job shadow student orientation packet › documents › education › job...shadow experience,...

Job Shadow Student Orientation

Packet

Table of Contents EvergreenHealth Campus Map ……………………………………………..……………...1

EvergreenHealth Orientation Fact Sheet ………………………………………….……....2

HIPAA Covered Entities Review……………………………………….….………………..5

HIPAA Assessment (Signature required)………………………………………..……..26

Immunity/Vaccination and TB Screening Requirements Policy…………………..…...28

Work Restriction Policy…………….. ……………………………………..………………32

Exposure to Blood and Body Fluid Management Policy....…..………………..……….36

Student Orientation Acknowledgement and Code of Conduct Form……………….…44 (Signature required)

2

EVERGREENHEALTH ORIENTATION FACT SHEET

FOR JOB SHADOW EXPERIENCES

EvergreenHealth is accredited by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), whose mission is to improve the quality of care in organized health care settings. One of its major functions includes developing organization standards. Orientation of employees, nursing students, volunteers, and shadowing students is one organizational standard that is a requirement of JCAHO.

Please review the following “Need to Know” topics:

⌦ Purpose and Mission of EvergreenHealth

Purpose Working together to enrich the health and well-being of every life we touch.

Mission EvergreenHealth will advance the health of the community it serves through our dedication to high quality, safe, compassionate, and cost-effective health care.

Vision EvergreenHealth will create an inclusive community health system that is the most trusted source for health care solutions.

⌦ Patient Rights (abbreviated below)

Patients have the right to: • Be given safe, considerate, and respectful care. • To actively participate in decisions involving their health care. • To privacy for themselves and things concerning their medical care. • To refuse recommended treatment, tests or procedures if not required by law. • To know the name of their physician and others who care for them.

For a more detailed list and explanation of Patient Rights and Responsibilities, please see the Hospital Admitting Office.

Patients must give permission for your job shadow experience(s).

⌦ Health Information/Confidentiality

There will be times when you will see or hear patient information. You are expected to NOT seek out information about patients unless it is care related. When you do see or hear information, remember that it is confidential and you are not allowed to repeat it or share with anyone except the patient’s caregiver. This applies even when you are no longer here.

3

⌦ Wayfinding System

Exterior..... There are three main entrances to Parking Garages: 1. Central Parking Garage: Enter at Central Entrance (Family Maternity Center) and from NE 128th Street 2. Emergency Parking Garage: Enter at Emergency Entrance 3. West Parking Garage: Enter at West Entrance (Silver Tower)

Interior.... To navigate the hospital, you need to know the following: 1. Color Zone: The hospital has seven color zones: Green, Purple, Red, Blue, Coral, Tan and Silver. 2. Floor Level: All destinations have a floor number. If a ‘B’ follows a color zone, it means basement. R1= Red Floor One; BB= Blue Basement 3. Room Number: All destinations have a three digit room number e.g. Green 2-218 = Green Zone, Floor 2, Room 218 All rooms have color-coded signs according to the zone you are in Information Kiosks are located at: Silver Tower Lobby Central Entrance Lobby (near Coral Gift Shop)

⌦ Emergency Procedures

Outside the Hospital: Dial 911 for all emergencies. In an emergency within the hospital, dial 1199 and: • Describe the problem to the operator. • Tell the operator the department, and color zone you are in, and the closest visible room number. • Stay on the telephone until the operator repeats the information back to you. • Always follow the directions of your assigned staff person or Charge RN.

⌦ Fire Safety

Fire Drill Procedure: Be prepared by locating the fire pull stations and fire extinguishers on the unit(s) you are observing.

• Remove all people from immediate danger. • Energize the closet fire pull station. • Dial 1199 and give the operator the exact location of the drill.

Then, • Close all doors. • Fight the fire if it is manageable. • To use a fire extinguisher:

• Pull the pin from the extinguisher • Aim at base of the fire • Squeeze handle • Sweep from side to side

4

⌦ Infection Control

Standard Precautions are to be followed for all patients at all times. Hand washing is to be practiced at all times. You must wash your hands before entering and leaving a patient’s room. Any protective equipment (gloves, face shields, gowns, scrubs) required for your job shadow experience will be provided and explained to you by your assigned staff person.

⌦ “Shadow” Assigned Staff

The “Shadow” assigned staff employee chosen for you will give you department specific instructions. You are expected to follow all instructions regarding infection control, standard precautions, and safety precautions. Situations may arise which will necessitate your assigned staff asking you to leave the observational setting. Please comply with all requests. If at any time you feel light-headed or dizzy during your shadow experience, please leave the room if possible or immediately sit down on the floor.

6

Lesson 1: Introduction Real People, Real Stories When you visit the doctor’s office, you trust that the information you provide will remain private and secure. You expect that as your medical records pass through the hands of dozens of employees—from registration to clinical staff to billing—only those with a legitimate need to know will access and use your information and that the integrity, availability, and confidentiality is secured at every step.

Our patients and clients trust that we will treat their information with the same care. But sometimes employee carelessness or misguided intentions keep this from happening. Check out what can happen when an individual's health information isn't properly protected:

Medical Identity Theft Recently, I received an Explanation of Benefits statement containing charges for services I did not receive.

It turns out that someone had accessed my health information and used my insurance to pay for repeated office visits and treatments. It’s going to take months to fix this.

Criminal Snoop Rumor had it that a celebrity visited the Emergency Room in critical condition! Curiosity got the best of me and I peeked into the ER files to see who it was and what happened. I got excited and spread the gossip around.

It turns out that snooping can be a criminal offense—shortly after, I was fired, and the hospital was fined $250,000 for violating federal medical privacy laws. Even worse, I could go to jail!

Fax Number Mishap It was a hectic day, and I needed to fax some medical billing information to a client. In a rush, I typed in the wrong fax number and sent the information to the wrong recipient.

Apparently the fax contained health information, and my simple mistake was the cause of a privacy breach and violated federal healthcare laws.

7

Lesson 1: Introduction HIPAA Overview The Health Insurance Portability and Accountability Act (HIPAA) grants individuals the ability to access their Protected Health Information (PHI) along with certain other rights. It also requires our organization to establish policies and practices that ensure patients’ PHI is protected and secure.

We follow HIPAA regulations because they're the law, but more so because they protect our patients and customers, giving them legal rights on who can access and use their PHI. In this course, you'll learn more about how you can protect our patients—and our organization—by following HIPAA regulations. Take a moment to review the course objectives.

Course Objectives Upon completing this course, you will be able to:

• Recognize the importance of HIPAA to individuals and our organization. • Define the rights of individuals and your responsibility to ensure these rights are ranted. • Identify examples of PHI and how to protect its confidentiality when using and disclosing

it. • Recognize the consequences for non-compliant behaviors. • Identify your responsibilities for reporting privacy and security incidents.

8

Lesson 1: Introduction Protected Health Information (PHI)

Protected Health Information (PHI) is any health-related information that can be used alone or in combination with other information to identify an individual. HIPAA regulations apply to all PHI, regardless of how it is communicated—whether it is shared verbally, in writing, or through electronic methods.

PHI may be found in healthcare records, demographic information, payment information, insurance claims—the list is endless, so you must be careful and mindful.

Help! What Is PHI? • Names of individuals and relatives • Postal addresses • Dates • Telephone and fax numbers • E-mail addresses • Social Security numbers • Medical Record numbers • Account numbers • Health plan beneficiary numbers • Certification/license numbers • Automobile VIN and serial numbers • Device identifiers and serial numbers • URLs and IP addresses • Biometric identifiers • Full face photographic images

Your Responsibility Everyone at our organization must comply with HIPAA regulations. That means everyone who provides healthcare directly, health plans and clearinghouses (covered entities), but also anyone who works at an organization that handles any type of PHI (business associates and hybrid entities).

