PHI or not?
Is a medical record number without a name PHI?
Yes, it's still identifiable
What does HIPAA help protect?
A patient's private health information
A front desk staff member places a sign-in sheet with full names in public view.
violation-sign in sheets must not reveal full PHI
Who can see an explanation of benefits (EOB)?
Only authorized individuals.
A patient asks the front desk about their test results. What is the best way to handle this?
The front desk should direct the patient to speak with clinical staff. Only Authorized personnel can provide results.
If a hospital posts surgery logs online with no names, could it still be a PHI issue?
Yes, if it contains dates or identifiers
True or False: HIPAA only applies to Doctors and Nurses
False- it applies to anyone who handles patient information
A pharmacist discusses a patient's medication loudly at the counter. Breach?
Yes- it risks exposing PHI to unauthorized individuals
Who is responsible for protecting patient privacy?
Everyone on the team
A patient asks about a new diabetes medication. Who on the team can provide education about how it works and potential side effects?
The nurse, provider, or the pharmacist
Is bank information shared for medical billing PHI?
No, it's financial, unless tied to health information
What should you do if you see a privacy violation?
Report it to a supervisor or compliance officer
A medical assistant looks up a friend's medical record out of curiosity.
Violation-This is unauthorized access and a serious HIPAA breach.
What is one thing your team does well to protect privacy? (open discussion)
Ex: everyone always logs out from their computer when stepping away to prevent unauthorized access to patient records.
Who is responsible for reconciling a patient's medications during a routine visit?
Registered Nurse, Medical Assistant, and provider. Medications must be confirmed by provider.
Which of these is PHI? Device ID, login password, or security badge number?
Device ID
What can happen if HIPAA is violated?
(fines, warnings, training)
A lab tech accidentally emails a test result to the wrong provider but reports it immediately. Breach?
Possibly- It must be investigated under HIPAA breach protocols
What should you do if you see someone accidentally leave a chart open?
Close it and tell them
Who should be included in discharge teaching to ensure the patient understands their care plan?
The patient and interprofessional care team.
Is a diagnosis without a name still PHI?
Only if it can be linked to an individual
True or False: HIPAA applies even if the patient is deceased
True
A provider discusses a patients lab results with a coworker in the hallway.
Violation-PHI must be discussed in private settings only.
A patient overhears their diagnosis being discussed at the front desk. Who is responsible for preventing this kind of privacy breach?
The entire team involved
During team huddle, who is responsible for making sure care plans are accurate and PHI is protected?
Everyone present - each role contributes to accuracy and privacy