data privacy

Download Data Privacy

Post on 31-Dec-2015




1 download

Embed Size (px)


Data Privacy. HIPAA Training. Progress Diagram. Implementation. Orientation. Evaluation. Training. Function in accordance. Apply your knowledge. Learn the Basics. Receive further Training. Agenda. 1. HIPAA-Definitions. 2. Potential Departments Impacted. - PowerPoint PPT Presentation


  • Progress DiagramFunction in accordance Apply your knowledgeLearn the BasicsOrientationEvaluationTrainingReceive further TrainingImplementation

  • Agenda1. HIPAA-Definitions 2. Potential Departments Impacted 3. Questions to Determine Impact 4. Types of Information Protected 5. How Tos 6. Donts 7. HIPAA-Flow Chart

  • DefinitionsHIPAA

    Health Insurance Portability and Accountability Act of 1996

    Designed to Protect Privacy of Patient Informationby securing electronic and physical medical information.

    Theory-A students rights and welfare must not be sacrificed for scientific or medical progress.

  • Definitions (Continued)Protected Health Information (PHI)-IIHI created, or received, by a covered entity related to past, present, or future, physical or mental health of an student.

    Standard Transactions-coordination of benefits, health care claims, health care payments, enrollment or disenrollment in health plan, eligibility for a health plan, first report of injury, health plan premium payments, referral certification and authorization, health claims attachments and others as prescribed by DHHS secretary.

  • Potential Areas ImpactedCounseling ServicesDept of Counseling ProfessionsHealth andHumanPerformanceAthleticsHealth ServicesDoes your department need Evaluation?PHI-In need of Evaluation?Child Care Center

    InternationalStudentsOfficeHuman Behaviorand DiversityHuman Resources?

  • Does this Impact my Department?Three Questions to Ask

    1. Are we dealing with IIHI?

    2. Do we perform one of the standard transactions?

    3. Do we transmit information electronically?

  • Types of Info protectedNameSocial Security NumberLab ResultsDiagnosisTreatmentDate of BirthTelephone NumberEmail addressAccount NumbersIP addressesAny unique identifying informationMedical Record NumberCounseling UseLocation of TreatmentMedicationsReferralsOther Info commonly found in health care records

  • How Tos1. FERPA first

    2. Hybrid Entity

  • How Tos (continued)3. Authorization for Release of InformationCore elementsPermission to disclose without release

  • How Tos (continued)4. Encryption-

    5. Research and HIPAA-

  • DontsRelease Medical information to outside employerDont release information that can be used for marketing or advertising purposesRelease information related to mental health counseling sessions or physical health without proper authorizationSend IIHI electronically without proper encryption technology

  • HIPAA Flow ChartOrientation Evaluation TrainingImplementationAwarenessandEducation Identify RiskRequestforfurther TrainingPlanningAndFurther Assessment



    *Today we are going to obtain education and awareness related to HIPAA.It is then my hope that you all evaluate your departments and ask do we need to become HIPAA compliant and then . Contact me for further training and Help in implementation.**IIHI-Individually identifiable health information is information that identifies or is reasonably likely to identify the students. I have a slide later that will provide you with specific examples.

    Covered entity-Health plan, healthcare clearing house, healthcare provider who transmits any health information in electronic form in connection with a standard transaction. Usually universities are Third Party Administrators not covered entities. However, if your department provides any care service or supply related to the health of a student you will most likely qualify as a health care provider under the privacy rule. What is a standard transaction?- A electronic transmission of information to carry out financial or administrative duties related to health care*Counseling Services and Department of Counseling Professions-Provision of direct mental health services to students. 3. Some of the other departments may provide direct services that can be seen under the covered entity umbrella I.e. athletics, health services. Also other offices may be impacted like the international student office or human resources if they are dealing at all with the electronic transmission of IIHI to insurance providers. For example electronic transmission of information from HR to EAW program related to IIHI. THE EAW would be responsible to protect the health information but the university must require that the EAW center handles the info in accordance with HIPAA standards. The university is then known as a TPA. A firewall then needs to be established to ensure that the parties handling information between the univ and EAWP do not use this info in other circumstances. At UWS all healthcare benefits are completed through the insurance agency not the univ. Another consideration would be departments like the department of human behavior and diversity if the students are providing services during internships or are conducting research on biofeedback with students and have electronic transmission of IIHI to an organization that is sponsoring the research project. *If you answered yes to all three questions your department is impacted and HIPAA compliance is mandatory.If you answered yes to the first two your department is impacted but HIPAA compliance is only recommended IF your department is impacted this will include the health care provider, clinical researchers and employees who assist these providers and researchers in performing tasks related to health care or clinical research that involves IIHI.*Soyou determine that your department is impacted thus these are examples of IIHI that will need to be protected.*IIHI about a student is not considered PHI if it is an education record under FERPAHybrid this means that some units on our campus will be health care components and some non health care components. Health Services is a Health Care component and thus if they share information with the business office non health care covered component they must do so in the protected fashion. Remember this when trying to talk with counselors related to a student and his/her protected health information. Athletics make many referrals to Health Services for immunizations and school or sport physicals. Health Services Health Services cannot share the student's immunization record or physical record with the Athletics department staff without proper authorization. 3. *3. Release of information-description of info to be disclosed; identify authorized person to disclose information; person to whom info is to be disclosed; purpose of disclosure; expiration date for disclosure; signagture of the person; right to revoke; inability to condition treatment, payment enrollment or eligibility; potential for info to be re-disclosed without protection.

    *(names of smokers on campus)