By following HIPAA regulations, you support our organization's commitment to ensuring the security and privacy of PHI. By providing high quality services that safeguard PHI, you also protect our reputation, and help us avoid costly penalties, legal sanctions, and litigation fees for violating the law.

9

Did You Know? Last year medical industry data breaches affected nearly 3 million confirmed individuals throughout the U.S.

Knowledge Check Now, you’ll have a chance to help employees comply with HIPAA in the workplace. Review each person’s scenario and determine the best actions to take for each situation.

Scenario 1 Employee 1: “I’m worried about being liable for protecting PHI.” Employee 2: “Oh, don’t worry! As employees, we don’t really have to worry about all the HIPAA compliance. Our managers handle most of the compliance stuff.”

Is this accurate information?

o Yes, only those employees who directly handle PHI need to comply with HIPAA regulations.

o No, everyone, regardless of your role, needs to know and comply with HIPAA regulations.

Scenario 2 Employee “Oh my gosh! You won’t believe who just got plastic surgery!”

Can this employee share this information?

o Yes, this is general information and not PHI. o No, this is PHI and is against the law to share.

Scenario 3 Employee: “Hmm, I wonder if I need to keep this patient billing information secure…”

Does the employee need to protect this information?

o Yes, these records contain PHI. o Yes, but only from people outside of his workplace. o No, the information in these records is not confidential.

10

Answer Key Scenario 1: No is Correct. All employees are contractually and legally obligated to comply with HIPAA and our organization’s policies and procedures.

Scenario 2: No is Correct. Any information pertaining to the healthcare of an individual is PHI and cannot be shared or accessed unless there is an authorized need to know.

Scenario 3: Yes, these records contain PHI is Correct. Medical claim forms, patient contact information, healthcare billing statements, and explanation of benefits forms all contain PHI and need to be safeguarded.

Summary You have completed this lesson providing an overview of HIPAA.

Here are the key points covered:

• HIPAA requires us to keep patients' information secure and private. • PHI is information that can be used alone or in combination with other information to

identify an individual. • HIPAA regulations apply to all PHI, regardless of the method it is stored or

communicated. • Everyone is responsible for complying with HIPAA regulations and our organization's

privacy and security policies and procedures—even if your job duties do not directly include working with PHI.

11

Lesson 2: Using and Disclosing PHI HIPAA Privacy Rule HIPAA defines the permitted uses and disclosures of PHI. The HIPAA Privacy Rule states that PHI can only be used and disclosed to the minimum necessary for treatment, payment, and healthcare operations purposes. The minimum necessary standard requires us to evaluate our practices and enhance safeguards as necessary to:

• Limit unauthorized or inappropriate access to PHI. • Limit unauthorized disclosures of PHI.

Take a moment to learn more about the allowable purposes for sharing PHI in Treatment, Payment, and Healthcare Operations purposes.

Treatment Treatment activities include:

• The provision, coordination, or management of healthcare and related services among healthcare providers or by a healthcare provider and a third party.

• Consultation between healthcare providers regarding a patient. • Referral of a patient from one healthcare provider to another.

Payment Payment activities include:

• Determining eligibility or coverage under a healthcare plan and adjudication claims. • Risk adjustments. • Billing and collection activities. • Reviewing healthcare services for medical necessity, coverage, justification of charges,

etc. • Utilization review activities. • Disclosures to consumer reporting agencies.

Healthcare Operations Healthcare Operations activities include:

• Quality assessment and improvement activities. • Underwriting and other activities related to creating, renewing, and replacing health

insurance or benefits contracts. • Medical review, legal, and auditing services. • Business planning and development. • Business management and general administrative activities.

12

Lesson 2: Using and Disclosing PHI Use, Disclosure, and Request The HIPAA Privacy Rule also regulates the use, disclosure, and request of PHI. Take a moment to learn more about how these terms apply to your job functions.

Use – Definition and Guidelines Refers to activities conducted in routine business activities. Only those involved in the treatment, payment, or operations may share, apply, utilize, examine or analyze PHI.

Disclosure – Definition and Guidelines Refers to how PHI is shared between departments or outside of our organization. It includes the release, transfer, access, or divulgence of PHI. Disclosing PHI may be necessary for operational purposes but is subject to certain limitations.

Request – Definition and Guidelines Refers to any situation where an individual of our organization requests and/or is requested to disclose PHI to an outside entity. Requests for PHI may be necessary for operational purposes, but are subject to certain limitations.

Types of Disclosures It is critical to understand the limitations around disclosing PHI. Most disclosures fall into the following three categories:

• Permitted disclosures for treatment, payment, and healthcare operations. • Disclosures following an “Opportunity to Object.” • Disclosures required by law. • Disclosures requiring authorization.

Take a moment to learn more about these types of disclosures by reviewing the examples provided.

Permitted Disclosures “I need to share a patient’s PHI with her insurance company for billing purposes. Is this OK?”

You can share information with other providers, pharmacies, labs, etc., involved in the patient’s care or with the patient’s health plan to obtain payment.

13

Disclosures Following an Opportunity to Object “A family member is requesting information on a patient. Since they’re family, I can go ahead and share this.”

Sharing information with a patient’s family and friends—or including a patient in the facility directory—can occur only after the patient has been given an opportunity to object or “opt-out” of these types of disclosures.

Disclosures Required by Law “I received a subpoena for PHI provided by our customer, so I can disclose this information.”

We are legally required to disclose information in certain situations, being subpoenaed is one of them. Always follow our organization’s policies for handling this type of disclosure.

Disclosures Requiring Authorization “One of our employees was admitted to your facility this morning. How is he doing?”

Disclosing PHI to a patient’s employer without proper authorization is illegal. All disclosures not related to the patient’s treatment, payment for the treatment, and healthcare operations require authorization—except for requests required by law.

Knowledge Check Now, you’ll have a chance to help employees properly use and disclose PHI. Review each person’s scenario and determine the best actions to take for each situation.

Scenario 1 Front desk receptionist: “Eww! What a gnarly fracture!”

Is this employee violating HIPAA law by viewing this x-ray?

o Yes, she has no business need to view a patient’s x-ray. o No, viewing an x-ray does not violate privacy regulations.

Scenario 2 Patient: “Now, do I need to call the insurance company myself to provide my information? It would be great if you would call them for me!”

Employee: “No, Mrs. Jenkins. Our staff will take care of that for you.”

Is this correct?

14

Scenario 3 Manager: “I heard a rumor that one of my employees was hospitalized for substance abuse, which may affect his work eligibility. What was he admitted for?

Nurse: “Hmm…let me check.”

Does releasing patient information to an employer without authorization violate HIPAA regulations?

o Yes, authorization is required before disclosing PHI to a patient’s employer.

o No, releasing PHI to a patient’s employer is permitted if it could affect his workplace status.

Answer Key: Scenario 1: Yes is correct. The receptionist does not have a business need to view this PHI. Accessing, using, or disclosing PHI without authorization from the patient violates HIPAA regulations.

Scenario 2: No is correct. A covered entity can share information with other providers, pharmacies, labs, etc., involved in the patient’s care or to the patient’s health plan to obtain payment.

Scenario 3: Yes is correct. Disclosing PHI to a patient’s employer—or even looking at the patient’s file—is not permitted without proper authorization.

Summary You have completed this lesson on using and disclosing PHI.


• PHI can be used or disclosed to the minimum necessary for treatment, payment, and operations purposes.

