Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


HIPAA Training

No description

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of HIPAA Training

University Compliance Privacy Officers
Cindy Vetter
Daniel Satriana
University Security Officer
Jeanette VanGalder

University HIPAA Trainer
Deb Miller
Because this is an instance of someone being in danger the RA should respond immediately according to your departmental procedures.
Go check in on the resident and call UNC PD
After the immediate situation is dealt with you should be sure to maintain confidentiality by not discussing this with other RAs, Student staff or residents.
They should absolutely NOT read the document! They have no need to know the information and are not authorized to view this information.
The information should have been stored in a secure location and not left laying on someone’s desk. The papers should be picked up and placed upside down on the desk.
You may have access to private information through the desk, your HD’s office, etc. Though it may be tempting it is NEVER acceptable to look at information you don’t have a need to know.
An RA is sitting in their Hall Director's office where there is a stack of papers from meetings with various students in the building.
The RA is curious and is tempted to read the documents to find out about the residents. What should they do?
The cook can discuss what is in the dessert, although they cannot specifically discuss the student’s health problem.
The cook should recommend that the student employee refer the student to the dietician if she has food allergy concerns.
The dietician should have release of information forms to allow them to obtain more medical background on the student’s health.
You may know about resident allergies and should plan food at programs accordingly, but you should not advertise or share that information with others.
As you read through the next 4 scenarios,. consider how you will incorporate your new understanding of HIPPA into how you do your work as a student staff member in HRE.
Campus HIPAA committee
Campus HIPAA policy located at: http://www.unco.edu/ship/main/PDFs/HIPAA%20 Policy.pdf
Campus listserv for committee to exchange ideas and questions
Checklist for departments to do self audits
Audits done of various departments
Forms edited and made available to departments as necessary
Spanish Translation of Notice of Privacy Practices
HIPAA training for all appropriate departments
If UNC doesn’t comply, we could face the following:
University Regulations
Corrective Action and Disciplinary Action
Colorado Law & Federal Law Civil Penalties – fines up to $100 per violation.
Criminal Penalties – Fines as high as $250,000 or prison sentences of up to 10 years.
Have regular training in areas that need to comply
Have all employees review and sign a Confidentiality and Information Security Agreement each year.
Do refresher training annually
Only sharing information with those who have a need to know
For you, this means:
Sharing information with your supervisor and PD as needed.
Not sharing information with your peers.
"Need to Know" is a phrase used in HIPAA a lot. What does this mean for you?
If you don’t have a need to know, you have no right to know.
For example, if one of your residents goes to another RA with a health concern, and that RA helps them through it, you do not know about it. That RA and your HD will not share that information with you because you do not need to know.
Confidentiality means:
Not discussing patient care or medical conditions with non-employees or employees who do not have a need to know the information.

