Hip Hip ah.....
Three action steps you can take to keep client health information confidential
1. Make sure papers, documents, and reports containing client information are shredded or destroyed in some way. 2. If fax and copy machines are used to send or copy patient information, make sure they are located away from public areas. 3. Always consider where you are when talking about confidential information. 4. Whether you are talking to a client/family or with coworkers, try to keep your conversations from being overheard. 5. Keep confidential client information out of public areas such as waiting rooms, conference rooms, receptionist desk or on white boards viewable by the public. 6. Don't assume the person with the client knows all the information. 7. Be cautious when using a cell phone and talking about patient information. 8. Keep records safe and protected regardless of where they are kept.
Obtained before releasing Protected Health Information for purposes other than treatment, payment, and operations.
What is a written patient authorization?
Can PHI be faxed?
Yes, if standard precautions are taken to ensure reasonable security of the transmitted data.
Information that cannot be shared if you do not need the information to do your job.
What is the "minimum necessary" rule?
This is deciding what is right or wrong in a reasoned, impartial manner.
What is ethics?
Two primary components of the HIPAA regulation
What is the Privacy Rule and Security Standard?
May not be our "friends" on social media"
Who are families of the children we serve?
Protected health information includes information about...
1. a person's health, health care, or payment of health care (the term "health" includes mental health and behavioral health issues) 2. information that identifies a person 3. services created or received by a covered health care plan or provider.
These are personal human rights guaranteed by our constitution.
What are civil rights?
Locking a computer, logging off, never sharing passwords or using another's account
What are security measures to protect e-PHI?
Eight or more upper and lower case letters, symbols and numbers
What is a strong password?
How do we protect photographic images of the children?
Cedarcrest cameras, photo authorizations from the parent/guardian, no use of cell phones for photos.
Do the same requirements apply to mental health records and to medical records?
In general, yes; however, - "Psychotherapy notes" are accorded special privacy protections under this regulation. Ordinarily, a written client consent is required before psychotherapy notes can be disclosed to anyone. - A health plan may not condition a client's enrollment or eligibility on the provision of the client's authorization or consent for disclosure of psychotherapy notes. - Psychotherapy notes are excluded from the provision that gives clients the right to see and copy their health information.
An ethical decision should not be influenced by these.
What are emotions?
Requires a report to the Privacy/Security Officer, and if significant, to the Attorney General and US Office of Civil Rights.
What is done when there is a breach?
Name at least 2 circumstances under which protected health information may be disclosed without a client's consent or authorization.
-disclosures required by law such as disclosures for public health activities
-disclosure about victims of abuse, neglect or domestic violence
-health oversight activities
-disclosure for law enforcement purposes * *
-disclosures to avert a serious threat to health or safety
What is Two Factor Authentication?
The use of two systems to identify and confirm the user
The scrambling or coding of information being sent confidentially via e-mail.
What is encryption?
The idea that the same ethical standard is applied to everyone
What is impartiality?
A person or entity, other than staff, who provides certain services for Cedarcrest that involve the use and/or disclosure of protected health information
What is a Business Associate?
Information that can be shared without an authorization
What is treatment, payment and operations?
Can PHI be shared with Medicaid or the insurance company?
Yes. This is considered part of treatment, payment or health care operation and does not require the patient's authorization. Only the minimum information is shared.
E-mail: "Are you available, i need you to initiate a wire transfer to a vendor, confirm if you can get it done today so I can forward you the instructions."
Best, Tracey
What is phishing?
The capacity to do what is right even with temptation or pressure to do otherwise
What is integrity?