• Only those involved in the treatment, payment, or operations may share, apply, utilize, examine, or analyze PHI.

• Most disclosures require authorization.

15

Lesson 3: Rights of Individuals Notice of Privacy Practices HIPAA regulations are based on requirements and standards concerning individuals' rights to their PHI. That’s why our organization provides every patient with a Notice of Privacy Practices.

The Notice of Privacy Practices describes how a patient’s PHI may be used or disclosed, as well as the rights the patient has regarding that information.

This notice must be provided to patients the first time they present for service, whether it is in person, over the phone, or through electronic means. A copy of this notice must also be posted at the location of the service.

Did You Know Covered individuals are those who receive treatment under a healthcare plan.

Rights of Individuals You have an ethical and legal responsibility to ensure individuals’ rights to their PHI are granted as outlined in the Notice of Privacy Practices. Let’s take a closer look at these rights.

Did You Know Denying patient requests for copies of their medical records was reported as one of the top HIPAA complaints.

Individuals have a right to:

• Inspect and request a copy of their PHI. • Amend their PHI. • Request an accounting of all PHI disclosures—note that some exceptions apply. • Request confidential communications of their PHI by alternative means. • Request restrictions on uses and disclosures of their PHI. • Obtain a paper copy of the Notice of Privacy Practices. • File a complaint regarding the privacy and security of their PHI.

16

Lesson 3: Rights of Individuals Handling Requests You protect individuals’ rights by handling requests appropriately, obtaining authorization for use and disclosure when necessary, and processing complaints in accordance with our policies. In general, all requests should be referred to the appropriate person within our organization, such as our Privacy Officer.

Take a moment to explore examples of requests and procedures for handling these requests.

Right to File a Complaint “I have been denied service based on information in my health record. I think my PHI has been disclosed illegally.”

Your Responsibilities In this situation, you should:

• Inform the individual of his right to file a compliant if he suspects his privacy rights have been violated.

• Refer the complaint to the appropriate person within our organization. Request to Amend Record “I need to correct the way a service is coded in my health record.”


• Explain that the patient has a right to request an amendment, and it’s the provider’s decision whether to accommodate the request. If the provider denies the request, the patient can submit a letter of disagreement that will be included in the record.

• Refer the request to the appropriate person within our organization.

Written Authorization “I need a spreadsheet of our patients’ contact information for marketing purposes.”


• Explain that using or disclosing PHI for marketing purposes is outside the scope defined by our organization and allowed under HIPAA and State law.

• Explain that we would need to obtain written authorization from all patients to use or disclose their information before fulfilling this request.

17

Lesson 3: Rights of Individuals Request to Limit Access “I’d like to limit who has access to my medical information.”


• Inform the individual that he has a right to request a restriction or limitation on the PHI we use or disclose for certain specified reasons.

• Refer the request to the appropriate person within our organization. Note that our organization is not required to agree to the restriction request in most instances.

Knowledge Check Now, you’ll have a chance to help employees ensure that individuals’ rights are respected. Review each person’s scenario and determine the best actions to take for each situation.

Scenario 1 Voice on telephone: “… and I know that I did not authorize you to share my information! I can’t believe this is happening to me …”

What should this employee do to process this patient compliant?

o Reassure the patient that her situation will be resolved immediately. o Transfer the call to his manager. o Refer the complaint to the appropriate person within our organization.

Scenario 2 Employee: “I need medical information on the following patients in order to process insurance claims.”

Does this request for information comply with HIPAA regulations?

o Yes, requesting information associated with the payment for healthcare is allowed.

o No, only medical and legal requests for PHI are compliant with HIPAA regulations.

Answer Key Scenario 1: Refer the complaint is correct. All complaints of this nature should be referred to the appropriate person within our organization. In most situations, this will be our privacy officer.

Scenario 2: Yes is correct. Requests made for PHI that deal with healthcare treatment, payment, or operations comply with HIPAA regulations.

18

Lesson 3: Rights of Individuals Summary You have completed this lesson on individuals' rights to their PHI.


• The Notice of Privacy Practices describes how patients' PHI may be used or disclosed, as well as the rights patients have regarding that information.

• It’s your responsibility to ensure individuals’ rights to their PHI are granted as outlined in the Notice of Privacy Practices.

• Individuals have a right to make requests and file complaints regarding the use of their PHI, and you must ensure requests and complaints are directed to the appropriate person.

19

Lesson 4: Securing PHI Securing PHI HIPAA regulations define the standards required for securing PHI.

Our organization must maintain reasonable administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of PHI. All employees are required to adhere to these safeguards to ensure that all PHI, regardless of its form (e.g., paper, electronic, spoken, etc.), is secure.

Securing PHI not only ensures we keep our customers’ trust, but also reduces the risk of incidents—and severe legal consequences.

Physical Safeguards You can minimize the risk of unauthorized access to PHI by following physical security practices in your workplace.

Review some of our organization's policies for physical security by reviewing the security controls below.

Secure Storage and Disposal

• Keep PHI out of clear view from the public (desks, copiers/fax machines) and stored in secure areas.

• Dispose of documents and electronic media containing PHI in secured containers or by shredding.

Mobile Device Security

• Physically secure your laptop and other mobile equipment with security cables or in locked drawers.

• Never leave your laptop or smart phone unattended in the office, in your car, or when travelling.

• Password protect mobile devices such as PDAs, smart phones, and USB drives. Access Control

• Always keep office doors and cabinets locked. • Do not allow anyone to follow you into a secure location. Ensure that anyone who

enters swipes his or her badge. • Always follow our organization’s policies for accessing PHI. • Only discuss PHI in private settings to avoid eavesdropping.

20

Lesson 4: Securing PHI Technical Safeguards When accessing, storing, and/or transmitting PHI on computers, smart phones, USB drives, and other electronic devices, be sure that you follow our organization’s procedures related to:

• Accessing networks. • Encrypting e-mail and files containing PHI. • Using passwords. • Installing and modifying software. • Take a moment to learn how our organization implements technical safeguards.

Did You Know There are over 370 passwords that have been identified as the most commonly used and “hackable” passwords. Do your research, and be sure you aren’t using one of them!

Technical Safeguards

• Use passwords that consist of a combination of characters, such as upper and lowercase letters, numbers, and possibly special characters.

• Set your laptop or mobile device’s screensaver to require a password and appear automatically when the device is not in use.

• Never share your password with anyone, including family, friends, or coworkers. • Encrypt CDs and all mobile devices, such as USB drives, containing PHI. • Only connect to approved and secure networks when accessing PHI.

Knowledge Check Now, you’ll have a chance to help employees secure PHI in the workplace. Review each person’s scenario and determine the best actions to take for each situation.

Scenario 1 Employee: “Hold the door! I forgot my badge.”

Should this employee hold the door open for another employee when entering a secured area?

o Yes, if the person is in the building, he must be a valid employee. o Yes, but only if the employee has valid ID. o No, all employees need to scan their badges to enter the secured area.

21

Scenario 2 Employee 1: ““I can’t access this system with my password. I was just in the system yesterday!”

Employee 2: “Hmm…They must be in the middle of a system update. Here, go ahead and login as me.”

Does sharing your login credentials violate our organization’s security policy?

o Yes, you should never share your login or password with anyone. o No, as long as you change your password immediately afterwards. o No, you can share passwords with managers or the IT department.

Answer Key Scenario 1: No is correct. It is a security violation to allow anyone to follow you into a secure location. Ensure that anyone who enters scans his or her badge.

