Presented by,Katherine Smith, BAManager – Health Information Systems
Understanding HIPAA
&How it Applies to You
• HIPPA Rules • PHI• Breach• Work Station Security• Unauthorized Access
Agenda/Topics To Be Covered
Requires BSW to notify individuals when their
PHI is breached.
Provides protections for electronic Protected Health Information
(ePHI).
Applies to all forms PHI, whether electronic, written
or verbal.
Know the Rules
PHI comes in many forms
PHI is not limited to a patient’s clinical information. It includes any information that can identify the patient.
Unauthorized Access
• BSW will only give you access to the minimum amount of patient information necessary to perform your job duties.
• ONLY access, use or disclose PHI that is required to do your job.
• NEVER access a patient’s PHI for personal reasons. This includes all forms of PHI available to you at BSW(e.g., paper records and all information systems).
Breach Notification BSW must notify the patient of the breach that
includes who, what, when and how.
BSW must provide breach notification to the Office for Civil Rights (OCR).
If 500 or more patients are affected by a breach, BSW must notify the media and post a notice on the website within 60 days from the breach discovery date.
A breach or potential breach of PHI must be reported immediately to the Corporate Compliance Privacy Department.
What can happen if you fail to comply with HIPPA
Severe civil & criminal penalties
Fines can range from $100 to $50,000 per violation Maximum yearly fine of $1.5million per violation Up to 10 years in prison You are personally held liable
Internal sanctions
Disciplinary action, up-to and including termination No opportunity for rehire at BSW