Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Copy of Untitled Prezi

No description
by

Maureen Garlick

on 12 August 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Copy of Untitled Prezi

Notes
DEFINITION OF HIPAA
HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:

Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reduces health care fraud and abuse;
Requires the protection and confidential handling of protected health information (What is HIPAA 1996, 2012)
HIPAA COMPLIANCE for EMR
SAFEGUARDS
PRIVACY RULE
Under the HIPAA privacy rule, patients have the right to view their medical records. Patients may also request a copy of their file and in most cases the medical records must be provided within 30 days (U.S. Department of Health & Human Services, 2012).
HIPAA and INFORMATION TECHNOLOGY
References
CONFIDENTIALITY
SECURITY
PRIVACY
CREATED BY:
MAUREEN GARLICK
KENTISHA DUNN
BLESSING ISIGUZO
CAROLINE NGIGI
JACKSONVILLE UNIVERSITY
AUGUST 11, 2013
The HIPAA privacy and security obligations of a healthcare provider are fundamentally unchanged by transitioning to an EMR/EHR system, but may require adjustments in practice.

Providers must inform patients of their HIPAA privacy and security rights, and must outline the policies and procedures they undertake to meet these obligations. While a health care provider owns a patient's medical records, the patient has a right to know how their medical records are used and can require providers to seek permission before some of their personal information is disclosed (EMR Privacy: Are My Electronic Medical Records Truly Private?,).

EDUCATION & TRAINING
EFFECTS ON CLINICAL CARE
NON COMPLIANCE
FILING A COMPLAINT
WHAT IS THE EMR?
The legal health record is the documentation of healthcare services provided to an individual during any aspect of healthcare delivery in any type of healthcare organization. It is consumer or patient centered (Electronic Health Record, 2012).
Highly confidential medical records containing drug and alcohol, mental health and HIV information are subject to more stringent federal and State laws under HIPAA. As a result, physician practices must determine if medical records contain highly confidential information before releasing them. Generally, a physician practice can release these sensitive and confidential records only upon a court order or upon receipt of a HIPAA Authorization signed by the patient which explicitly acknowledges that the records contain drug and alcohol or mental health record information ( Are My Electronic Medical Records Truly Private?, 2012).
SECURITY RULE
The Security Rule established the organizational standards, administrative, physical, and technical, that covered entities must adopt to prevent unauthorized access to patient health information. It assures the safety and integrity of patient health information when consumers exercise their health privacy rights under HIPAA (U.S. Department of Health & Human Services).
PASSWORD MANAGEMENT
Password management is another area that people need to be security conscious. Passwords and IDs allow computers to control access to personal health information based on a person's role, authority, or need to know. They identify or authenticate a computer user via a secret password. Passwords should be kept confidential to avoid unauthorized access to or manipulation of protected information. It's tempting for users to share passwords or write them down where they can be found. These actions completely undermine the security system and should be avoided at all costs.
Included in their information are:
*patient demographics
*progress notes
*problems
*medications
*vital signs
*past medical history
*laboratory data
*radiology reports (Electronic Health Record, 2012).
PHYSICAL ACCESS
Physical access to computers and software is a foundation of computer security. Physical access means that someone can approach a computer or monitor and see what is displayed on the screen.

Per section 117 of HIPAA, a person who knowingly
1.uses a unique identifier, or causes one to be used
2. obtains individually identifiable health information relating to an individual, or
3 discloses individually identifiable health information to another person, is in violation of HIPAA regulation. Such persons are subject to penalties.


According to U.S.Department of Health and Human Services, HIPAA is a federal law and offenses will be tried in federal court. In the United States federal law, a felony is a crime punishable by one or more years of imprisonment, and the penalties for HIPAA violations are felonies. This means you can lose your rights such as voting, opportunity to run for office, serve in the military, or the ability to own or use a firearm. A felon's driver's license may be revoked or suspended.
Improving the health, safety and well being of America. Retrieved August 7, 2013, from http://www.hhs.gov
HIPAA & Information Technology
With the invention of social media, complying with HIPAA is more important than ever before. A few years ago a physician in Rhode Island lost her job and was fined for disclosing enough PHI (Protected Health Information) that the patient could be identified even though their name wasn't used.
HIPAA. (1996, 2012.). Health Insurance Portability and Accountability Act. Retrieved from http://www.dhcs.ca.gov/formsandpubs/laws/hipaa/Pages/1.00%20WhatisHIPAA.aspx
U.S. Dept of Health & Human Services. (2012). Health Information Privacy. Retrieved from HHS.gov: www.hhs.gov/ocr/privacy/hippa/understanding/summary