Scenario 2: Yes is correct. It is against our security policy to share your password with anyone, regardless of their position in our organization. Sharing passwords allows unauthorized people to access information, which violates HIPAA regulations.

Summary You have completed this lesson on securing PHI.


• All employees are responsible for protecting PHI. • Always follow our organization’s procedures for accessing, transmitting, storing,

securing, and disposing of PHI.

22

Lesson 5: Enforcement and Breach Notification HIPAA Enforcement and Penalties In addition to specifying the ways that PHI must be protected, HIPAA regulations also contain specific penalties for failing to protect PHI. Any improper release, acquisition, use, or disclosure of PHI may be a violation of HIPAA regulations.

These types of incidents not only violate individuals’ privacy rights—and their trust in our organization—but also may have severe consequences ranging from significant fines to criminal penalties. Monetary penalties and legal sanctions exist to prevent incidents from occurring and also provide consequences for those who violate HIPAA rules and regulations.

Everyone in our organization is legally obligated and accountable for following HIPAA regulations as well as our organization’s privacy and security policies and procedures.

Types of Violations The biggest risks to maintaining the privacy and security of PHI usually occur from within our organization. We must protect against violations, whether caused by a lack of someone following the appropriate privacy and security procedures, or by a malicious attempt to steal information.

Take a moment to learn more about privacy and security violations.

Privacy and Security Violations

HIPAA legislation increases the penalty amounts based on the level and intent of a breach of privacy.

All incidents are classified and penalized according to their type.

Examples include: • Faxing a document containing PHI to the wrong number. • Sending lab results to the wrong patient. • Giving discharge instructions to the wrong patient. • Leaving a computer logged on and unattended. • Leaving passwords in plain view of others. • Using ePHI without the proper security controls.

23

Lesson 5: Enforcement and Breach Notification Breach Notification To comply with HIPAA, our organization must investigate all privacy and security incidents in which PHI has been improperly accessed, acquired, used, or disclosed. This requirement applies to all forms of PHI and includes all unauthorized types of access and disclosures— inside and outside of our organization.

We must also notify individuals of the incident if the breach poses significant risk or harm to the privacy or security of their information.

To ensure we fulfill these requirements, you are responsible for promptly reporting suspect actions—no matter how minor they may appear—through our organization’s incident reporting process.

Did You Know? If an incident affects more than 500 people, our organization must notify the media.

Knowledge Check Now, you’ll have a chance to help employees report incidents in the workplace. Review each person’s scenario and determine the best actions to take for each situation.

Scenario 1 Employee: “Uh oh. I just e-mailed a patient’s contact information to the wrong address…”

What should this employee do?

o Wait to see if the e-mail bounces back before doing anything. o Nothing. Mistakes like this happen all the time. o Consider this to be an incident and report it.

Scenario 2 Employee: “Who threw this patient’s contact information away in the regular garbage? I wonder who saw this…”

What should this employee do?

o Nothing. No one will ever see it beyond the facility. o Remove the record from the trash can and report the incident. o Notify the patient immediately.

24

Answer Key Scenario 1: Report this incident is correct. Although mistakes do happen, sending PHI to an unauthorized party is an incident and, by law, must be reported.

Scenario 2: Remove and report is correct. Finding unsecured PHI is a violation. The PHI needs to be secured and the incident needs to be reported immediately.

Summary You have completed this lesson on HIPAA enforcement and notification.


• An incident is defined as the suspected or known improper access, acquisition, use, or disclosure of PHI.

• Everyone in our organization is responsible and accountable for following our organization’s procedures for safeguarding PHI and promptly reporting incidents.

• To comply with HIPAA, our organization must investigate all suspected or known privacy incidents in which PHI may have been improperly accessed, acquired, used, or disclosed.

25

Lesson 6: Next Steps Summary Congratulations! You’ve completed this training on HIPAA regulations and compliance.

Here’s a quick review of the key points covered in the course:

• HIPAA requires us to keep patients' information secure and private. • You must follow our organization’s policies and procedures when using, disclosing,

transmitting, storing, or requesting PHI to ensure that individuals’ rights are respected. • PHI may be used and disclosed to the minimum necessary for treatment, payment, and

healthcare operations purposes. • Unauthorized access of PHI has severe consequences to our patients and our

organization, and you are obligated to comply with HIPAA standards to ensure PHI remains secure.

• You have a responsibility to identify and promptly report privacy and security incidents using our organization’s reporting policies and procedures.

Next Steps Remember, HIPAA compliance begins with you!

If you have any questions regarding HIPAA compliance or your role in enforcing HIPAA rules and regulations, contact our organization’s privacy or security officers.

Resources Privacy complaints, requests, and incidents should be reported to our organization’s Privacy Officer. HIPAA privacy & security policies are located in Lucidoc.

Contact Information Privacy Officer: Sheila Green-Shook Telephone #: 425-899-1939 Hot Line #: 425-899-5599 Email: [email protected]

mailto:[email protected]

26

HIPAA Assessment 1. When you comply with HIPAA standards, what are you ensuring?

a. Patients have unlimited access and control over their health information. b. Patients have legal rights regarding who can access and use their PHI. c. Our organization has implemented the proper security controls required by law. d. Our organization has the final say on who can access our patients and/or customers’

PHI. 2. You attempt to log in to an unattended computer but notice one of your coworkers is still

logged in with their credentials. What should you do? a. Log out of the computer and log back in with your credentials. b. Stay logged in as your coworker—you will only be using the computer for a minute. c. Ask around to see if anyone else has used the computer. d. Log out and report the situation to the Privacy Officer.

3. You are eating lunch in a public place with a coworker who begins to tell you details about

a patient’s condition. Is this permitted? a. Yes, if you have an authorized need to know. b. Yes, as long as she doesn’t disclose the patient’s name. c. No, only your coworker and her patient are legally allowed to discuss the patient’s

condition. d. No, even if you have an authorized need to know, you should never discuss PHI in a

public place where others may hear. 4. You receive a medical file containing a patient name, address, e-mail address, injury report,

and automobile VIN number. Which of the information is PHI? a. The patient name b. The patient name, address, and e-mail address c. All of the information is PHI d. None of the information is PHI

5. What’s your responsibility in protecting PHI?

a. To know and follow our organization’s HIPAA security and privacy policies and procedures for safeguarding PHI.

b. Limited, the person who gave me the PHI is responsible for its protection. c. To know what it is and report violations as needed. d. None, I don’t ever work with PHI.

6. True or False: You are only liable for securing physical or electronic forms of PHI.

a. True—having conversations about PHI is just part of our business and requires no security controls.

b. False—reasonable safeguards need to be taken to secure all PHI, regardless of its form.

27

7. To what extent can you access, use or disclose PHI? a. To the minimum degree necessary required for treatment, payment, and health care

operations. b. To the minimum degree necessary to ensure a profit for the organization. c. To the extent necessary to fulfill authorizations allowed by the patient. d. Generally, if you can access PHI, you can use it.

8. As you scan your badge to enter a restricted area, a coworker approaches you and asks

you to hold the door. Should you let him follow you in? a. Yes, as long as you are sure he works at our organization. b. Yes, as long as he says he is authorized to enter the area. c. Yes, as long as he has an employee badge. d. No, all employees need to scan their badges to enter a restricted area.

9. You receive a patient complaint that their privacy has been violated. What should you do?

a. Try to resolve the situation. b. Direct the complaint to the appropriate person in the organization (the Privacy

Officer). c. Determine if it is a valid complaint and then report it as necessary. d. Nothing—complaints are a natural part of business operations.

