Hip Hip Hooray
PHI
Any oral, written, or electronic individually identifiable health information collected or stored by a facility. Identifiable information includes demographic information and any information that relates to the past, present, or future physical or mental condition of an individual.
Document obtained before releasing Protected Health Information for purposes other than treatment, payment, and operations.
What is a release of information (ROI)?
I can respond to patient's requests via Facebook messenger.
What is no?
Facebook is not HIPAA-compliant; we should not respond to any patient on this platform.
This is the most common violation during the HIPAA walk-through at BCHC.
What is leaving your computer unlocked while unattended?
If you leave your computer unlocked, you must be able to see your monitor.
Your supervisor has access to review your entire personnel file.
What is no?
There would be no need for your supervisor to have access to your health information to do their job.
ePHI
What is electronic protected health information (ePHI) is protected health information (PHI) that is produced, saved, transferred or received in an electronic form.
Dental, Medical, Behavioral Health patient treatment areas.
What is considered confidential areas?
We can leave a message for a patient about an upcoming appointment.
What is yes?
If no specific health information is included in the message.
Papers with PHI should be placed face down on unattended desks.
What is yes?
All patients must take a copy of our "Notice of our Privacy Practices."
What is no?
We must offer it to everyone one time. If they refuse it, simply document the attempt to give it to them.
sPHI
What is PHI that could cause harm or embarrassment to an individual financially, reputationally, or emotionally.
I can install Bullhook Community Health Center's email and/or teams on my personal electronic device.
What is no.
Only Management and/or C-Suite members.
The same requirements apply to mental health records and to medical records.
What is yes?
We can fax PHI.
What is yes?
Standard precautions should be taken to ensure the reasonable security of the transmitted data.
Compliance officers are Adam, Vic, and Leah.
What is no?
Our compliance officers are Rozan Kerr, Deidre Reiter, Kyndra Hall, Marie Gillett, Stacey Moore, Jennifer Gobin, Darin Miller, Jared Esteves.
These provider records are considered part of 42 CFR Part 2 and cannot be released with a regular ROI.
What is a Licensed Addiction Counselor?
I can discuss a patient's situation with them on the phone when other patients are at the desk or in the lobby.
What is yes?
You may, but caution should be used to minimize exposure to others, this is an example of incidental disclosure that is unavoidable in day-to-day practice.
Rozan Kerr
Who is the HIPAA Security Compliance Officer?
There are 16 HIPAA patient identifiers.
What is no?
This country singer's medical records were sold to the National Enquirer and Star tabloids by a hospital employee for $2,610.
Who is Tammy Wynette
"Minimum necessary HIPAA rule"
What is information that cannot be shared if you do not need the information to do your job.
An adult who is not a child's parent or legal guardian can consent for the child's appointment at Bullhook Community Health Center.
What is no?
Kyndra Hall
What is the HIPAA Privacy Compliance Officer?
We can discuss a client's PHI with other providers involved in their care or other provider to whom we are referring them.
What is yes?
This is part of treatment and does not require authorization.