Hip Hippa Hooray
Explain the Detail
Why We do This
What We Need to Know
Q & A
100
Name 3 action steps you can take to keep client health information confidential.
What are? 1. When in doubt, don’t give information out. 2. Log off before you walk off from your computer. 3. Double check fax numbers before sending. 4. Do not send e-mails or use the internet unless the connection is secure and approved. 5. Make sure you know the Identity of a caller before releasing confidential information. 6. Never share your passwords with anyone. 7. Maintain the security of all client information in paper, electronic and oral forms. 8. Be careful not to discuss client information in non private locations. 9. Access information on a need to know basis, only to do your job. 10. Dispose of confidential information according to proper procedures (i.e. locked shred bins).
100
Obtained before releasing Protected Health Information for purposes other than treatment, payment, and operations.
What is a written patient authorization?
100
What provides the establishment of a nationwide framework for the protection of patient confidentiality, security of electronic systems and the electronic transmission of data?
What is HIPAA?
100
What the Privacy Regulations seeks to do.
What is establish that personal health information must be kept confidential?
100
OCR
What is the Office of Civil Rights?
200
What are two of the three important components of the HIPPA regulation?
What are the Privacy Rule and Security Standard?
200
PHI
What is Protected Health Information?
200
The year HIPAA compliance was required.
What is 2003?
200
Protected health information includes information about...
What is: 1. a person's health, health care, or payment of health care (the term "health" includes mental health and behavioral health issues) 2. information that identifies a person 3. services created or received by a covered health care plan or provider.
200
Confidential information takes on many forms such as:
What are? It can be information printed on paper, or data files stored on a computer, a hand-held device such as a smart phone, computer media, or voice mail.   
300
Define the term "Business Associate"
What is a person or entity who provides certain functions, activities, or services for PCM, involving the use and/or disclosure of protected health information, other than a member of our workforce?
300
HIPAA
What is The Health Insurance Portability and Accountability Act?
300
PHI includes all health information that is used/disclosed – except PHI in oral form.
What is False?
300
An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.
What is a breach?
300
Can we fax PHI?
Yes, if standard precautions are taken to ensure reasonable security of the transmitted data.
400
During what presidential administration was the HIPAA standards enacted?
What is the Clinton administration?
400
Name at least 2 circumstances under which protected health information may be disclosed without a client's consent or authorization.
What are? 1. disclosures required by law 2. permitted disclosures for public health activities (such as reporting diseases, collecting vital statistics, etc.) 3. disclosure about victims of abuse, neglect or domestic violence 4. health oversight activities 5. disclosures for judicial or administrative proceedings 6. disclosure for law enforcement purposes 7. use and disclosure for research purposes 8. disclosures to avert a serious threat to health or safety
400
Three examples of protected health information that might be connected to an individual.
What are? Telephone number Address Date of Birth
400
HIPAA applies to...
What are? 1. Covered Entities (CE) refers to providers, hospitals, health plans 2. Business Associates (BA) 3. Subcontractors to Business Associates that handle Personal Health Information (PHI) on behalf of Business Associates 
400
Can I share a patients PHI with their insurance company?
What is: Yes. This is considered part of treatment, payment or health care operation and does not require the patient's authorization? Only the minimum information is shared.
500
If you suspect someone is violating the privacy policy, you should:
What is report the activity to your supervisor or Compliance Officer for further follow-up?
500
"Minimum necessary HIPAA rule"
What is information that cannot be shared if you do not need the information to do your job?
500
Who protects PHI?
What are? The government My organization and me
500
What HIPAA does
What is? Gives patients more control over their health information. Sets boundaries on the use and release of health records. Establishes safeguards that healthcare providers and others must provide to protect the privacy of health information. Holds violators accountable, with civil and criminal penalties that can be imposed if it is determined that a patient's privacy rights were violated. Strikes a balance when public responsibility supports disclosure of some data to protect public health (as in the case of child abuse).
500
Can we discuss a client's PHI with other providers involved in their care or other provider to whom we are referring them?
What is? Yes. This is part of treatment and does not require authorization?
M
e
n
u