10. A coworker asks you to provide him with PHI for one of his employees. He isn’t authorized

to access the information himself, but assures you he has no malicious intent. Should you do this?

a. Yes, because he is a coworker, he has a business need. b. Yes, if he has no malicious intent, there’s no harm in doing a favor. c. No, you can’t be sure he won’t use this information illegally. d. No, providing this information—regardless of intent—is against the law and could

result in massive legal repercussions. Note: 80% correct is required to pass this assessment.

Name (Please Print):

Signature: Date:

Score:

28

Evergreen Healthcare Policy Immunity/Vaccination and Tuberculosis Screening Requirements

Infection Control & Employee Health

TITLE:

20412 (Rev: 0)Official

Immunity/Vaccination and Tuberculosis Screening Requirements

PURPOSE:

The healthcare environment presents risks of exposure to communicable disease for healthcare workers, patients, and visitors. The purpose of this policy is to establish immunity guidelines for specific vaccine preventable diseases and for tuberculosis screening to protect healthcare workers, their families, and our patients.

SCOPE:

This policy applies to all employees, members of the medical staff, volunteers, students, contractors, and vendors referred to as "covered individuals" for the purposes of this document.

POLICY:

All covered individuals are required to provide documentation of immunity/vaccination as set forth in the procedures of this policy. Compliance with this policy is a condition of employment. Failure to comply with this policy may result in disciplinary action up to and including termination of employment. This policy is based on guidelines published by the Centers for Disease Control and Prevention (CDC), Advisory Committee on Immunization Practices (ACIP); Joint Commission standards; OSHA/WISHA regulations (WAC 296-823) and Washington State Department of Health regulations.

PROCEDURE:

Employee Health Services assesses all employees and volunteers for immunity to Measles, Mumps, Rubella, and Varicella (chicken pox). In addition, all employees and volunteers are screened for current Tetanus, Diphtheria, Pertussis vaccination and seasonal influenza vaccination. Hepatitis B vaccination is offered to healthcare workers in accordance with OSHA/WISHA regulations. Employee Health Services screens all employees and volunteers for Tuberculosis infection in accordance with CDC guidelines and Department of Health regulations.

All covered individuals are required to provide documentation of:

• Measles, Mumps, Rubella (MMR) - Two doses of MMR vaccine or serologic evidence of Measles, Mumps, and Rubella immunity.

• Varicella - Two doses of Varicella (chicken pox) vaccine, serologic evidence of immunity, or a documented history of varicella disease based on diagnosis or verification of disease by a healthcare provider.

• Tetanus, Diphtheria, and Pertussis (Tdap) - One-time dose of Tetanus, Diphtheria, and Pertussis (Tdap) vaccine for employees younger than age 65. Tetanus-Diphtheria (Td) booster every ten years.

• Influenza - Seasonal influenza vaccine (for the current flu season).

Covered individuals in certain job classifications are required to provide documentation of:

29

• Hepatitis B - Three doses of Hepatitis B vaccine and/or a positive Hepatitis B antibody titer showing immunity or a signed declination (required for staff in job classifications with the potential for exposure to blood and body fluids - see Exposure Control Plan for a list of these job classifications). Healthcare workers may decline this vaccination by signing a declination statement acknowledging that they have been offered the vaccination but decline to receive it. Refer to document titled Exposure Control Plan (Organizational) for additional information.

• Meningococcal - One dose of meningococcal vaccine recommended for microbiologists who work with isolates of Neisseria meningitidis. Healthcare workers may decline this vaccination by signing a declination statement acknowledging that they have been offered the vaccination but decline to receive it. Refer to Meningococcal Vaccine Policy for additional information.

If immunization documentation is incomplete, Employee Health Services will arrange for the required blood tests (antibody titers) and/or immunizations. If titers are negative, Employee Health will provide necessary vaccinations at no cost to employees or volunteers.

New Employees

All new employees must be screened by Employee Health Services prior to their first day of employment. All employee immunity/vaccination and tuberculosis screening requirements must be completed by the 14th day of employment. For vaccines that require multiple doses to achieve immunity (e.g., Hepatitis B, MMR, Varicella), the individual will be cleared to begin work once the series is in progress. However, failure to adhere to the vaccination schedule instructions provided by Employee Health Services will constitute noncompliance with this policy. Failure to comply with this policy will result in the employee not being scheduled to work until the requirements are completed.

Declination

Requests to decline a vaccination based on medical contraindication or religious beliefs will be considered on a case-by-case basis. The need to decline a vaccination for a medical reason must be confirmed in writing by a physician. After review of documentation submitted and follow-up with the physician as needed, Employee Health Services will approve or disapprove these requests. Declinations based on religious beliefs will be reviewed by Human Resources and must be accompanied by a written statement signed by the spiritual leader of the religious organization explaining how receiving the immunization(s) conflicts with the religious beliefs.

Tuberculosis Screening

1. Initial - Required of all covered individuals

• Quantiferon Gold (QFT) blood test or a two-step purified protein derivative TB skin test (TST) or documentation of annual TB skin tests from the previous two years. If the individual has a history of a positive TB skin test, he or she must provide a copy of the report from a chest x-ray completed within the two years prior to date of hire and complete a Tuberculosis Risk Assessment questionnaire.

2. Annual - Required for clinical employees and Level 2 volunteers.

• The annual screening will consist of a TB skin test, QFT blood test, or TB symptom questionnaire. The type of screening will depend on whether the individual is an employee or a volunteer and previous TB screening

30

results. The chart below provides a quick reference for employee TB screening.

Quick Reference Guide for Employee TB Screening (Initial and Annual)

TB Skin Test (TST)History

Initial Quantiferon Gold

Test (QFT) Result

QFT Follow-Up Actions

Annual Screening

Requirement for Clinical Staff

History of negative TST

Negative

None Required

Tuberculin skin test (TST)

History of positive TST

Negative

Send Quantiferon Gold test (QFT) result to employee

Annual QFT (blood test)

History of positive or negative TST

Positive

Refer to Employee Health RN. Must follow- up with EHS within one week CXR if none completed within the past 2 years: must complete within 1 week Not cleared until CXR and TB risk assessment questionnaire are completed and reviewed by RN

Annual sign/symptom check No further TST’s or Quantiferon Gold testing No further chest x- rays unless employee has an unprotected exposure or develops symptoms of active tuberculosis.


Indeterminate #1

Repeat QFT

Action depends on redraw result


Indeterminate #2

Refer to Employee Health RN for additional assessment

Determined based on RN assessment and consultation with Employee Health Medical Director.

Refer to document title Tuberculosis Control Program and Quantiferon Gold Test for Detection M. Tuberculosis for additional information.

Students, Agency Personnel, Contractors, and Vendors

• Students, agency personnel, contractors and vendors will meet the requirements set by Evergreen Hospital Medical Center policy to assure they are free of communicable disease.

• Each agency is required by contract, to assure that their personnel comply with these requirements. Students, agency personnel and vendors may obtain required immunizations,

31

titers, and TB testing for a fee from Employee Health Services. Supportive documentation is maintained by the school/organization and will be provided to Evergreen Hospital Medical Center upon request.

References

Centers for Disease Control and Prevention. Recommended adult immunization schedule - United States, 2010. MMWR 2010;59(1).

Centers for Disease Control and Prevention. Prevention and Control of Influenza with Vaccines. MMWR 2010;59 (No. RR-8): 1-61.

Centers for Disease Control and Prevention. Epidemiology and Prevention of Vaccine-Preventable Diseases, 11th Edition, May 2009.

Joint Commission Requirements for Accreditation of Healthcare Organizations Infection Prevention and Control Standard.

Washington Administrative Code, Chapter 246-170, Tuberculosis Prevention, Treatment, and Control.

