Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie Presentation hippa
Ähnlich wie Presentation hippa (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Presentation hippa
- 1. HIPAA, PRIVACY AND SECURITY THE BASICS Miguelina Platt ST. JOSEPH”S COLLEGE
- 2. TOPICS What are privacy and security all about ? What is confidentiality? How to protect confidential information? What is HIPAA?
- 3. Definitions Privacy Rule: foundation of federal protection for personal health information. Confidentiality: set of rules that limits access or places restrictions on certain types of information. Authorization: granting permission . Breach Confidentiality: to break an agreement Source: www.wikipedidia.com
- 4. Health Insurance Portability and Accountability Act The first federal legislation (effective April 14, 2003), that attempts to protect a patient’s right to privacy, and the security and access of personal medical information. HIPAA (Public Law 104-191) was enacted into law by congress in 1996. Enacted to do the following: To ensure the the portability of health insurance To prevent health health care fraud and abuse Source: www.hipaa.org
- 5. Continued: To enforce health information standards that will improve the efficiency of health care delivery, simplify the exchange of data between health care entities, and reduce costs. To reduce the paperwork associated with processing health care transactions. Source: Hebda, T. & Czar, P.(2009) Handbook of informatics for nurses & healthcare professionals.
- 6. HIPAA Privacy Act Establishes a foundation of Federal protection for personal health information, carefully balanced to avoid creating unnecessary barriers to the delivery of quality health care. The Act allows health care providers to access information necessary for payment of services with the consent of the patient. The Act imposes certain restrictions and limitations to provide further protection to the patient. Source: www.hhs.org/hipaa
- 7. HIPAA IS TO PROTECT EVERYONE
- 8. Benefits of the Privacy Rule Imposes restrictions on the use/disclosure of personal health information. Gives patients greater protection of their medical records. Provides patients with greater peace of mind related to the security of their health information. Source: www.hhs.org/privacy/hipaa
- 9. PATIENT SECURITY Patient data can be stripped of identifiers that might otherwise be used to identify that individual. Department of Health & Human Services has proposes 19 identifiers for removal such as: Name Address Telephone number Date of Birth Source www.hhs.org/identifiers/hipaa
- 10. INFORMATION SECURITY Information security provides 3 important qualities: 1. Confidentiality – No ones should have access to the information unless they are authorized and prove a need for the information. 2. Integrity- The information can be trusted, and it has not been changes or deleted by accident or through tampering. 3. Availability- The important information is there when it is needed.
- 11. Confidentiality Deals with communication or information given to you without fear of disclosure. Legitimate Need to Know and Informed Consent It also refers to the duty the health care professional has to protect the secrecy of information about a patient’s condition, regardless of the source. Source: www.hhs.org/hipaa.
- 12. Protected Health Information What is protected health information (PHI)? When a patient gives personal health information to a healthcare provider, that becomes Protected Health Information PHI www.hipaasurvivalguide.com/
- 13. PROTECTED HEALTH INFORMATION PHI Includes: Verbal information Information on paper Recorded information Electronic information (faxes, e-mails, texts)
- 14. Protected Health Information Examples of patients information Patients name or address Social Security numbers Tax ID numbers Health care providers notes Billing information
- 15. SURF WITH CARE WHEN ACCESSING PHI’S!
- 16. Protections for Health Information Physical Barriers: Computer terminals not in public spaces. Administrative: Policies and procedures in place for release of patient information. Staff: Keeping passwords confidential and not letting anyone else use your password. Source: J. DeMoore, R.N., personal communication, Oct. 23, 2014.
- 17. Practical Ways to Keep Information Safe Never discuss a patient in any public areas. Always put confidential papers away when leaving a work station. Not leaving confidential papers on fax machines or in public areas. Dispose of confidential papers in approved shredders. Never discuss confidential health information with family members Source: J. DeMoore, R.N., personal communication, Oct. 23, 2014.
- 18. Notice of Privacy Practices Patients have the right to adequate notice concerning the use/disclosure of their PHI. The Notice of Privacy Practices must contain the patient’s rights and the covered entities’ legal duties. Patients are required to sign a statement that they were informed and understand the privacy practices. Source: www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities.
- 19. ACCOUNTABILITY Accountability Principle: The Principles in the Privacy and Security Framework emphasizes that compliance with, and appropriate mechanisms to report and mitigate non-compliance with, the Principles are important to building trust in the electronic exchange of individually identifiable heath information. Source: The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment.
- 20. When Can Disclosure be made of PHI The personal health information can be disclosed for several reasons: 1) For treatment, billing and payment, health care management. 2) With an informed authorization from the patient. 3) When giving patient access to their own PHI. Source: www.hhs.org/hipaa.
- 21. Minimum Necessary According to the HIPAA guidelines a covered entity must develop policies and procedures that reasonably limit disclosures of and requests for protected health information. The entity is also required to develop access policies that limit who may access the PHI. Use of the PHI is limited to the minimum amount of health information required to do a specific job. Source: www.hhs.org/hipaa.
- 22. Practical Minimum Necessary Know who needs to access the PHI. Know what portion of the PHI is needed for patient care. Provide access only to those who need to access the information to care for the patient. Source: J. DeMoore, R.N., Personal Interview. Oct 23, 2014.
- 23. Not Everyone Needs Access!
