HIPAA
HIPAA Safety
PHI
Breaches & Disclosure
ESSC Policies
100
Provides federal protections for personal health information
What is the Privacy Rule of the Health Information Portability and Accountability Act (HIPAA)
100
A way in which to protect PHI on your computer
What is place computers in a secure environment, away from areas where they can easily be physically accessed
100
PHI stands for
What is Protected Health Information
100
Committing a violation of HIPAA can result in
What is civil and criminal penalties
100
This is an example of a covered entity
Who is ESSC
200
To conduct business in accordance with HIPAA, this information is to be shared
What is the minimum necessary health information
200
A way to protect passwords
What is keep log-on information, including passwords, secure. Avoid sending them to others through electronic means, and do not write them down
200
This is an example of a participant's PHI
What is Medical records (including medical ?record numbers), diagnosis, photos, billing records, claims data, referral authorizations, explanation of benefits, or any other unique number, characteristic, or code that could relate to information about an individual
200
This is an unauthorized acquisition, access, use or disclosure or protected health information
What is a breach
200
This is an example of a Business Associate
Who is anyone that does business with ESSC and requires access to PHI (e.g., Regional Center, Kaiser)
300
HIPAA pertains to protecting the confidentiality of this type of information
What is all forms of PHI (paper, verbal, and electronic) for both participants and associates
300
A way to protect electronic PHI
What is send PHI through secure email
300
This is an example of an associate's PHI
What is an individual’s name, address, date of birth, age, phone numbers, fax number, e-mail address, Social Security Number
300
Refers to what can happen to your job at ESSC if you violate HIPAA
What is disciplinary action up to and including termination of employment
300
Report any known or suspected privacy breaches, including, but not limited to conversations, lost information, lost or stolen laptops, flash drives, and cell phones immediately to this person
Who is the Director of Risk Management
400
HIPAA stands for
What is Health Insurance Portability and Accountability Act
400
A way to protect PHI in public areas
What is do not discuss or use a participant code
400
This is the time when you can use PHI
What is when you're doing your job
400
This document describes how ESSC may use or disclose the participant's PHI and advises the participant of his or her privacy rights
What is the Notice of Privacy Practices
400
If your property was stolen, you will need to report it to this entity in addition to the Director of Risk Management
What is the police
500
HIPAA applies to the following groups
Who is a Covered Entity (CE) and a Business Associate BA)
500
Security of an individual’s information is this person's job
Who is Everyone!
500
Dictates what PHI you can use
What is your role/title at ESSC
500
It's this person's right to keep their information safe and private
Who are both participants and associates
500
An associate needs to go on vacation, so another associate covers the shift for this participant. This participant also happens to be the son of a celebrity, and the associate covering needs to access his medical record
What is an appropriate access of PHI
M
e
n
u