Department of Health and Human Services, CDC Guidelines for Preventing the Transmission of Mycobacterium Tuberculosis in Health Care Settings, Guidelines

32

Evergreen Healthcare Policy Work Restriction Policy



POLICY

Persons with an infectious disease or who are susceptible and exposed to an infectious disease shall be restricted from direct contact with patients when transmission of the disease to the recipients of care or others in the workplace can occur in that particular job environment and/or the disease can cause serious illness.

All healthcare workers are strongly encouraged to receive recommended vaccines including influenza. There is a zero tolerance policy regarding employees working with febrile illnesses or uncontrolled cough. However, in the event of accidental person to person transmission or an illness or an outbreak, appropriate follow up can be received in Employee Health Services.

INCLUSIONS:

Evergreen Healthcare employees, physicians, students, volunteers and vendors employed or contracted by Evergreen Healthcare.

REGULATORY REFERENCE: Washington Administrative Code (WAC) 248-100-186

PURPOSE

To prevent transmission of infectious diseases to patients, visitors and staff within Evergreen Healthcare.

PROCEDURE

Employee Health (425.899.2282) or after hours the Healthline (425-899-3000) should be consulted if there are questions concerning the safety of allowing employee to return to work.

1. An employee who believes he/she may be in the early stage of an infectious illness

must remain home and consult their health care provider. See table of work restrictions for specific diseases.

2. Employees should not report to work if they have:

a. Fever of 100.5 or more, by itself or with any of the following symptoms: • Cough, runny nose, or sneezing

• Sore throat

• Swollen glands

b. Eye infections c. Vomiting

33

d. Diarrhea (more than one loose stool per day) e. Uncontrollable cough f. Undiagnosed rash and / or (+/- fever)

3. If the employee is already at work, he/she must take protective measures to prevent

transmission until the situation can be evaluated and they can be released from their work duties. Arrangements for the employee to be relieved of duty as soon as possible must be made through the manager or designee. The manager or employee may call Employee Health Services (EHS)or Infection Control if they have questions.

4. A physicians release and approval by EHS may be required for an employee to return to work after an illness.

Guidelines for managing employee work restrictions are listed in the table. The Medical Director of Infection Control and/or Employee Health may be consulted if needed.

SECTION I. An employee with an infectious illness or exposure to an infectious disease may not work in the hospital environment during the known period of communicability.

Chickenpox (Varicella zoster) • Active

• Post exposure

(susceptible employee)

Until all vesicles are dried and crusted.

From 10th day after first exposure through 21st day (28th day if varicella- zoster immune globulin, VZIG, is given) after last exposure or if varicella occurs until all lesions are dry and crusted.

Herpes simplex • Genital

• Whitlows

• Orofacial

Employees may work with good hand washing. Relieved from direct patient care until lesions heal. Must see Employee Health prior to returning to work Not able to work in NICU, Pediatrics, Women’s services or with any severely immunocompromised patients. Must be cleared by employee health

Shingles (Herpes zoster) • Localized, in healthy employee

Generalized or localized in immunosuppressed employee

Restrict from patient contact. Non- clinical employees may work outside of patient care areas with lesions covered. Restrict from patient contact

Measles (Rubeola, hard measles) • Active

• Post exposure

Until 7 days after rash appears. Until 5th day after first exposure through

34

(susceptible employee) 21st day after last exposure and /or 4 days after rash appears.

Rubella • Active

• Post exposure

Until 5 days after rash appears

Until 7th day after first exposure through 21st day after last exposure.

Mumps For 9 days after onset of swelling; less if swelling has subsided.

Influenza like illness (ILI)

• Incubation 1-3 days

• If exposed and employee has been vaccinated, no antivirals are needed.

• If symptomatic and employee has not been vacinated, employee should not work and antivirals should be initiated.

• Influenza vaccination is required when antivirals are indicated unless the influenza vaccination is contraindicated.

Viral respiratory infections, acute febrile Restrict from direct patient care until acute symptoms resolve and respiratory secretions are controlled. NOTE: An employee who has cold symptoms, such as runny nose without fever must wear a surgical mask during patient contact and practice rigorous hand hygiene.

Pertussis • Active

• Post Exposure (asymptomatic employee)

• Post Exposure (symptomatic employee)

Active Pertussis-Exclude from duty for five days after start of effective antimicrobial therapy or until 3 weeks after the onset of paroxysms if appropriate antimicrobial therapy is not given. Prophylaxis is required Exclude from duty until 5 days after start of effective antimicrobial therapy.

Rubella (German measles) Until 5 days after rash appears

Scabies or Lice Until 24 hours after initiation of appropriate treatment and cleared by EHS.

Tuberculosis

35

• Active disease

• PPD converter

Until receiving appropriate therapy and clinical improvement. The infectious disease physician shall review the case prior to allowing the employee to return to work. No restrictions after active disease ruled out.

SECTION II. An employee may or may not require work restriction due to specific acute infections or carrier states. Staphylococcus aureus

• Active, drainig skin lesion

• Carier state

Restrict from contact with patients and patients environment or food handling until lesion(s) have resolved. No restrictions, unless employee are epidemiologically linked to transmission of the organism.

Streptococcal infection, group A Until 24 hours after adequate treatment started.

Acute hepatitis B, HBsAG positive Acute hepatitis C HIV positive or AIDS

Consult with EHS Infection Control Medical Director will evaluate on a case by case basis.

Neisseria meningitidis (meningococcus) • Acute

• Post Exposure (close intimate contact with positive patient)

An employee would be too ill to work Exclude from duty until 24 hours after effective therapy. Prophylaxis required

Hepatitis A, Salmonella, Campylobacter, Shingella, Cholera, Worms/Parasites, Amebiasis

Food handlers are restricted. In other health care workers, evaluation by Employee Health or Infection Control is necessary.

SECTION III. An employee must be evaluated by Employee Health or their health care provider regarding their release to work if they have signs or symptoms of the following:

• Any possible or diagnosed infectious condition, such as skin infections, pertussis, C diff, shingles.

36

Evergreen Healthcare Policy Exposure to Blood and Body Fluid Management


POLICY


Post-exposure follow up and treatment is provided for all employees, physicians, students, and volunteers when any exposure to blood or body substances considered potentially infectious material (OPIM) for HIV, Hepatitis B and C has occurred.

This policy covers post-exposure management of exposures to blood or OPIM and for HIV, Hepatitis B and Hepatitis C testing. This document includes policy for consent for testing in post-exposure situations and guidelines for initiating post-exposure prophylaxis (PEP) medications when appropriate.

PURPOSE

To provide a consistent approach in the assessment and treatment of occupational exposures to blood or OPIM.

Exposures include but are not limited to:

1. Puncture wound from a needle or sharp instrument contaminated with blood or other

potentially infectious material (OPIM) 2. Inoculation of conjunctivae with blood or OPIM (eye splash) 3. Inoculation of oral mucosa with blood or OPIM 4. Cutaneous contamination with blood or OPIM 5. Human bites

PROCEDURE

All Evergreen Hospital Medical Center employees with an occupational exposure to blood or OPIM must report immediately to Employee Health Services, 0800-1600, on pager 206-989- 6897 or if unavailable/after hours to the Nursing Supervisor at 425-890-4328.

Employee/Physician/Volunteer 1. Immediately report the incident to the manager/designee and Employee Health Services on

pager 206-989-6897. If after hours contact the Nursing Supervisor at 425-890-4328. Managers/designee must ensure coverage is provided to the employee on a timely basis so they can proceed with the exposure follow up.