- 24. Unauthorized PHI Disclosures PHI can be disclosed without the consent of the patient when: 1) There is a need to report abuse, or neglect. 2) To organ donation organizations. 3) For public health safety concerns related to disease prevention or control. Patients though can request a list of who has viewed their PHI but they must sign a consent for it. Source: www.hhs.gov/ocr/privacy/hipaa
- 25. SECURITY DANGERS Fires, earthquakes, power outages even burst water pipes can damage confidential paper records and computer systems. Technical systems may crash, or they can catch a computer “virus”, also potentially damaging information. However the biggest threats come from people, both insiders and outsiders. Careless conversations or curiosity can lead to inappropriate disclosure of PHI. Deliberate actions such as using someone else’s password without their knowing to obtain someone else’s PHI or alter data or even copying data for identity theft. Source: www.foxgrp.com/blog/hipaa-breach.
- 26. Security Applies to All!!
- 27. Health Information Technology for Economic and Clinical Health Act HITECH HIPPA needed to be updated to reflect the increase in identity theft so rules were added to include protections against it.
- 28. HITECH Federal Law, part of the Reinvestment and recovery Act (ARRA) enacted Sept. 2009. Applies to covered health care entities. Many changes to privacy and security laws were added. Increases penalties for privacy and security breaches. Requires notifications to the patient and the Department of Health and Human Services of information breaches. Provides for increased penalties and prosecution of breaches in privacy or security. Source: www.hipaasurvivalguide.com/hitech-act-13400.php
- 29. Mitigation Improper use or disclosure of a PHI requires penalties or mitigation of harm that it caused. 1) Covered entities need to identify the cause of the violation and amend privacy policies and technical procedures to assure the breach does not reoccur. 2) They must notigy the individual of the violation if the individual needs to take steps to avoid the harm, as in the case of identity theft. 3) The network must be investigated to prevent further leakage of information. Source: www.hipaasurvivalguide.com
- 30. Patients Rights Patients have a right to confidentiality of all information that is provided to the healthcare professional and institution caring for them. Healthcare professionals have a duty to the patient to secure all information at all times and to resolve any breaches promptly. The Hospital has a duty to provide the patient with confidentiality, privacy and security. They must ensure that records are protected against loss, tampering, destruction or unauthorized use. Source: www.jointcommission.org
- 31. Paper or Electronic, Security & Privacy Always!
Hinweis der Redaktion
- A basic primer on Hipaa and the three of the most important components of the law.
- Standardized definitions allow for easier understanding of terms used in the HIPAA laws.
- Much of the patient’s health information is documented in a computerized format. Protecting this information has become vitally important.
- Reasons for the implementation of a privacy and security were vital in the age of computerized health care records. Safeguarding a patients records became an integral part of any electronic health information system.
- Privacy is also about a persons control over their personal information and the responsibilities of electronic health care users that have access to the pPatients personal information. HIPAA gives patients and their representatives guarantees about their health care privacy. It provides patients with greater peace of mind related to the security of their information.
- HIPAA is our friend not an enemy
- The Privacy Act is an important part of the HIPAA laws, because it provides patients with a say in who can access their health care information.
- In implementing reasonable safeguards, organizations need to analyze their own needs and circumstances such as the nature of the Information it holds and assess the potential risks to patient’s privacy.
- Examples can be that a nurse in the er does not have the need to access information about a patient they are not caring for. Patient care decisions based on tests results need to be accurate, usually computer screens that show results do not allow you to change the values of this reason. When taking care of a patient the nurse needs to have the latest information in the electronic records. We need to ensure the computer system and network are up and running.
- Requires a situation in which a relationship has been established and private information is shared.
- A clearly defined term enables all to know what PHI is.
- Throughout the course of the life of a patient’s health care record many different means will occur for their protected health information to be seen.
- Any piece of information that could identify a specific patient is confidential, even if the patient’s name is omitted. For example a patient with A rare condition could be identified simply by that condition or perhaps, even the date of the visit.
- There are many steps that can be taken to keep patients privacy and confidentiality intact, these are just a few reminders.
- Just because a health care provider has access to confidential records does not mean they are entitled to share with anyone. The records belong to the person and cannot be shared without explicit consent. Common sense needs to be used when handling confidential health records.
- Protection of patient confidentiality is an important practice for many health care providers; covered entities build upon these requirements to develop a reasonable safeguard for the medical record
- The accountability portion of HIPAA is needed to ensure that covered entities will abide by the principles of HIPAA and to clearly define the onsequences of breaches of security, privacy or confidentiality.
- Any disclosure of personal health care information must always be done with strict adherence to the rules set forth by HIPAA to protect the patients privacy and rights.
- Stated simply any health care provider needs to have guidelines in place that protect the health information of those they care for. They must limit the amount of information that can be accessed by those that do not need the information to do their job.
- Ms. DeMoore, head informatics nurse at Mather Memorial Hospital provided these key elements she uses when providing nurses with HIPAA training.
- 4JUst a funny but truthful picture.
- It may seem strange that there are exceptions to HIPAA, but when the health of a community due to a contagious disease occurs the PHI becomes the local department of health’s concern.
- These are all very real threats to anyone’s PHI. Identity theft is becoming a major security threat.
- Everyone who handles a patients health care information is responsible for keeping the information safe. Its our duty to our patients.
- With the ever increasing dangers of computer hackers breaching private data and the marked increase in identity theft HIPAA added extra rules that would assist in dealing with these concerns.
- ARRA is an economic stimulus package which includes extensive funding for science, research and health infrastructure.
- The network that allowed the “leak” is liable and must immediately notify those harmed and investigate and correct the source of the breach.
- In conclusion, as healthcare providers we are duty and legally bound to protect our patients health information at all times. Many laws are in place but in the end our nursing ethics dictate our duties, and always provide guidance in our practice of safeguarding our patients.