The Medical College of Georgia HIPAA Privacy Rule
- Slides: 18
The Medical College of Georgia HIPAA Privacy Rule Orientation
WHAT IS HIPAA? HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of 1996. HIPAA includes regulations that govern the use and release of a patient's personal health information. HIPAA also limits the kind of information MCG can disclose regarding patients. Besides privacy standards, HIPAA creates new standards for administrative transactions and the electronic security of individual health information.
WHY HIPAA? n Patient concern about use or disclosure of personal health information without their knowledge n n Media coverage for high profile breaches Electronic transmission of information Secondary uses of information, e. g. , employment decisions, marketing, etc Patient demand to control how personal health information is used or disclosed
WHO MUST COMPLY WITH HIPAA? All MCG workforce members (employees, faculty and students) who transmit protected health information in electronic form in connection with certain administrative and financial transactions are subject to the requirements of the rule.
WHAT INFORMATION IS PROTECTED UNDER HIPAA? n All medical records and other patient/ individually identifiable health information maintained by MCG in any form – verbal, paper, and electronic and may be found in: Medical Records, clinical research records n Computer Systems/Electronic Records n Photographs, Videos, Audiotapes n PDAs, i. PODs, Digital Cameras, thumb drives, etc. n
WHAT IS OUR COMMITMENT TO PRIVACY? MCG believes that patients have the right to have their medical information kept private, and the right to review their medical records and understand how their medical information will be used. n We balance protecting patient information with ensuring our workforce has the information needed to properly care for patients, instruct students, and conduct research. n We provide annual HIPAA training and education about the HIPAA rule to all of our employees, residents, and students. n
New Employee HIPAA Training n At the beginning of the second month of employment, all employees with campus email accounts will receive instructions for complying with the MCG 30 -day deadline for HIPAA training. n Employees without computer access will be issued HIPAA training in paper format from their supervisors.
NOTICE OF PRIVACY PRACTICES n The law requires health care providers to give patients a notice detailing their privacy rights, how their health information will be used and disclosed, and explain who will have access to their medical records—from faculty, office workers, researchers and students to compliance officers or public health officials.
HIPAA PROVIDES NEW PATIENT PRIVACY RIGHTS Right to Receive Notice of Privacy Practices § Right to Request Restrictions on Uses & Disclosures of Protected Health Information (PHI) § Right to Receive Confidential Communications §
NEW PRIVACY RIGHTS - Continued Right to Access, Inspect, and Copy PHI § Right to Request Amendment of PHI § Right to Request Accounting of Disclosures of PHI §
DISCLOSING PATIENT INFORMATION Unless a patient objects, the following information may be placed in the MCG Health System’s hospital directory: Patient’s Name n Patient’s Location in the Facility n Patient’s Condition (general information only) n Patient’s Religious Affiliation (for clergy use only) n
SHARING INFORMATION FOR INTERNAL PURPOSES: n Our MCG Health System is allowed to share information for the following purposes: n n n Treatment Payment Healthcare Operations: teaching, clinical research (with prior approval by the Human Assurance Committee), accreditation, compliance, etc.
SHARING INFORMATION AS REQUIRED BY LAW Public Health Requirements n Health Oversight Activities n Judicial & Administrative Proceedings n Organ Donation n Public Safety n Government Proceedings n Workers Compensation n
CHANGING OR AMENDING PATIENT HEALTH RECORDS If a patient believes that the information in their health record is incomplete or inaccurate, the patient may request an amendment by: Contacting the person who made the entry and pointing out the inaccuracy; or by n Contacting the privacy officer or health information management department and pointing out the inaccuracy. n
ACCESSING PATIENT HEALTH RECORDS Reasons to Access Patient Records n To provide past medical information to new healthcare providers who are caring for the patient n To ensure the accuracy of the information contained in the records n To verify charges for care
HOW CAN PATIENTS PROTECT THEIR MEDICAL PRIVACY? Read the MCGHI Notice of Privacy Practices n Talk about confidentiality concerns with healthcare providers n Read authorization forms before signing them n Be cautious with health web sites, other health screening questionnaires, etc. - know how the information may be used or disclosed n
MCG Privacy and Security Policies n Privacy of Health Information http: //www. mcg. edu/policies/6004. html n Information Systems Security and Computer Usage http: //www. mcg. edu/Policies/2406. html
RESOURCES n MCG HIPAA Privacy Officer (706) 721 -2661 MCG Security Officer (706) 721 - 1577 n Department of Health & Human Services n Office of Civil Rights
Privacy awareness and hipaa awareness training cvs
Hipaa privacy and security awareness training
Mtf hipaa privacy officer
Hipaa training georgia
Hipaa security rule self assessment toolkit
Hipaa security rule objectives
Georgia composite medical board aprn
Complete college georgia
Patient portals and hipaa
Hipaa secure now
Joint commission accreditation standards
Hipaa pre-existing condition protections
Gillman hipaa progress note
Hippa cow
Jira hipaa
Accountable hipaa training
Gillman hipaa progress note
Certified hipaa administrator
Hipaa summit