2. Immediately report to the Emergency Department for: • Exposure to known HIV positive or high risk patient

• An injury that requires medical attention 3. Home Health staff should be directed to report to the nearest hospital emergency department

if they require immediate medical attention; otherwise, See Attachment "E" for Home Health or Outpatient Exposure Management.

4. The Emergency Department (ED) provides treatment as warranted by the injury. See Policy for Chemoprophylaxis after Occupational Exposure to HIV. PEP (Post Exposure Prophylaxis for Blood and Body Fluid Exposures). Exposures requiring medical intervention are workers compensation claims. When the employee requires medical treatment such as

https://www.lucidoc.com/cgi/doc-gw.pl?ref=everg5%3A12239



37

chemoprophylaxis or injury is severe enough for intervention, ED registration will inform employee of Labor and Industries and Self Insured Employers claim information. See Attachment “C”

5. Within the first two hours after exposure, the person managing the exposure( e.g.Employee Health or Nursing Supervisor) is responsible for reporting the rapid HIV test results to the employee and providing additonal instructions for follow up action. If employee health or nursing does not receive timely results, lab can be called at extension 3898. Post- exposure Chemoprophylaxis (PEP) medications work best when started within 1-2 hours from exposure.

a. The employee must stay at work until the source patient’s HIV test result has been determined.

b. If “rapid HIV” result is positive the employee needs to report to the Emergency Department immediately.

c. If employee has not had tetanus vaccine for greater than five years, employee is to contact Employee Health Services within 48 hours to receive tetanus vaccine. If the employee is seen in the ED, vaccination will be provided if indicated.

d. After hours the ED or Nursing Supervisor must notify Employee Health Services of the exposure by leaving a message at 425-899-2278 and fax the exposure worksheet to Employee Health Services 425-899-2277.

e. Bring all documentation of exposure (Employee Report of Accident form, Epinet survey, consents and completed exposure worksheet) to Employee Health Services. If after hours, leave in confidential drop box next to office door.

Consent and Test

HIV counseling and consent are obtained from the employee and source patient using the “HIV Antibody Blood Consent” form. Informed consent must be obtained before the HIV test is performed. Verbal consent is allowed but must be documented. The person who has legal authority (power of attorney) for the source patient can authorize the test if the source patient is not able. All HIV test results are confidential to the patient and employee and may only be disclosed to the authorized individuals. Health care workers may exchange confidential medical information related to HIV testing, the HIV test results and confirmed HIV or other transmitted disease diagnosis and treatment only when necessary in order to provide health care services to the patient or employee.

If the source patient refuses to have HIV testing then notify public health. See Attachment C. HBsAG and HCV can be tested on the source patient without consent if blood is available.

If the employee consents to baseline blood collection, but doesn't give consent at that time for

HIV serologic testing, the sample must be preserved for at least 90 days. If, within 90 days of the exposure incident, the employee chooses to have the baseline sample tested, it must be done as soon as possible. Employee Health will send written to lab to hold the blood for 90 days.

All testing is charged to the Employee Health Services account with no cost to the employee or patient. If medical care is sought, expenses will be paid by workers' compensation.

Employee and Source Patient Blood Test Identifier

Exposure packets containing the pre-marked laboratory requisitions are located in all patient care departments and the Nursing Supervisor office. Sticker identification numbers located on each laboratory requisition are used for the employee and patient identification for the initial blood tests during a post-exposure follow up. The sticker identification must be placed on every blood tube to match the appropriate laboratory requisition.

38

Source Patient Testing

Source Patient Baseline Testing: Rapid HIV, HepC AB, HepBs AG

1. Rapid HIV testing is used. The purpose of performing the rapid test is to provide the exposed employee quick information about the exposure and to determine if chemoprophylaxis should be started for the employee.

2. The Employee Health Nurse/designee or Nursing Supervisor must call the laboratory staff to come to the unit to draw the source patient’s blood and the lab tech must be given the laboratory requisition at the time of the blood draw. The Employee Health Nurse or Nursing Supervisor must inform the laboratory staff how to contact them by pager for timely report of source patient rapid HIV test results.

3. "Source Patient” and “Rapid HIV” test are pre-marked on the laboratory requisition in the exposure packet.

4. Report the Rapid HIV test result immediately to Employee Health Services or after hours to the Nursing Supervisor.

5. Lab will report the the source patient HIV test result to the person managing the exposure. If the HIV result is positive the person managing the exposure will contact the employee in person to report the results and instruct the employee that PEP medication is needed.

• If the rapid HIV test is positive, escort the employee to the Emergency Department

immediately • Disclose test results only to the exposed employee, ED physician, Employee Health

Services and Infectious Disease Physician

• Positive HIV tests must be confirmed by Elisa and western blot prior to notifying the source patient's attending physician

• The Hepatitis B surface antigen and Hepatitis C tests are sent to PACLAB. The results of these tests will be available within two days and will be sent to Employee Health Services.

Employee Testing

Employee Baseline Testing: HIV 1/2 Abs, HepBs Ab, Hep C Ab

1. Written or verbal informed consent must be obtained before the HIV antibody test can be performed. If verbal consent then must be documented.

2. Employees may have their blood drawn by the main laboratory in Client Services Purple 1-368 during normal business hours or in their department after hours.

3. The HIV antibody test (EIA), Hepatitis B surface antibody, and Hepatitis C antibody are performed at PACLAB for the employee on a non urgent basis and will be available within two days

4. “Employee”is pre-marked on the lab requisition 5. PACLAB will send the hard copy of the lab results to the Employee Health Services confidential

printer

Attachments for these procedures follow at the end of this document:

• Attachment A: Recomended post exposure prophylaxis for exposure to Hepatitis B virus

• Attachment B: Health Department Assistance with Source Patient Consent

• Attachment C: Counseling Instructions

• Attachment D: Workers Compensation Information

39

• Attachment E: Exposure at Home Health or Outpatient Setting DOCUMENTATION

All documentation and lab results are kept in Employee Health Services in exposure files that are separate from the employee health file.

Exposure packets contain:

• Exposure Checklist

• Exposure algorithm

• HIV consent forms for the employee and source patient

• Laboratory requisitions for the employee and the source patient with pre-assigned identifiers

• Exposure worksheet

• Employee Injury/Incident Report

• Epinet survey

• Employee Health Services business cards

• Envelope marked "Confidential" for returning forms to Employee Health Services FOLLOW UP SERIAL TESTING FOR HIV, HEP B AND HEP C

Every effort is made to reach the employee by phone to notify them of test(s) results as soon as the results are made available. The Employee Health Coordinator will send a written follow up medical report to the employee within 15 days. The report will indicate whether Hepatitis B vaccination is or is not indicated.

1. If the source patient, initial test results are negative for HIV, Hepatitis B surface antigen (HBs

Ag) and Hepatitis C antibody (HCAb), follow up testing is not recomended for the employee. 2. If follow up testing is needed, Employee Health Services will send follow up testing packets to

the employee through the hospital mail system. Additional testing will be provided at no charge to the employee. The employee is informed of the follow up recommendations when counseled during the follow up for the incident.

