privacy and security of protected health information northpoint health & wellness center 2011
TRANSCRIPT
Privacy and Security of Privacy and Security of Protected Health InformationProtected Health Information
NorthPoint Health & Wellness CenterNorthPoint Health & Wellness Center20112011
Privacy and Security of Privacy and Security of Protected Health InformationProtected Health Information
This presentation is intended to provide general This presentation is intended to provide general background information regarding the privacy and background information regarding the privacy and security of protected health information. security of protected health information.
Questions regarding the protection, use or disclosure Questions regarding the protection, use or disclosure of protected health information should be resolved of protected health information should be resolved consistent with Chapter 4 of the NorthPoint Master consistent with Chapter 4 of the NorthPoint Master Policy Manual.Policy Manual.
Employee issues/concerns about the protection, use or Employee issues/concerns about the protection, use or disclosure of protected health information can be disclosure of protected health information can be reported to either your immediate supervisor or the reported to either your immediate supervisor or the NorthPoint Compliance Officer. NorthPoint Compliance Officer.
What is Protected Health What is Protected Health Information?Information?
Protected Health Information (PHI) is individually identifiable Protected Health Information (PHI) is individually identifiable health information that is:health information that is:
Transmitted by electronic media;Transmitted by electronic media; Maintained in any electronic mediumMaintained in any electronic medium Transmitted or maintained in any other form or mediumTransmitted or maintained in any other form or medium
Okay, So What is Individually Okay, So What is Individually Identifiable Health Information?Identifiable Health Information?
Individually Identifiable Health Information is any Individually Identifiable Health Information is any information, including demographic information, that:information, including demographic information, that:
Relates to the past, present or future physical or Relates to the past, present or future physical or mental health of an individual;mental health of an individual;
Relates to the provision of health care to an individualRelates to the provision of health care to an individual Relates to the past, present or future payment for the Relates to the past, present or future payment for the
provision of health care to an individualprovision of health care to an individual
And that identifies the individual or there is reason to And that identifies the individual or there is reason to believe that the information can be used to identify believe that the information can be used to identify the individualthe individual
Why Do We Protect Health Why Do We Protect Health Information?Information?
Our patients expect that their medical and health Our patients expect that their medical and health information will be treated confidentiallyinformation will be treated confidentially
We want to build trust in our relationships with our patientsWe want to build trust in our relationships with our patients
It’s the right thing to doIt’s the right thing to do
Federal and state law require itFederal and state law require it
Privacy and Security Under LawPrivacy and Security Under Law
Health Insurance Portability and Accountability Act of Health Insurance Portability and Accountability Act of 1996 (HIPAA):1996 (HIPAA):
Sets a baseline for safeguarding the privacy and Sets a baseline for safeguarding the privacy and security of protected health information;security of protected health information;
Preempts state law unless the state law is more Preempts state law unless the state law is more stringent on its protection of the individualstringent on its protection of the individual
State and other laws may provide more protection to State and other laws may provide more protection to the individual, e.g. issues of reproductive health, the the individual, e.g. issues of reproductive health, the provision of mental health services, services to provision of mental health services, services to minors, services to students, etc.minors, services to students, etc.
What are Patient Expectations What are Patient Expectations Regarding Their Protected Regarding Their Protected Health Information?Health Information? Health information will be treated confidentiallyHealth information will be treated confidentially The information will be used only for authorized purposesThe information will be used only for authorized purposes I will have access to my health information (with some restrictions)I will have access to my health information (with some restrictions) I will consent to the release, disclosure and use of my health I will consent to the release, disclosure and use of my health
informationinformation I can restrict the release, disclosure and use of my health information I can restrict the release, disclosure and use of my health information
in certain circumstances in certain circumstances Only the minimum necessary amount of my health information will Only the minimum necessary amount of my health information will
be released, disclosed or used to accomplish a legitimate and be released, disclosed or used to accomplish a legitimate and intended purposeintended purpose
Any unauthorized release, disclosure or use of my health information Any unauthorized release, disclosure or use of my health information will be noted and steps will be taken to mitigate any damagewill be noted and steps will be taken to mitigate any damage
I am entitled to an accounting of any unauthorized release, I am entitled to an accounting of any unauthorized release, disclosure or use of my health informationdisclosure or use of my health information
What Does This Mean for What Does This Mean for NorthPoint?NorthPoint?
