PHI
What is Protected Health Information (PHI)?
1.Comes from a health care provider or a health plan
2.Relates to the physical or mental health condition of an individual, at any time, past, present or future.
3. Identifies an individual or could be used to identify an individual
4.Describes the health care, condition, or payments of an individual or describes the demographics of an individual
FULL FORM OF HIPPA
Health Insurance Portability and Accountability Act
What do you mean by Red Flag
Red flags are suspicious patterns or practices, or specific activities that indicate the possibility of identity theft
IS Compliance is Everyone’s Job , TRUE OR FALSE
TRUE
Can we use Official Email for Personal Reasons, True or FALSE
FALSE
What all constitutes a PHI? Name any Five Examples
•Name •Address - street address, city, country, zip code (more than 3 digits) or other geographic codes •Dates directly related to patient •Telephone Number •Fax Number •email addresses •Social Security Number •Medical Record Number •Health Plan Beneficiary Number •Account Number •Certificate/License Number •Any vehicle or device serial number •Web URL, Internet Protocol (IP) Address •Finger or voice prints •Photographic images •Biometric identifiers •Any other unique identifying number, characteristic, or code (whether generally available in the public realm or not
As employees of a premier service provider of Health care revenue cycle management it is imperative that we comply with the
Privacy and security policies and procedures.
What do you mean by Identity Theft
It is a form of stealing someone’s identity to commit fraud or abuse
AM’s and above are allowed to carry camera phone without sticker and smart devices
True or False
True
ISMS FULL FORM
INFORMATION SECURITY MANAGEMENT SYSTEM
PHI must be secured in all forms, True of False
Types of PHI
True
➢ Written information (EOB’s, Reports, Charts, Claims, Medical records, Billing records, X-rays, Letters, Messages, etc.) ➢ Oral communication (phone calls, meetings, informal conversations, etc.) ➢ E-mail, computerized and electronic information (computer records, faxes, voicemail, PDA entries, etc.)
HIPAA Penalties for Breaches
Civil Penalties $50,000 per incident up to $1.5 million per incident for violations that are not corrected per calendar year
Criminal Penalties: $50,000 to $250,000 in fines and up to 10 years in prison
How Red Flags can be reported and who is authorized to do that
Red Flags can be reported via Compliance Tracker in Touch Dashboard and Only Team Leaders & Above can report it
Types of PHI a Business May Handle, Name any 5
Eligibility information • Enrollment information • Claims information • Claims appeals • Reports from third-party administrators or other vendors (such as, pharmacy benefit managers, preferred provider organizations, utilization review companies, etc.) may contain PHI • Coordination of benefits determinations • Quality assessment information (audits) • Medical condition information CO-119
You may report compliance concerns by calling the Compliance Line at
1-800-346-1766
What are various different type of Security Rules applied in Coronis Ajuba to Protect PHI
1.Administrative Safeguards: •Policies •Procedures •Risk Management •Internal Audits •User Education •Training
2. Physical Safeguards: •Facility Access Controls •Workstation Use/Security •Device and Media Controls •CCTV
3. Technical Safeguards: •Access Controls •Unique User Identification •Audit trails •Screen Savers •Transmission Security •Integrity Controls
How to Report ISMS Compliance Violation
TOUCH PORTAL - HELPDESK - ISMS VIOLATIONS
What is OIG
Office of Inspector General
Not displaying ID Cards inside operations area, carrying camera mobile, Pen Drives, CD's, MP3 Players may lead to
-L1 Warning memo/3 days of Loss of Pay.
-Repeat offense L2 Memo & 4 to 30 days Loss of Pay
Why is Compliance/Security training important?
➢ Outlines ways to prevent accidental and intentional misuse of PHI.
➢ Makes PHI secure with minimal impact to staff and business processes.
➢ Shows our commitment to managing electronic protected health information (ePHI) with the same care and respect as we expect of our own private information
List out any 5 Information Security Measures or Reminders
➢ Do not share passwords. ➢ Always lock your desktop/laptop when you move out of your system ➢ Limit access to printers and faxes for people who deal with PHI. ➢ Limit access to health information to only those who require it for a specific task. ➢ Use email only for official purposes. ➢ Do not open email attachments from an unknown, suspicious or untrustworthy source if the subject line is questionable or unexpected ➢ Workstation use •Restrict viewing access to others and you should not take snapshot of your monitor • Follow appropriate log-on and log-off procedures. •Lock your workstation, press Ctrl-Alt-Del or Windows key + “L”. •Do not store PHI on desktops.
COMPLIANCE OFFICER FOR CORONIS AJUBA
Ashique CT – Associate Director - Client Deliverables
Email : ashique.ct@miramed ajuba.com Ext : 613
What is FDCPA?
Fair Debt Collections Practices Act
Accessing unauthorized company information, Giving unapproved information to Vendors/ Media/ any external agency, Password sharing, Accessing inappropriate websites, Sharing of login ids and passwords to access a specific website, Failing to timely report known or suspected HIPAA issue or other potential unauthorized disclosure or breach may lead to
-Ranging from 3 days to 30 days of `Loss of Pay’
Repeat offense, Suspension to possible termination of employment
FOUR COMMENDMENTS AND GROUND RULE WE ALL SHALL FOLLOW
Always store PHI is designated network folders
Always Shred PHI after use
Always lock your system when you leave your place
Always report all violations