Electronic Health Record. (2012). Retrieved from Healthcare Information & Management Systems:http://www.himss.org/asp/topics

EMR Privacy: Are my electronic medical records truly private? (2012). Retrieved from Medical records.com:www.medicalrecords.com/consumers/will-my-privacy-be-protected
OUTLINE
INTRODUCTION
DEFINITION of HIPAA
WHAT IS THE EMR
EMR & HIPAA COMPLIANCE
SAFEGUARDS
PASSWORD MANAGEMENT
SECURITY RULES
EDUCATION & TRAINING
PHYSICAL ACCESS
NON COMPLIANCE
WHAT IS THE OFFICE of CIVIL RIGHTS
FILING A COMPLAINT
EFFECTS ON CLINICAL CARE
There are various ways to accomplish education and training:
- Regular inservice of employess
- Mandatory requirement for attendance of seminars by supervisors to keep updated with new rules and regulations
- Staff postings
- Volunteer Training
- Research Training
- Frequently asked and answered questions, bulletins, and pamphlets
There are many notable effects or pros and cons with regard to clinical care. The pros include:

Patients are more truthful with their medical history
Patients' rights are more protected
Patients' dignity is more respected
Patients are not fearful to disclose their information for treatment.

The cons include:

Possible delay of treatment resulting from obtaining medical records or consent
Tendency for lawsuits
OCR is responsible for the investigation and enforcement of confidentiality. You can file a civil rights, health information privacy, or patient safety confidentiality complaint with OCR, or someone else can file for you.

You should file a complaint against an entity that is required by law to comply with the privacy rules. Such entities include: pharmacies, health insurance companies, doctors, hospitals, clinics, etc.


You should give your name and contact information. OCR does not investigate complaints filed without a name and contact information on the complaint. If you want to keep your name and contact information confidential during the investigation, you may specify this in the consent form.




WHAT IS THE OFFICE for CIVIL RIGHTS?
The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety OCR( U.S. Department of Health & Human Services, 2012).
www.nejm.org/doi/full/10.1056/NEJM200307173490324hippa.ucsf.edu/education

Technical Safeguard Categories:

Access Control-allows access only to those persons or software programs that have been granted access rights
a) Unique user identification
b) Emergency access procedure
c) Automatic log off
d) Encryption and Decryption

Audit Control-healthcare providers must have some level of audit controls or reporting mechanisms

Integrity-healthcare providers must implement policies and procedures to protect electronic protected health information from improper alteration

Person or Entity Authentication-healthcare providers must implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed

Transmission Security-healthcare providers must implement technical security measures to guard against unauthorized access to electronic protected health information

Security Rule regards technical safeguards as "the technology and the policy and procedures for its use that protect electronic protected health information and control access to it."

Providers have to decide what security measures and technologies are reasonable and appropriate for implementation.
Your complaint must:
1. Be filed in writing, either electronically via the OCR complaint portal, or by mail or email.
2 Name the parties involved and describe the act you believe violated the privacy.
3. File within 180 days of when you knew the violation occured. OCR may extend the 180 day period if you show "good cause."

If you need help filing a complaint or have questions about complaints, you can get help by emailing OCR at OCRcomplaint@hhs.gov

Under HIPAA, an entity cannot retaliate against anyone for filing a complaint. You should notify OCR immediately in the event of any retaliatory action.

http://www.youtube.com/watch?v=SMUFa5amPKs:Electronic Health Records:Privacy and Security(2012).
Hebda, T., & Czar, P.(2013). Handbook of informatics for nurses &healthcare professionals (5th ed). Saddle River, NJ: Pearson
Full transcript