We provide patients a notice of our privacy practicesWe provide patients a notice of our privacy practices We treat their health information with respect, as if it were our ownWe treat their health information with respect, as if it were our own We ask patients for their consent to release their health informationWe ask patients for their consent to release their health information We take practical and effective steps to protect the privacy and We take practical and effective steps to protect the privacy and
security of health information security of health information When requested and consistent with our own policies and When requested and consistent with our own policies and
procedures, we provide patients with access to their health procedures, we provide patients with access to their health information; we correct any discrepancies in their health informationinformation; we correct any discrepancies in their health information
If protected health information is improperly released, used or If protected health information is improperly released, used or disclosed, we take steps to mitigate any possible damagedisclosed, we take steps to mitigate any possible damage
We need to be able to account for any improper release, use or We need to be able to account for any improper release, use or disclosure to patients disclosure to patients
We constantly seek to improve our own actions and processes as We constantly seek to improve our own actions and processes as they relate to the privacy and security of protected health they relate to the privacy and security of protected health informationinformation
We work with our supervisors and the Chief Compliance Officer to We work with our supervisors and the Chief Compliance Officer to solve problems which may arisesolve problems which may arise
Practical and Effective Steps to Practical and Effective Steps to Protect the Privacy and Security of Protect the Privacy and Security of Protected Health InformationProtected Health Information
What does our Department do to protect the privacy and security What does our Department do to protect the privacy and security of protected health information?of protected health information? Periodically assess the risk of improper use, disclosure or release of Periodically assess the risk of improper use, disclosure or release of
informationinformation Periodically review our own processes and behaviors as they relate to Periodically review our own processes and behaviors as they relate to
the use, disclosure or release of informationthe use, disclosure or release of information Orient computer screens so that staff and patients cannot view Orient computer screens so that staff and patients cannot view
protected health informationprotected health information Use privacy screens on our computersUse privacy screens on our computers Comply with password and security rules for the use of our computersComply with password and security rules for the use of our computers Close open computer programs when we will be away form our desks Close open computer programs when we will be away form our desks
or work stations more than momentarilyor work stations more than momentarily Store written materials securely when we are away from our desks for Store written materials securely when we are away from our desks for
more than a few minutes…or at the end of the work daymore than a few minutes…or at the end of the work day Take special care to ensure accurate use of the fax machine in the Take special care to ensure accurate use of the fax machine in the
transmission and receipt of patient informationtransmission and receipt of patient information
Practical and Effective Steps to Practical and Effective Steps to Protect the Privacy and Security of Protect the Privacy and Security of Protected Health InformationProtected Health Information
What does our Department do to protect the privacy What does our Department do to protect the privacy and security of protected health information?and security of protected health information? Discuss patient specific information quietly and, as Discuss patient specific information quietly and, as
appropriate, behind closed doorsappropriate, behind closed doors Take special care in the use of the copy machine to Take special care in the use of the copy machine to
ensure that patient information is not left behind, nor left ensure that patient information is not left behind, nor left unattended for more than a few minutesunattended for more than a few minutes
Use secure fax and copying machines where availableUse secure fax and copying machines where available Adhere to guidelines on the use of e-mail and the Adhere to guidelines on the use of e-mail and the
transmission of protected health informationtransmission of protected health information Shred paper/dispose of electronic media in the Shred paper/dispose of electronic media in the
appropriate fashionappropriate fashion Secure our work stationsSecure our work stations Lock file cabinetsLock file cabinets Other ?Other ?
Practical and Effective Steps to Practical and Effective Steps to Protect the Privacy and Security of Protect the Privacy and Security of Protected health InformationProtected health Information
What will our Department do in 2012 to improve how we What will our Department do in 2012 to improve how we protect the privacy and security of protected health protect the privacy and security of protected health information?information?
1.1. ??
2.2. ??
3.3. ??
4.4. ??