40

Post-exposure Prophylaxis (PEP) and Testing Schedule

Source Patient Testing

(At time of exposure)

PEP for

Employee

Employee Initial

Testing (At time

of exposure)

Employee Follow-up

Testing 3 weeks

Employee Follow-up

Testing 6 weeks

Employee Follow-up

Testing 3 months

Employee Follow-up

Testing 6 months

Source Patient unknown

Determined case by case (Employee Health or designee, ID physician or ED physician to determine)

HIV HBsAB HCV

HCV RNA HIV antibody HCV antibody

HIV antibody HCV antibody

HIV antibody HCV antibody

HIV, HCV, and HBsAG negative

PEP - No HIV HBsAB HCV

None None None None

HIV positive PEP - Yes HIV HBsAB HCV

None HIV antibody HIV antibody HIV antibody

HCV positive PEP - No HIV HBsAB HCV

HCV RNA HCV AB HCV AB HCV AB

HBsAG positive* PEP - No, if employee HBsAB titer is positive

HIV HBsAB HCV

None None None None

PEP - Yes, if employee HBsAB titer is negative**

HIV HBsAB HCV

None HBsAG HBsAG HBsAG

**If source patient positive for HBsAG and employee is a known non responder then administer HBIG x 1 and initiate revaccination or administer HBIG x 2.

***If source patient is unknown and employee HBsAB is negative, revaccinate.

If the source patient is HIV positive, employee HIV testing schedule is baseline, 6 weeks, 3 months, and 6 months.

If the source patient is Hepatitis C positive, a baseline antibody will be done on employee and a PCR will be performed at 3 weeks on the employee. Hep C antibody will be checked again on the employee at 6 weeks, 3 months and 6 months.

41

ATTACHMENT A Recommended postexposure prophylaxis for exposure to Hepatitis B virus

Vaccination and antibody Treatment response status of exposed workers* Source Source Source

HBsAg+ positive HBsAg- negative unknown or not available for testing

Unvaccinated HBIG§ x 1 and initiate HB vaccine series¶

Initiate HB vaccine series

Initiate HB vaccine Series

Previously vaccinated Known responder** Known

nonresponder€

No treatment HBIG x 1 and initiate revaccination or HBIG x2±

No treatment No treatment

No treatment If known high risk source, treat as if source were HBsAg positive

Antibody response unknown Test exposed person for anti-HBs≠

1. If adequate, ** no treatment is necessary 2. If inadequate,€

administer HBIG x 1 and vaccine booster

No treatment Test exposed person for anti-HBs 1. If adequate, ** no treatment is necessary 2. If inadequate, €

administer vaccine booster and recheck titer in 1-2 months

* Persons who have previously been infected with HBV are immune to reinfection and do not require postexposure prophylaxis. + Hepatitis B surface antigen. § Hepatitis B immune globulin; dose is 0.06 mL/kg intramuscularly. ¶ Hepatitis B Vaccine. ** A responder is a person with adequate levels of serum antibody to HBsAg (i.e., anti-HBs

≥10 mlU/mL). € A nonresponder is a person with inadequate response to vaccination (i.e., serum anti-HBs < 10 mlU/mL). ± The option of giving one dose of HBIG and reinitiating the vaccine series is preferred for nonresponders who have not completed a second 3-dose vaccine series. For persons who previously completed a second vaccine series but failed to respond, two doses of HBIG are preferred. ≠ Antibody to HBsAG

42

ATTACHMENT B

Health Department Assistant with Source Patient Consent

When a health care provider, person working in a health care facility, firefighter, or law enforcement officer has been exposed to another person’s blood while on the job, you may need to know that source person’s hepatitis B virus (HBV) or HIV serostatus.

If you are unable to obtain voluntary consent from either the source, guardians, or next of kin, call Edith Allen at 206-731-4377 Disease Prevention Specialist with public health HIV AIDS Program Prevention.

The Department of Public Health can order testing if:

• A report is filed with the health department within seven days of the incident

• Reasonable attempts were made to obtain voluntary consent; and

• The exposure meets the criteria established by the State Board of Health (e.g. parenteral, mucous membrane, or non intact skin exposure to blood, semen or vaginal fluids.

ATTACHMENT C

HIV Informed Consent

In January 2010, The Washington State Board of Health adopted new rules for HIV testing, counseling, and partner services. Under the new rules healthcare providers are still required to obtain informed consent to test for HIV. These changes to Washington Administrative Code (WAC 246-100) align the state rules with recomendations from the U.S. Centers for Disease Control and Prevention (CDC).

• HIV testing consent may now be verbal but must be documented.

• Healthcare providers are no longer required to counsel patients prior to HIV testing.

• Patients must be provided the opportunity to ask questions or decline the test.

• Patient counseling and partner services for persons testing HIV positive are now the responsibility of local public health.

ATTACHMENT D

Workers Compensation Information

You are required by Washington State Law to disclose personal health information to the Department of Labor and Industries or a self-insured employer when you are treated under a workers’ compensation claim.

Physicians can disclose personal health information to an employer without an authorization from you.

You can not object to or request to restrict disclosures of your personal health information to the department or self-insurer because it is required by law.

43

ATTACHMENT E

Exposure at Home Health or Outpatient Lab Setting

Wash the wound or flush the exposed area (eyes, mouth) IMMEDIATELY

If source patient known to have HIV or if medical care required (tetanus or wound care), employee should report to Emergency Room immediately. Otherwise:

Obtain exposure packet. If employee does not have a Exposure packet contact supervisor.

Consent patient for HIV testing, letting source patient know this is confidential testing using a number only. There is no charge for the patient.

Draw patient’s blood (one lavender and gold top), label with E number and cab or drive to Evergreen’s main lab- (Purple 1-368) Farwest 1-206-622-1717 Charge to account number #2192-01

Notify manager and Employee Health Services 206-989-6897. If after 4:00PM, notify Evergreen’s Nursing Supervisor at 425-890-4328. Give phone number/cell phone where you can be reached to receive rapid HIV results. Give requisition number of source patient.

If source patients HIV test is positive, employee must report to Emergency department immediately to consider PEP medications.

If source patient HIV test is negative then Employee signs HIV consent and employees blood to be drawn at site or go to EHMC main lab (purple 1-368) NOT URGENT

Fill out exposure worksheet and fax to Employee Health at 425-899-2277 immediately.

Fill out remainder of exposure packet, copy of lab requisitions, and copy of consents and send exposure information in confidential envelope to Employee Health Services Mail stop #42 or drop in confidential drop box located outside the EH office (Blue 1-164).

44

EVERGREENHEALTH SHADOW STUDENT ORIENTATION ACKNOWLEDGEMENT

And CODE OF CONDUCT ATTESTATION

Student Name (Please PRINT): Date:

School:

Review and complete the following items:

ITEM LOCATION Initial to verify understanding

Evergreen Healthcare Purpose, Mission and Vision Packet Patient Rights Packet Health Information / Confidentiality Packet Wayfinding system Packet Emergency Procedures Packet Fire Safety Packet Infection Control Packet “Shadow” Assigned Staff Role Packet HIPAA Covered Entities Review and Assessment Packet EvergreenHealth Policies Immunity/Vaccination and TB Screening Requirements Policy Packet Work Restriction Policy Packet Exposure to Blood and Body Fluid Management Policy Packet

My signature indicates that I have read and will be held responsible for the information provided in the list above. I understand that completion of all items is required prior to a job shadow experience.

Code of Conduct Attestation:

I am confirming my commitment to integrity and my responsibility for following Evergreen’s

Code of Conduct:

1. I will follow the organization’s Code of Conduct and will ask questions if I don’t understand my responsibilities.

2. I will report violations of the Code of Conduct and any other concerns to the Evergreen supervisor, the corporate compliance officer or the Corporate Compliance Hotline (425.899.5599).

3. I know that the organization has the right to take immediate corrective action if I violate the Code of Conduct, up to and including termination of the use of its facilities.

Student Signature: Date signed:

(Return to EvergreenHealth Education Department, MS#106)

job shadow student orientation packet › documents › education › job...shadow experience,...

Documents