1996, and became effective on June 1, 1997.

• The law has five Titles, (1)Insurance portability, (2)Fraud and Abuse Medical Liability Reform,(3) Tax Related Health Provision, (4)Group Health Plan Requirements, and (5)Revenue Offsets.

The HIPAA Privacy Rule

The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. (www.hhs.gov)

KINDS OF INFORMATION PROTECTED BY THE PRIVACY RULE.

THE PRIVACY RULE PROTECTS INFORMATION KNOWN AS PROTECTED HEALTH INFORMATON (PHI). PATIENTS HAVE A RIGHT

TO BE PROVIDED WITH THIS INFORMATION AT MEDICAL VISITS WHEN THEY PRESENT FOR CARE IN THEIR NOTICE OF PRIVACY

RIGHTS. THE TYPES OF INFORMATION THAT IS KNOWN AS PHI IS:• PATIENT NAMES DIAGNOSES• DATE OF BIRTH SEXUAL PREFERENCES• ADDRESSES TELEPHONE NUMBERS• INSURANCE INFORMATION BENEFICIARY INFORMATION

• SOCIAL SECURITY NUMBERS ROOM NUMBERS• WEB ADDRESSES MEDICAL PROVIDER INFORMATION• LICENSE PLATE NUMBERS DISCHARGE DATES• MEDICAL RECORDS NUMBERS DATE OF ADMISSIONS• DATE OF DEATH• PHOTOGRAPHS ******ANY OTHER INFORMATION FOR WHICH • FINGERPRINTS PERMISSION WAS NOT OBTAINED OR IT IS NOT • RELIGIOUS AFFILIATIONS MEDICALLY WARRANTED BY LAW.• MARRIAGE INFORMATION

HIPAA SECURITY RULES. WHAT IS THIS?

The HIPAA Security rules are designed to protect the patients’ information against unauthorized access. Computers and Information Technology equipment should have either encryption or have log-in and password accesses to ensure that patient information is protected.

The security rules also deal with email access and transmission of information to authenticate the receiver of the messages and to ensure adequate protection, by verifying email addresses and sending only the needed information.

Information to keep secure: Flash drives, computer servers, emails, faxes, and data that is being disposed of should be shredded and a contract company should arrange for pick up.

ARE YOU READY TO BE TESTED?

• NURSE MARY NOTICES THAT THE UNIT SECRETARY HAS GOTTEN ILL AND GONE TO THE EMERGENCY ROOM. WHILE THE SECRETARY IS IN THE EMERGENCY ROOM SHE IS TREATED AND RELEASED. NURSE MARY IS STILL ON DUTY AND BEING CONCERNED, SHE CALLS THE E.R. AND ASKS A FELLOW NURSE ABOUT THE TREATMENTS THAT ARE PERFORMED ON THE SECRETARY AND SHE ALSO LOOKS UP THE LAB RESULTS ON THE UNIT SECRETARY. CAN SHE DO THIS, SINCE SHE IS THE NURSE ON THE UNIT AND IS CONCERNED?

• NO, THIS IS AN INVASION OF PRIVACY. NURSE MARY SHOULD NOT LOOK AT ANOTHER EMPLOYEES OR ANY OTHER PATIENTS INFORMATION UNLESS IT IS IN THE COURSE OF HER TAKING CARE OF THE PATIENT, THIS IS A VIOLATION OF THE HIPAA LAW AND COULD LEAD UP TO TERMINATION.

ARE YOU READY TO BE TESTED?

SHARON IS READY TO GO ON BREAK BUT DOES NOT HAVE THE PROPER RELIEF AT THE NURSING DESK. JANE OFFERS TO RELIEVE HER FOR LUNCH AND SAYS THAT SHE WILL SIT THERE AND ANSWER THE CALLS AND PUT ALL PATIENT ORDERS IN THE COMPUTER FOR SHARON. SHARON, BEING SO RELIEVED TO GET A BREAK, KNOWS THAT JANE DOESN’T HAVE COMPUTER ACCESS BUT IS WILLING TO LEAVE HE COMPUTER ON, AS SHE HAS WORKED WITH JANE FOR OVER 12 YEARS. IS IT OKAY FOR SHARON TO ALLOW JANE ACCESS TO THE COMPUTER SO THAT THE WORK CAN GO ON?

NO, THIS IS A VIOLATION OF THE HIPAA SECURITY RULE. EACH EMPLOYEE SHOULD HAVE THEIR OWN ACCESS CODES OR LOG-ONS FOR IDENTITY.

REFERENCES

http://www.ehow.com/about_4604770_what-hipaa.html

http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html