Waukesha County - Waukesha County Home



Section 1: What is HIPAA?HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996. HIPAA is a Federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. HIPAA covers all forms of protected health information, i.e. oral, written and electronic. Any time volunteers are exposed to consumer or client information or any personal information written, spoken, or electronically transmitted regarding a consumer or client, they become involved with some facet of HIPAA regulations.The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. Section 2: What is the HIPAA Privacy Rule?The HIPAA Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information” or “PHI”) by entities subject to the HIPAA Privacy Rule. These individuals and organizations are called “covered entities.”The HIPAA Privacy Rule contains standards for individuals’ rights to understand and control how their health information is used.A major goal of the HIPAA Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.The HIPPA Privacy Rule permits important uses of information while protecting the privacy of people who seek care and healing.Section 3: What or Who is Considered a “Covered Entity” under HIPAA?The following types of individuals and organizations are subject to the Privacy Rule and are considered covered entities:Healthcare providers: Every healthcare provider, regardless of size of practice, who electronically transmits health information in connection with certain transactions. These transactions include claims, benefit eligibility inquiries, referral authorization requests, and other transactions for which HHS has established standards under the HIPAA Transactions Rule.Health plans: Entities that provide or pay the cost of medical care. Health plans include health, dental, vision, and prescription drug insurers; health maintenance organizations (HMOs); Medicare, Medicaid, Medicare+Choice, and Medicare supplement insurers; and long-term care insurers (excluding nursing home fixed-indemnity policies). Health plans also include employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans. Exception: A group health plan with fewer than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity.Healthcare clearinghouses: Entities that process nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa. In most instances, healthcare clearinghouses will receive individually identifiable health information only when they are providing these processing services to a health plan or healthcare provider as a business associate.Business associates: A person or organization (other than a member of a covered entity’s workforce) using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity. These functions, activities, or services include claims processing, data analysis, utilization review, and billing.Section 4: What is Protected Health Information (PHI)PHI is individually identifiable health information relating to information:That reveals the physical or mental state of a person’s healthRegarding the payment for the health care services of an individualThat identifies with reasonable accuracy and speed the identity of a client/patientPHI is information that can be Written, Verbal, and/or Electronic and includes:NameGeographic subdivisions smaller than a StateStreet AddressCityCountyPrecinctZip Code/Equivalent GeocodesDates, except yearBirth dateAdmission DateDischarge DateDate of DeathTelephone numbersFax numberE-mail addressSocial security numbersMedical record numbersHealth plan beneficiary numbersAccount numbersCertificate/ license numbersVehicle identifiers and serial numbers, including license plate numbersDevice identifiers and serial numbersWeb universal resource locations (URL’s)Internet Protocol (IP) address numbersBiometric identifiers, including finger and voiceprintsFull face photographic images and any comparable imagesAny other unique identifying number, characteristic, or codeSection 5: Why are workforce members and volunteers expected to participate in HIPAA training?HIPAA training is required for Waukesha County Department of Health and Human Services employees, volunteers, interns, and contracted providers, and it is required by Federal law.The training helps to protect our clients. It is the responsibility of all workforce members, volunteers, contracted staff, and interns to take the confidentiality of client information seriously.The training helps protect you as a workforce member, volunteer, or business associate.Section 6: What does HIPAA mean for workforce members and volunteers?Workforce members, volunteers, and business associates hear, see, and possibly read PHI of clients. This information could include diagnosis; demographic and family information; and detailed care issues.All information involving client services with DHHS is confidentialWorkforce members, volunteers, and business associates MUST NOT share client information with friends, family members, or neighborsIn other words, what you hear and see here, stays hereWorkforce members, volunteers, and business associates must abide by the “Minimum Necessary” and “Need to Know” guidelinesMinimum Necessary - When protected health information is used or disclosed, only the information that is needed for the immediate use or disclosure should be made available by the health care provider or other covered entity.Need to Know:Access a client’s PHI only if it is pertinent to your positionAsk yourself “Do I need this information to do my work?”Section 7: How to ComplyDo not leave client information sitting out or unprotected. Shred any unnecessary paperwork/notes that contain client information.Remove client addresses and/or phone numbers from cell phones, computers, and GPSHave your phone, GPS, and computer password protected.Never use personal email accounts to communicate with clients.When emailing Waukesha County workforce members, never put client names or other identifiable client information (e.g. address) in subject lines or in the email body. Use first and last initials and communicate other information over the phone or in person.In the event it is necessary to send an email containing PHI, always use the email encryption tool to assist with prevention of accidental or inadvertent unauthorized disclosure of PHI.Wear your name badge while at WCDHHSSince all workforce members, volunteers, and business associates must “scan in” with their nametag, do not open locked doors for anyone!Wait for clients to approach you in the community, do not go out of your way to approach them.Ask yourself the “Need to Know” policy question: “Do I need this information to do my work?” If the answer to the question is “No”, do not access the information.Section 8: How and whom do you report a concern or violation to?It is your duty to report any concerns you have about privacy and security to any of the following:Tell your supervisor immediately, (unless the concern is with your supervisor – in this event, contact any of the individuals listed below)Reports of concerns or of violations should be made verbally (in person or via telephone) or through email. You should be prepared to provide a written statement of the incident for the investigation. The supervisor will discuss the concern with WCDHHS HIPAA Privacy and Security Coordinator – Wade WoodworthThe Security Officer for Waukesha County is Rick McMillinThe Privacy Officer for Waukesha County is Erik WeidigIndividuals may provide an anonymous report by using the form found on the following webpage: If you do not have access to the webpage above, you may submit an email to wwoodworth@. Although the email option is not 100% anonymous, please indicate in the subject line of your email that the email is desired to be an anonymous report, and all information referring to you, as an anonymous reporter, will be redacted from the official report.Section 9: What are the consequences for not complying with the law?Under HIPAA regulations, there are fines and penalties for improperly sharing, using, disposing or otherwise releasing consumer client information in the wrong way.A breach of privacy may result in termination of employment or volunteer status.Wrongful or willful disclosure of health information carries fines and can include criminal penalties for the individuals who commit those disclosures (in other words, volunteers, workforce members, contracted staff, etc. can be personally charged criminally, can be incarcerated, and can be required to pay fines).Section 10: Where can you find more information about Waukesha HHS HIPAA policies and procedures?Your County supervisor will provide you with HIPAA policy and procedure information relevant to your duties.You will be provided with “Minimum Necessary” and “Need to Know” handouts.Additional Waukesha County DHHS HIPAA policies and procedures are available upon request. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download