Health care information can be discussed with:
Health care professionals.
Employees who participate in care or benefit decisions
Patient’s payer source (i.e. insurance company).
Patient’s designated representative.
The patient gives consent to share information, but it is very specific information about use of protected health information with a definite expiration date.
Purpose is to give patient or member enough information to make an informed judgment about how his/her health information will be used.
If it’s not treatment, payment or operations, then get the patient’s “authorization.”
Some examples of why a patient might give authorization include:
Patient wants to give family/friend access to his/her medical records.
Marketing to patients (mailing lists) – sale, rent or barter of health information.
Entity wants to use our database.
Pre-employment insurance underwriting.
Employer wants to make a hiring decision.
Healthcare Operations:
Activities conducted by or on behalf of a covered entity for the purpose of carrying out the management functions of the provider or health plan.
Quality assessment and improvement.
Peer review, education and credentialing.
Insurance rating – medical review and auditing.
Legal proceedings.
Processing claims, coordination of benefits, appeals and grievances:
Bill Medicare, Medicaid or a health plan payer.
Coordination with a primary health carrier.
Other examples: benefit determinations, risk adjusting amounts, billing and claims management, review of services (medical necessity, coverage, appropriateness, justification), utilization review.
Doctor’s office sign-in sheet with patient name and reason for visit.
Medical record used anywhere.
Code documenting specific healthcare procedure or test.
Conversation over lunch, in elevator, or in the hallway about a patient’s medical condition.
Telephone call to verify a person’s health insurance coverage.
Card from a doctor reminding a patient of his/her appointment.
Announcing patient “X” has an appointment with Dr. “Y”, a specialist in a particular field.
Any information, written, oral or electronic, that:
Is created or received by a Covered Entity.
Relates to past, present, or future physical or mental health of any individual.
Can be linked to the individual by other info, such as a student ID, address or city.
Assure health insurance portability (ability to be used with multiple healthcare providers)
Reduce health care fraud and abuse
Enforce standards for health information
Simplify administration of health care system by adopting standards for electronic transmission of data
Guarantee security and privacy of health information
What is HIPAA?
Who adheres to HIPAA?
What is PHI and what can be done with it?
Patient Authorizations and why they exist
Confidentiality & “Need to Know”
Transmission of information
Compliance with HIPAA
How does it relate to UNC and your role on campus?
Some Examples of HIPAA and how it relates to you
If you don’t have a need to know, you have no right to know.
A resident assistant working in Turner Hall has a student Jim Smith comes to them and say that his roommate is in bed and won’t wake up. Jim thinks his roommate may have overdosed on pain medications he was taking for his broken leg.
What should the RA do?
One of the student staff workers at TK tells a cook that student Jane Doe can’t eat blueberries or raspberries because of an allergy.
The student employee wants to know if the dessert tarts in the dessert area are safe for Jane to eat.
What can the cook tell them?
Transmitting Information
Under HIPAA, you can fax patient identifiable information, but you should safeguard the information by:
Asking the receiver of the fax to stand near the fax machine when you are sending it.
Keeping the fax machine out of traffic areas to ensure confidentiality is maintained.
Using a fax cover sheet with the confidentiality disclosure.
Not using patient information for personal inquiries.
Keeping charts and medical records in a restricted area or in file cabinets when not in use.
Escorting visitors to and from their destinations.
Being aware of and cautious on telephone calls or during discussions with co-workers – who can overhear your conversation?
Protecting patient records.
Encouraging patients to protect their own information.
Shredding documents that are not part of patient record that contain PHI.
Protecting health information from casual viewing.
Positioning computers in a way that others cannot see the screen.
Treatment decisions, coordinating treatment with other physicians and facilities:
Delivery of health care by physician or other party having direct contact with patient.
Coordination of healthcare services among providers.
Referral of patient from one provider to another.
Dates of Birth
Relatives’ Names
Medical Record Numbers
Account Numbers
Any other characteristics that may identify the individual
Social Security Number
Student ID number
Health Insurance Plan Number
Street Address
E-mail Address
Telephone or Fax Number
Likeness or Photograph
Covered Entities are institutions or persons that must adhere to HIPAA standards. Here are some examples:
Health plans that pay for or provide medical care, such as an HMO.
Providers – doctors, hospitals, labs and outpatient surgical centers.
Clearinghouses – Businesses that send health information electronically
University employees who have information on a student’s health and well being (like YOU!).
A piece of federal legislation passed in 1996
It stands for Health Insurance Portability and Accountability Act
HRE Online Training
Adapted from a presentation by Cindy Vetter
The following offices on campus have PHI and must adhere to HIPAA:

Dining Services
Information Technology
Environmental Health and Safety
Speech and Audiology Clinics
Facilities Management

Student Health Center
Counseling Center
Athletic Training
Housing and Residential Education
Cancer Rehabilitation Center
Human Resources
What is HIPAA?
What does HIPAA do?
Outline of Prezi
Covered Entities
Protected Health
Information (PHI)
Examples of PHI include:
Individually Identifiable
Individually Identifiable Information can be attached to a patient, or in our case, a student. Below are some examples:
PHI can be used for:
Patient Authorization
Authorization means:
Need to Know
How do we practice confidentiality?
Utilizing Need to Know
Practicing Confidentiality continued
Why do we need to know about HIPPA?
We are Housing!
How does UNC stay in compliance with HIPPA standards?
How will you work
with HIPPA?
Some scenarios....
Practicing Confidentiality continued:
Practicing Confidentiality continued:
Using company information, documents and property for business purposes only. Company information, documents and property include:
Computerized access to records
Internal and external mail
Voice mail
Fax machines
Internet connections
Practicing Confidentiality continued:
Food Allergies
Food Allergies: Response
Interesting Papers
Interesting Papers: Response
Sick Roommate
Sick Roommate: Response
Who can you call with questions?
Your Hall Director
One more time:
Now that you have watched this Prezi please go take the online test through Blackboard!
Full transcript