What every employee should know about HIPPA

Patient Privacy

• This e-learning module has been designed to inform staff about patient privacy and the rules surrounding HIPPA.

• This module will describe what is considered protected health information and the organizational compliance expectations.

• Trust between our patients and the organization is paramount for quality outcomes and effective patient care. When the organization and its staff fail to protect a patient’s privacy, there can be significant organizational and employee consequences.

• At the conclusion of this e-learning module, the employee’s knowledge will be tested via multiple choice questions. A 100% score is required for successful completion. HIPPA compliance and patient privacy must be exercised 100% of the time, by 100% of our employees.

HIPPA and Patient Privacy Education

• Key Points for HIPPA and Patient Privacy– Provide strong Federal protections for privacy

rights– Preserve quality health care

HIPPAThe Health Insurance Portability and Accountability Act of 1996

♦Provide strong Federal protections for privacy rights♦Preserve quality health care

What is considered private…

Protected Health Information (PHI)

What is covered

Treatment, payment,

healthcare operations

Individually indentifiable

health information

- Individually identifiable health information- Transmitted or maintained in any form or medium by an entity or its business associate

- Health information, including demographic information- Relates to an individual’s physical or mental health or the provision of or payment for health care- Identifies the individual

- Entities may use/disclose PHI to carry out essential health care functions which include:• Treatment• Payment• Healthcare operations

The Privacy Rule sets rules and limits on who can look at and receive PHI; and to make sure that health information is protected in a way that does not interfere with healthcare and how information can be used and shared appropriately.

Acceptable Use:- Those providing treatment and care

coordination- To pay doctors and hospital for health care- With family, relatives, friend, or others

identified, by the patient, who are involved with the healthcare or healthcare bills- To make sure doctors give good care and

nursing homes are clean and safe- To protect the publics health, such as by

reporting when epidemics are present within a community-To make required reports to the police,

such as reporting gunshot wounds

Viewing a Patient’s PHIAcceptable Use

Nurse Reviewing

His/Her Patient Orders

Billing Clerk Reviewing Chart Prior

to Submitting a Claim

Physician Providing

Care

Family and Friends at the BedsidePresences does not equal consent

• Healthcare providers should verify with the patient who can receive PHI.

• Family, friends, and visitors can be at the bedside at any time. Their presences does not equate to the patient’s consent to share information regarding care and treatment.

• A patient might object to his/her pastor knowing about their past sexual history.

• ConversationsBe aware of your surroundings

-Do not discuss patient information in public cooridoors, elevators, or in the cafeteria. You never know who might over hear your

conversation.

What happens in the facility, stays in the facility-Do not discuss who you see in the

facility receiving care with family or friends.

HIPPA ViolationsWhen in doubt, stay out!

Disclose only the minimal amount of information necessary for care and treatment

If you discover you have access to PHI and you should not, report it to your supervisor IMMEDIATELY

If you have no reason to access PHI, DON’T

HIPPA VIOLATIONSConsequences for non-compliance

Employee disciplinary action may include a written warning, suspension, or termination of employment.

All breaches of patient privacy are subject to review and further action by the U.S. Office of Civil Rights.

The U.S. Office of Civil Rights is the agency responsible for investigating complaints and HIPPA violations.

Criminal penalties for wrongful disclosures include:- Up to $50,000 & 1 year imprisonment- Up to $100,000 & 5 years if done

under false pretenses - Up to $250,000 & 10 years if intent to

sell, transfer, or use for commercial advantage, personal gain or malicious harm

• If you discover a breach in PHI or patient confidentiality, immediately report it to your supervisor.

• You may also report any breach to the facility’s HIPPA Compliance Officer, or anonymously to the organization’s 24-hour ethics line.

Reporting Violations and Breaches

Let’s Maintain Patient Confidentialityand Hit the HIPPA Compliance Bull's-eye, it’s everyone’s job

THANK YOU!

Reference: U.S. Department of Health and Human Services. www.hhs.gov/ocr/hipaa/