Upload
clement-fleming
View
217
Download
1
Tags:
Embed Size (px)
Citation preview
Building a Privacy Foundation
Setting the Standard for Privacy
• Health Insurance Portability and Accountability Act (HIPAA)
• Patient Bill of Rights• Federal and State
Regulations• Accreditation Standards• Case Law• Professional Standards of
Practice
What Must Be Kept Confidential?
PHI:Protected Health Information
Understanding PHI
• Individually identifiable information
• Demographics• Any form or medium
– Oral
– Written
– Electronic
Medical RecordsBilling Records
Databases
Use of PHI
• Sharing, application, utilization, examination, or analysis of PHI within the organization
Disclosure of PHI
• The release, transfer, access, or divulging of PHI to an outside person or entity.
Minimum Necessary
• What can I access?– Information you
“need to know” to do your job
• Does it apply in every situation?– Treatment
– Patient
Minimum Necessary
HIPAA Requirement –
• Identify members of the workforce who need access to confidential information
• Identify what information can be accessed
• Limit access
How Do I Know…
…When information is considered private?– Did you learn it through your job?
If yes, then it is considered private
How Do I Handle…
…An individual asking for access to their record?– Individuals have a
right of access
– Route requests to appropriate department or staff
How Do I Handle…
…An individual’s request to change their medical record?– Individuals have the right to amend or
correct their record
Requests will be investigated
– Route requests to appropriate department or staff
How Do I Handle…
– Directory informationName, location, condition in
general terms
– Other type of clinical or billing information
Obtain permission
Disclose appropriate information
Use judgment if permission cannot be obtained
…A family member or close friend asking about a patient?
How Do I Handle…
…Another member of the workforce inquiring into a patient’s condition or treatment?– Determine if it is necessary to their position– Is it related to treatment?
“Privacy-Friendly” Practices
• Abide by the organization’s Notice of Privacy Practices
• Shred or destroy • Fax and copy machine
location• Talking in public areas• Keep patient information
out of public areas
“Privacy-Friendly” Practices
• Secure records in all locations
• Passwords• Computer screens• Remember individuals’
right to privacy during treatments
What Happens If…
…a privacy policy is violated?– Organization-specific
sanctions
– Right to file a complaint
– Civil and criminal penalties
Take pride and ownership in the fact that your organization is concerned about privacy and recognizes its importance inproviding quality healthcare.