Rhonda Anderson, RHIA, President …is a PROCESS, not a PROJECT 2.
Post on 04-Jan-2016
215 Views
Preview:
Transcript
Rhonda Anderson, RHIA, President
…is a PROCESS, not a PROJECT
2
Nursing Staff Nursing Assistants Staff from other depts. Generalized information for staff
3
Anderson Health Information Systems, Inc.
4
Will identify requirements for: Notice of Privacy Practices Personnel Designations Minimum Necessary What needs to be done, when and by who
5
Will leave the workshop with information to protect the residents health information as that is your responsibility as an employee known in HIPAA as a member of the workforce.
6
Notice of PRIVACY PRACTICES & RIGHTS written in plain English and: Acknowledgement by Resident/Responsible
Party Resident RIGHTS – Access to Records manual
and electronic Restrict certain release Authorization for Discussion of PHI Right to request Amendment / Addendum (CA) Right to receive Accounting of Disclosure
7
Allows the individual control over how PHI is used and disclosed
Describe practice related to use and disclosure of PHI Minimum Necessary – use by staff Covered entities responsibilities under HIPA Other such as marketing & research and the
rule around that Alternative means of communication
8
9
Prepare Notice of Privacy Practices – given to the resident as part of the admission process. This is audited by MRD as part of the admission audit.
10
Notice must include: Information regarding uses and disclosures Explanation of individual’s privacy rights Covered entities responsibilities under HIPAA
11
Indicates how the use and disclosure will be used for treatment, payment and operations. How to file a complaint (Covered entity or
Health and Human Services - Office for Civil Rights has been delegated as the responsible office)
Name, title and phone of contact person, privacy official
Effective date of notice
12
Post Notice at the facility, on the web –notify update
Make copies available May use e-mail if Resident agrees
(get a signed consent recommended Attempt to obtain acknowledgment of
Notice of Privacy Practice -- at admit Provide notice for current residents via
notice and/or signature
13
Notice of Organizations “PHI” Privacy Practices
Request Restrictions on Disclosures to Others of their “PHI”
Request alternative means of communicating “PHI”
Authorization to disclosure PHI Right to restrict access to records of the
resident/responsible party paid in full for services/supplies
14
May inspect and get a copy of “PHI” May request Amendments to their
“PHI” Must be given an accounting of
organization’s disclosures of their “PHI”
Notified of breaches of PHI
15
Make good faith efforts to obtain written acknowledgment of Receipt of Notice of Privacy Practices – at time of ADMIT “I ACKNOWLEDGE THAT I HAVE BEEN
PROVIDED A COPY OF THE NOTICE OF PRIVACY PRACTICES, DATE, SIGN”
16
The facility shall limit the amount of PHI: Disclosed or requested to
documentation/related to protected health information that is reasonably necessary to carry out the job or fulfill the request for information.
To employees only to the extent they need the information to carry out their JOB DUTIES [what does this mean to you??]
17
WHAT DOES THIS MEAN TO YOU?WHAT DOES THIS MEAN TO YOU? Discuss those items that would be needed to
know for different jobs, i.e.., Social Services needs access to all information that would impact the decisions re: advanced decisions for health care, transportation, family involvement health condition, etc., also as a team member she/he needs access too --- specify ….(identify additional info. needed)
18
Examples As a team member you would need access to
the health information to make resident care plan decisions.
Certified Nursing Assistant – What information do you need to do your job?
19
The facility shall limit the amount of PHI available to each employee – role based Employees shall be identified – in general at
least as to what information they have available to them and under what circumstances.
Computerized EHR – a grid should be prepared.
20
The facility shall limit the amount of PHI: Used or disclosed…and only the entire record
will be sent to the requestor only when needed and reasonably necessary to accomplish the request, i.e.., attorney requests information.
Also, all responses to requests shall consider – release of minimum necessary to carry out the specific reason for the request.
21
Does NOT apply: When sending to another health care
provider; however, you only need to give the information that is needed!
Disclosure to the individual Uses and disclosures made
pursuant to an authorization To Dept. of Public Health L & C,
required for compliance, otherwise required by law, i.e.., law enforcement, public health, Office of Inspector General
22
Administrative Requirements Business Associates – Contractors,
subcontractors are required to adhere to the Privacy, Security and Enforcement Rules
Privacy Official – Medical Record Designee Security Official – Administrator or Designee Enforcement and Costs
23
24
Addressed in the Administrative Requirements 45 C.F.R. 164.530 COVERED ENTITY (CE) must designate a
privacy official who is responsible for the development and implementation of the privacy policies and procedures of the entity
25
Health Information Designee Administrator, alternate DSD – Provides training and orientation
with assistance from the ‘MRD’ an the HIM Consultant
The AHIS HIM-CONSULTANTHIM-CONSULTANT
26
164.530 requires Facility to Provide a process for
individuals to make complaints regarding privacy violations(d)
File complaints without fear of retaliation (g) Designate a contact person for receiving
complaints(a)(1)(ii) Document complaints received and their
disposition
27
Cooperate with Federal Investigations of complaints
Sanction Members of the Workforce who violate privacy(e)
Mitigate to the extent feasible any harm caused by the violation( f)
28
What are other complaints that are happening in the facility from your residents/family, etc., that may extend to Privacy complaints. How are they handled? Are they discussed at standup?
How are complaints reported? Are complaints followed up/resolution doc?
29
The Security Official shall be responsible for the electronic requirements, the encryption, security of all types of e-equipment that includes resident identifiers and Protected Health Information
Conduct risk assessment re: breach and impermissible use
As sure with coordination of Privacy Official Notice to Office of Civil Rights of any breach of unprotected PHI
30
Conduct exercise here…
31
TOGETHER WE PROTECT PHI
32
Ongoing training, and specific training to key personnel as it relates to their duties NEW EMPLOYEES
33
34
top related