hipaa training - bright heart health · appropriate training may also release to the paent a...
TRANSCRIPT
![Page 1: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/1.jpg)
HIPAATRAINING
Confiden'ality,Privacy,andInforma'onSecurity
![Page 2: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/2.jpg)
Proprietary&Confiden'al
Instruc'onsforThisOnlineCourse• Reviewthecontentofthiscourse• Attheendyoumustpassatesttocompletethecourse
Instruc'ons
![Page 3: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/3.jpg)
Proprietary&Confiden'al
PrivacyandInforma'onSecurityarekeyelementsoftheBrightHeartHealth’scommitmenttoquality.• NomaIerwhereyouarelocatedwithinBrightHeartHealtheverystaffmemberisresponsibleforunderstandingandfollowingallprivacyandsecuritypolicies.
PrivacyandInforma'onSecurity
![Page 4: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/4.jpg)
Proprietary&Confiden'al
Whenyoucompletethiscourse,youwillbeableto:• Iden'fytypesofconfiden'alinforma'on.• Describebestprac'cesforsafeguardinginforma'oninspoken,wriIenorelectronicformats.
• Understandyourresponsibilityfordataencryp'on.• Describeyourresponsibili'esforprotec'nginforma'onandrepor'ngviola'ons.
• Iden'fyconsequencesforviola'ons.• LocatestaffresponsibleforPrivacy,Informa'onSecurityand/orCompliance.
Objec'ves
![Page 5: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/5.jpg)
Proprietary&Confiden'al
EveryBrightHeartHealthstaffmemberisresponsibleforprotec'ngconfiden'alinforma'on.• Therearedifferenttypesofconfiden'alinforma'on,including:– Pa'entInforma'on– EmployeeInforma'on– BrightHeartHealthInforma'on
• Financialandopera'onalinforma'on• Tradesecrets• Systemaccessandpasswords
PrivacyandSecurityInforma'on
![Page 6: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/6.jpg)
Proprietary&Confiden'al
Iden%fiablePa%entInforma%onUniqueiden'fiersincluding:• Name• Address• datesofbirth,admission,discharge,death• telephoneandfaxnumbers,• emailaddress• medicalrecordnumber• healthplanbeneficiarynumber• SocialSecuritynumber• accountnumber• cer'ficate/licensenumber• anyvehicleorotherdeviceserialnumber• webURL• InternetProtocol(IP)address• fingerorvoiceprints,• photographicimages• Medicalhistory&treatment• Financialinforma'on(insurance,credit/debit
cardnumbers)
EmployeeInforma%on• Driver’slicensenumber• SocialSecuritynumber• Bankaccountnumbers• UserIDandpasswordsInforma%onAboutBrightHeartHealth• BrightHeartHealthCareInforma'on• Financialandopera'onalinforma'on• Tradesecrets• Systemaccesspasswords
PrivateandSensa'veInforma'on
![Page 7: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/7.jpg)
Proprietary&Confiden'al
Thereare2thingstorememberaboutprotec'ngconfiden'alinforma'on:1. Accessinforma'ononlyifyouneedittodoyour
job.2. Shareinforma'ononlywithotherswhoneeditto
dotheirjobs.
Privacy&SecurityRuleofThumb
![Page 8: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/8.jpg)
Proprietary&Confiden'al
Confiden'alinforma'onisstoredandsharedinthefollowingways:• VerbalCommunica'on(talking)• PaperDocuments• ElectronicData
Confiden'alInforma'on
![Page 9: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/9.jpg)
Proprietary&Confiden'al
Whentalkingaboutconfiden'alinforma'onmakesureyouare:• Sharingonlywithsomeonewhoneedstoknowtheinforma'ontoperformtheirjob.
• Speakingwhereothers(includingpa'entfamilymembersandfriends)cannothear,ifpossible.
• Givingonlytheminimumamountofinforma'onnecessary.
VerbalCommunica'on
![Page 10: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/10.jpg)
Proprietary&Confiden'al
VerbalCommunica'on• Whentalkingaboutconfiden'alinforma'onbeawareofyoursurroundings!
• AvoiddiscussingPersonalHealthInforma'on(PHI)inpublicareas.
• Whenconversa'onsinopenareascannotbeavoided,remembertokeepyourvoicelow.
VerbalCommunica'on
![Page 11: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/11.jpg)
Proprietary&Confiden'al
GeneralInforma%on• CareCoordinatorsareprimarilyresponsibleforreleasing(ormakingavailable)PHI,butsome'mespersonnelinotherdepartmentsreleasePHI.
