Privacy and Security Table of Contents TABLE OF

Privacy and Security Table of Contents

TABLE OF CONTENTS Privacy and Security Lessons 1. Introduction to HIPAA Go 2. Privileged Communication 3. Medical Records Go 4. Technology Go Go Table of Contents

Lesson 1– The Need for HIPAA Protect patients and their personal health information Became law in 1996 Table of Contents

Lesson 1– The Purposes of HIPAA Four main purposes of HIPAA Table of Contents

Lesson 1– Privacy of Health Information Privacy Rule Detailed instructions for handling and protecting information Table of Contents

Lesson 1– Security of Electronic Records EMR Created security and privacy issues Security Rule to keep records secure Table of Contents

Lesson 1– Security Rule Safeguards Security Rule sets safeguards for electronic records Table of Contents

Lesson 1– Administrative Simplification Transaction and Code Set Rule ◦ Set national standard ◦ Simplified claims process Table of Contents

Lesson 1– Insurance Portability Health Insurance Access, Portability, and Renewability Table of Contents

Lesson 2– Privileged Communication Privileged communication is information that is shared within a protected relationship. These relationships include physician and patient, attorney and client, and clergy and counselee. Under most circumstances, privileged communication cannot be disclosed. Table of Contents

Lesson 2– Privileged Communication The Privacy Rule ◦ Protect private patient information Table of Contents

Lesson 2– Privileged Communication Privacy Terms Table of Contents

Lesson 2– Privileged Communication Authorization ◦ Permission given in order to share health information Table of Contents

Lesson 2– Privileged Communication Patient rights ◦ Right to Notice of Privacy Practices ◦ Right to request restrictions on certain uses of protected health information ◦ Right to request confidential communications Table of Contents

Lesson 2– Privileged Communication Patient rights ◦ Right to access a copy of protected health information ◦ Right to request an amendment of health information ◦ Right to receive an accounting of the sharing of health information Table of Contents

Lesson 2– Privileged Communication Medical facility responsibilities Release of Information Table of Contents

Lesson 2– Privileged Communication Disclosure without authorization Disclosure allowed without authorization Table of Contents

Lesson 2– Abuse Emotional abuse includes excessive demands, insults, humiliation, stalking, threats, and lack of affection and support. Physical abuse includes any physical mistreatment or violence, as well as inappropriate restraint and withholding physical care. Sexual abuse includes using sexual gestures, suggesting sexual behavior, and unwanted sexual touching or acts. Table of Contents

Lesson 2– Signs of Abuse Patient statements Unexplained injuries, such as bruises, abrasions, fractures, bite marks, and burns Unreasonable explanations for injuries Malnutrition and dehydration Poor personal hygiene Pain or bruising in the genital area Unexplained genital infections Emotional problems, such as anxiety, depression, aggressiveness, changes in appetite, problems at school or work Table of Contents

Lesson 3– Medical Records Personal information, such as full name, phone number, address, work number and address, birth date, social security number, and marital status Medical history Description of symptoms Diagnoses Treatments Prescriptions and refills Records of patient’s telephone calls Name of legal guardian Name of power of attorney Notes about copies of medical records Table of Contents

Lesson 3– Ownership of Medical Records Medical records belong to health care providers, but patients have the right to see and obtain a copy of their records. Patients with mental illness may not have the right to see their medical records. If a patient’s employer or prospective employer pays for a job-related physical examination, the employer, not the patient, has the right to see and obtain a copy of the records. Table of Contents

Lesson 3– Proper Maintenance Medical records must be complete, legible, and timely. All information in records must be objective and the information must be initialed and dated. Errors should never be erased or covered with correction fluid. Instead, a single line should be drawn through an error so that the error is still readable. Table of Contents

Lesson 4– Electronic Medical Records Advantages: ▫ Instant access ▫ Remote access to up-todate information ▫ Simultaneous access ▫ Decreased time to record information ▫ Legible ▫ Better organization ▫ Flexible data layout ▫ Automated checks and reminders ▫ Increased privacy and decreased tampering, destruction, and loss due to required authorization Table of Contents

Lesson 4– Electronic Medical Records (Continued) Disadvantages: ▫ Additional hardware, software, and licensing costs ▫ Resistance to giving up paper records ▫ Difficult data entry ▫ Training ▫ Computer downtime, such as unexpected failure or routine servicing ▫ Confidentiality and security concerns, such access of information to unauthorized individuals Table of Contents

Lesson 4– Confidentiality of Electronic Records Limit individuals who have access to records by using passwords, fingerprints, voice recognition, and eye patterns. Require codes to access specific information. Place monitors in areas where others cannot see the screen. Do not leave monitors unattended while confidential information is on the screen. Do not send confidential information by e-mail. Back up data. Constantly monitor and evaluate the use of electronic medical records. Table of Contents

Lesson 4– Printers and Copiers Printers: ▫ Do not leave printers unattended while printing confidential information. ▫ Do not print confidential information on printers that are shared by unauthorized individuals. ▫ Do not print confidential information on wrong printers. ▫ Make sure to collect printouts of confidential information from printers. ▫ Do not throw unneeded printouts of confidential information in trash cans. Instead, these should be shredded. Table of Contents

Lesson 4– Printers and Copiers (Continued) Copiers: ▫ Do not copy confidential information if unauthorized individuals are in the area and can see the information. ▫ Do not leave copiers unattended while copying confidential information. ▫ If a paper jam occurs, be sure to remove the copies that caused the jam from the copier. ▫ Make sure to collect all copies of confidential information as well as the original from the copier. ▫ Do not throw unneeded copies of confidential information in trash cans. Instead, these should be shredded. Table of Contents

Lesson 4– Fax Machines and Telephones Fax Machines: ▫ Contact the receiver and verify the fax number before faxing confidential information. ▫ Do not fax confidential information to unauthorized individuals. ▫ Attach a cover sheet that contains a confidentiality statement. ▫ Do not fax confidential information if unauthorized individuals are in the area and can see the information. ▫ Do not leave fax machines unattended while faxing confidential information. ▫ Do not throw unneeded faxes of confidential information in trash cans. Instead, this should be shredded. Table of Contents

Lesson 4– Fax Machines and Telephones (Continued) Telephones: ▫ Do not use patients’ names if unauthorized individuals are in the area and can overhear. ▫ When leaving messages, simply ask patients to return the call. Do not speak about any confidential information. Table of Contents