1 / 20

CONFIDENTIALITY GUIDELINES FOR PA STAFF

CONFIDENTIALITY GUIDELINES FOR PA STAFF. Based on HIPAA Regulations & General Confidentiality Protocols. What is HIPAA?. A federal law Geared to improve the health insurance system Defines rules for protection of patient information More on that later. Does the PA Have to Comply w/ HIPAA?.

Download Presentation

CONFIDENTIALITY GUIDELINES FOR PA STAFF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CONFIDENTIALITY GUIDELINES FOR PA STAFF Based on HIPAA Regulations & General Confidentiality Protocols

  2. What is HIPAA? • A federal law • Geared to improve the health insurance system • Defines rules for protection of patient information • More on that later

  3. Does the PA Have to Comply w/ HIPAA? • Yes, it’s recommended • HIPAA guidelines cover three basic groups: • Health plans, health care providers, and health care clearinghouses. • Expansive regulatory definition of health plan above includes: • Employee benefit plans

  4. But We’re Not A Health Plan! • True, but we are: • An organization that routinely handles protected health information from a health plan, in any capacity, is in all probability a covered entity. • Routinely handles, includes: “administration” • The PA is likely considered the plan administrator • However, this hasn’t been officially determined • In the meantime, better to err on the side of caution

  5. We Contract w/ A Health Plan • Business associate contracts required by HIPAA • Organizations performing functions involving PHI on behalf of “covered entities” would be reached. • The PA is considered a business associate of the AAH, Delta & EyeMed • How does that business association effect all PA staff? • All PA staff are supposed to comply • Behavior of individuals in the business associates' workforces would be covered by HIPAA rules.

  6. What Does the PA Have to Do to Comply? • Generic requirements for covered entities: • Training workforce members so that they understand the privacy procedures • Designating a privacy office/officer • Adopting adequate security policies and procedures for records containing individually identifiable health information

  7. What Am I Protecting? • Patient information • PHI • Individually identifiable health information

  8. What is Patient Information? • Patient information, a.k.a “patient health information,” is: • “Any information, whether oral or recorded in any form or medium that is… • “Created or received by an employer...” and • “Relates to the provision of health care to an individual…” or • “…the past, present, or future payment for the provision of health care to an individual."

  9. What is PHI? (Protected Health Information) • Protected health information includes any individually-identifiable health information. • Health information with data items which reasonably could be expected to allow individual-identification. • Individually-identifiable health information should not be interpreted narrowly • Beyond a patient's name and social security number, other information: • Spouse's name, & emergency contact individual and number, could be used to individually identify a patient.

  10. HIPAA Privacy Rule • Mandates the protection and privacy of all protected health information. • Specifically defines the disclosures of "individually-identifiable" health info.

  11. What If I Don’t Handle Medical Information? • You should still abide by general confidentiality protocols for sensitive information • Let’s learn • What confidentiality means • What’s considered confidential • How to handle confidential data

  12. Confidentiality • Confidentiality defined by the International Organization for Standardization (ISO) • “Ensuring that information is accessible only to those authorized to have access" • Adaptation of the military's "need-to-know" principle • Forms the cornerstone of information security today

  13. Sensitive Data- What is It? Why Keep It Confidential? • Data required to hire, pay, and manage employees is by nature sensitive. • Information could be misused to commit fraud, discrimination, and other violations. • Job discrimination based on breech of medical data or DOB • Identity theft • If data is misused, employer could face costly lawsuits. • Employer may lose employee trust and confidence

  14. How Do Other Employers Handle Sensitive Information? • Most employers voluntarily protect employee’s personal information • They follow the laws willingly • Abide by current laws • Laws passed to protect employee confidentiality include: • ADA (federal) • HIPAA (federal) • State laws limit how an employee's SSN number can be used or transmitted • Information Practices Act of 1977 • On PA M:/ drive

  15. Protocols for Handling Sensitive Information • Develop policies that address workplace confidentiality • Train managers and supervisors about confidentiality issues and legal requirements • Guard against indiscreet behavior • Even seemingly minor incidents • Tossing sensitive info. in the trash • Speaking too loudly where other’s can overhear • Leaving employee data displayed on visible monitor • Coordinate with external employee services • Benefit providers, payroll services (HRM), outsourced HR service centers (HRM)

  16. More Protocols (General) for Handling Sensitive Information • Store confidential information securely • Traditional “lock & key” for hard copies • Electronic methods for electronic data • Firewalls, encryption, password protection • Secure disposal • Stay current on legal requirements and best practices • Professional HR associations are a good source of updates • You also can attend seminars sponsored by consulting, outsourcing, and law firms

  17. Confidentiality “How To”: Begin with Mindfulness • Develop your confidentiality “higher consciousness” • Keep confidentiality in the forefront of your mind • Continually ask yourself, “Am I dealing with something considered sensitive or confidential?” • Hone your “Spidey” confidentiality sense • Make peace with confidentiality protocols • Don’t fight them, adopt them

  18. Confidentiality “How To” • Best: exchange sensitive files via secure FTP • Good: zip & encrypt files; send via email • Win Zip or other software • OK: password protect docs w/ out zipping; send via email • Turn monitor off if displaying sensitive info. • Monitor off & lock computer (cntrl, alt,del) if away from desk for more than a minute or two

  19. More Confidentiality “How To” • Keep your voice down • Don’t discuss/share sensitive info. where others can hear you • Just close the door • Keep hard copies in a locked file cabinet • Restrict access to locked cabinet • Use file folders to keep hard copy docs from public view when working with them

  20. Even More Confidentiality “How To” • Tell callers that you are bound by State & Federal laws that limit what you can discuss • Steer callers away from disclosing personal medical information/sensitive info. if not necessary • The less you know, the less you may potentially misuse

More Related