• Physicians,therapists,die''ans,andnursesmayreleasesomeinforma'ontothepa'ent.
• Physiciansandstaffwhohavereceivedtheappropriatetrainingmayalsoreleasetothepa'entaTreatmentSummary.
ReleasingPersonalHealthInforma'on(PHI)
![Page 12: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/12.jpg)
Proprietary&Confiden'al
YourMedicalRecords• Toaccessyourownmedicalrecord,completeanauthoriza'onformand
submittotheClinicalDirector.• TheClinicalDirectorwillno'fyyouwhenyouareapprovedtoviewyour
medicalrecord.PHIforResearch• ResearchersthatrequestPHIforresearchmustsubmitappropriate
documenta'on.• DiscussanyrequestswiththeClinicalDirectorforspecificprocedures.Accoun%ngforDisclosures• IfyoureleasesPHIoutsideofBrightHeartHealthforreasonsotherthan
treatment,paymentorhealthcareopera'ons,youmayneedtotrackthosedisclosures.
• Documentthedisclosureonthepa'entshealthrecord.AlwaysCalltheClinicalDirectorwithques;onsaboutreleasingPHI.
ReleasingPersonalHealthInforma'on
![Page 13: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/13.jpg)
Proprietary&Confiden'al
• Reviewinforma'onbeforesendingtomakesureyouareonlysendingwhatisnecessary.
• Double-checkthee-mailaddressorfaxnumber.Faxinginforma'ontothewrongnumbermayleadtodisciplinaryac'on.
• Faxonlywhenmaildeliveryisnotfastenoughtomeetthepa'ent’sneeds.
• AlwaysuseafaxcoversheetwithConfiden'alityNo'ce.
• Emailscanneddocumentstoyourselfbeforee-mailingthemtothefinalrecipient.
TipsforReleasingPHI
![Page 14: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/14.jpg)
Proprietary&Confiden'al
Here’satesttodetermineifyoucanuseorsharePHIAsk:1.Isthedisclosurefortreatment,paymentorhealthopera'onspurposes?2.Ifnot,doyouhavewriIenauthoriza'onfromthepa'ent?3.Ifnot,isthereananotherlegalrequirementfordisclosure?Iftheansweris“No”toall3,donotaccess,useorsharethePHI.
APPLYTHISTEST
![Page 15: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/15.jpg)
Proprietary&Confiden'al
Neverplaceconfiden'alinforma'oninthetrash!
Cross-cutshredorplaceinsecuredisposalbins:• Paper• Thumbdrivesandotherstoragedevices
DisposalofConfiden'alInforma'on
![Page 16: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/16.jpg)
Proprietary&Confiden'al
DisposalofConfiden'alInforma'ononElectronicDevices:• Computerharddrivesmustbephysicallydestroyedor“electronicallyshredded.”Contactyourmanagerforassistance.
• Someleasedequipmenthasabilitytostoreinforma'on,e.g.,copiers.Whenleasedequipmentisreturnedtovendorbesureallconfiden'alinforma'onhasbeenremoved.
DisposalofComputersandElectronics
![Page 17: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/17.jpg)
Proprietary&Confiden'al
Asubpoenaisadocumentissuedbyacourtthatrequiresapersontoappearincourtortogivesomekindofevidence.• Ifyoureceiveasubpoena,itiscri'caltoalertyour
managerandtheClinicalDirectororMedicalDirector.• Forbillingdocumentrequests,directtheperson
presen'ngthesubpoenatotheBillingDepartment.• Formedicalrecordrequests,directthepresentertothe
ClinicalDirector.• Forallothersubpoenas,directthepresentertotheCEO.• AsubpoenadoesnotremoveHIPAAprivacyprotec'ons.
Anauthoriza'onsignedbythepa'entoracourtordersignedbyajudgeisrequiredforreleasingconfiden'alinforma'on.ContacttheCEOforguidancebeforerespondingtoasubpoena.
ReleasingPHI:Subpoenas
![Page 18: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/18.jpg)
Proprietary&Confiden'al
Confiden'alinforma'onstoredoncomputersandotherelectronicdevicesrequiresspecialmeasurestokeepitprivate.• Toprotectconfiden'alinforma'onstoredaselectronicdata,youshould:– Avoidinternetthreats– Ensuredataisencrypted– Usesocialmediaandbloggingsitesappropriately– Createstrongpasswords– Securecomputersandothermobiledevices
Protec'ngElectronicData
![Page 19: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/19.jpg)
Proprietary&Confiden'al
Phishing• Phishingisunwantede-mail(”spam”)thattriestotrickyouintorevealingconfiden'alinforma'on,likepasswordsorcreditcardinforma'on.
• Donotreplytoanye-mailmessagethatmightbeaphishingaIempt.Callthesenderifindoubtoraskyourmanager.
InternetThreats!
![Page 20: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/20.jpg)
Proprietary&Confiden'al
MalwareMalwareissoeware(computerprograms)designedtoharmyourcomputer.Typesofmalwareincludeviruses,wormsandspyware.Malwarecandestroyyourdataandexposeconfiden'alinforma'on.• Malwaregetsintoyourcomputerthroughe-mail
aIachments,compromisedwebsites,holesinsoewareandotherways.
• Thebestwaytoblockmalwareistoalwaysuseanup-to-datean'virusprogramandanan'spywarescanningprogram.
• IfyoususpectMalware,donotclickonanylinksoropenanyaIachments.
InternetThreats!
![Page 21: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/21.jpg)
Proprietary&Confiden'al
CloudCompu%ng• “Cloud”Compu'ngletsyouaccesscomputerfilesandprogramsovertheInternet.
• Gmail,GoogleCalendar,GoogleDocs,Dropbox,Yahoo,Kareo,ZOOM,etc.arecloudservices.
• NEVERstoreconfiden'alinforma'ononpubliccloudservices.Onlystoreinforma'ononBrightHeartHealthcloudservices.
• BrightHeartHealthhasBusinessAssociatesAgreementinplacewithGoogle,ZOOM,Kareo,andSurveyGizmo.Donotstoreconfiden'alinforma'ononanyothercloudservice.
InternetThreats!
![Page 22: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/22.jpg)
Proprietary&Confiden'al
PersonalE-mail• Donotusepersonale-mailaccountstoconductBright
HeartHealthbusinessortosendconfiden'alinforma'on.
• Yourpersonale-mailaccountisoeenlesssecurethanyourworkissuedaccount,sobesuretoavoidthreatsonpersonale-mailaccounts.
• BrightHeartHealthprohibitsauto-forwardingofe-mailtoapersonalaccount.
WhenitcomestotheInternet,ifyouarenotsureitissafe,donotclickonlinksordownloadfiles.
InternetThreats!
![Page 23: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/23.jpg)
Proprietary&Confiden'al
PhishingExample
![Page 24: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/24.jpg)
Proprietary&Confiden'al
WhatisEncryp'on?• Encryp'onmakeselectronicdata(oncomputersandmobiledevices,suchaslaptopsandsmartphones)unreadable.Onlyauthorizedusersofthedatawillhaveakeyto“unlock”theencryp'on.
Encryp'onRequirements• Anyconfiden'alinforma'onthatissentelectronicallymustbeencrypted.
• Thisincludese-mailandinforma'onsentoverpublicwirelessnetworks.
Encryp'on
![Page 25: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/25.jpg)
Proprietary&Confiden'al
Confiden'aldatashouldnotbeemailedoutsideyourhealthcarenetwork.Ifyouhaveaneedtouseemailfortransmihngconfiden'alinforma'on,besureto:1)obtainapprovalfromyourmanagerorsupervisorand2)protectthecontentswithencryp'on.
Ifyoudonotknowhowtoprotectthecontentswithencryp'on,youshouldrefrainfromsendingconfiden'alinforma'onviaemail.ContactyouremailadministratororITstaffforassistance.Youareresponsibleforensuringthatyouareusingencryp'onwhennecessary.
EmailEncryp'on
![Page 26: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/26.jpg)
Proprietary&Confiden'al
Socialmediasites(Facebook,TwiIer,LinkedIn,Google+,etc.)andblogsites(WordPress,Blogger,LiveJournal,etc.)allowyoutoeasilyshareinforma'onwithyourfriendsandthepublic.• Neverpostprotectedhealthinforma'onorconfiden'alinforma'onofanykindonsocialmediaorblogsites.
SocialMediaandBlogging
![Page 27: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/27.jpg)
Proprietary&Confiden'al
A“strong”passwordisanimportantwaytoprotectconfiden'alinforma'onstoredaselectronicdata.Aweakpassword:ladybug1• Actualwords,dates,nicknamesandnamesoffamily,• friendsorpetsareeasilyguessed.Aweakpassword:abcde• Donotusesequences(12345,qwerty)orrepeated
characters(22222).• Makesurepasswordsareatleast8characterslong.Astrongpassword:1@dybu9!• Mixingnumbers,leIersandspecialcharacterscreatesa
strongerpassword.
Passwords
![Page 28: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/28.jpg)
Proprietary&Confiden'al
Turnyourscreenawayfrompublicareas.• Logoutorlockyourcomputerwhenyouleave.• Becarefulwhenscreensharingnottoshowemail,orotherapplica'onsthatcontainPHI
SecurityforComputers
![Page 29: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/29.jpg)
Proprietary&Confiden'al
Anymobiledevicewithconfiden'alinforma'ononitshouldbeencrypted.• Ifnotabletobeencrypted(e.g.,acamera)itshouldbephysicallysecuredwhennotinuseinalockeddrawerorsafe.
• Makesureyouknowwherethesedevicesareatall'mes.
• Reportanylossortheeofamobiledevicecontainingconfiden'alinforma'ontoyouraffiliate’scomputersupportcenterimmediately.
SecurityforMobileDevices
![Page 30: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/30.jpg)
Proprietary&Confiden'al
• PowerPointpresenta'oncontainingpa'entPHIforwhichauthoriza'onhadnotbeenobtained.Thepresenta'onwasmadetoabout80people.
• Unauthorizedaccessofapa'ent’saccountbyaphysicianwhoassumeditwasokaybecausetheywerea“friendofthefamily.”
• Unauthorizedpa'entPHIusedinapublica'onthatwasmailedtoapproximately16,000recipients.
• Anexternalharddrivecontainingpa'entnames,medicalrecordnumbers,datesofadmission,medica'ons,diagnosisandtreatmentinforma'onwaslostorstolen.
ActualPrivacyandSecurityViola'ons
![Page 31: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/31.jpg)
Proprietary&Confiden'al
• Accessofahighprofilepa'ent’saccountbyover60employeesofalllevels.
• AprintoutcontainingPHIleeonatableinacafé.• Thirty-onemedicalrecordslostbyaphysicianandfoundbyaDepartmentofCorrec'onsinmate.
• Disclosureofaverysensi'vediagnosistoindividualsnotauthorized.
• Lostand/orstolensmartphones,thumbdrivesandlaptopswhichwerenotpasswordprotectedorencrypted.
ActualPrivacyandSecurityViola'ons
![Page 32: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/32.jpg)
Proprietary&Confiden'al
Remember,ifyouareawareoforsuspectaviola'on,youarerequiredtoreportittoanyofthepeoplebelow:• Yoursupervisor• ClinicalDirectororMedicalDirector• CEO
Supervisorsarerequiredtoreportanysuspectedviola;onreportedbyanemployeetotheCEO.
Repor'ngPrivacyandSecurityViola'ons
![Page 33: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/33.jpg)
Proprietary&Confiden'al
Lossofconfiden'alinforma'onorequipmentcontainingconfiden'alinforma'on• Stolenlaptop• Lostsmartphone• Misplacedpa'entrecords• LosthospitalcontractMisuseofinforma'on,systemaccess,orsharingofpasswords• Co-workerssharingpasswordsAccidentalorunauthorizeddisclosuresofprotectedinforma'on• Misdirectedfaxesandmail• Humanerror• Overheardconversa'ons• Inappropriatesocialmediaposts
IssuesthatShouldBeReported
![Page 34: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/34.jpg)
Proprietary&Confiden'al
Theconfiden'alityofSocialSecuritynumbershasspeciallegalprotec'on.• IfSocialSecuritynumbersarereleasedordisclosedtoanyonewhodoesnothaveaneedtoknowthemtoperformtheirjob,thismustbereportedimmediatelytoyoursupervisor,thePrivacyOfficeortheInforma'onSecurityOffice.
• BrightHeartHealthisrequiredtotakeaddi'onalstepsina'melymannerwhenSocialSecuritynumbersareinappropriatelyreleased.
SpecialRepor'ngRequirementsforSocialSecurityNumbers
![Page 35: HIPAA TRAINING - Bright Heart Health · appropriate training may also release to the paent a Treatment Summary. Releasing Personal Health Informaon (PHI) Proprietary & Confiden’al](https://reader033.vdocument.in/reader033/viewer/2022050514/5f9e74165deaa357e77ad3cd/html5/thumbnails/35.jpg)
Proprietary&Confiden'al
BrightHeartHealthdisciplinaryac'onuptoandincludingtermina'on.• Finesrange:$100-$50,000perviola'on.Oneincidentcouldresultinnumerousviola'onsandthereforemul'-milliondollarfines.
• Jail'me:1-10years
Failuretoreportaviola;onisaviola;on!
ConsequencesforViola'ons