Transcription
OMH HIPAA Training Programvideo script with graphics - FinalOffice of Mental HealthHIPAA Training ProgramVIDEO SCRIPT with Graphics Included – FinalDeveloped byNew York Wired for Education, Inc.in conjunction with theNYS Office of Mental HealthBureau of Education and Workforce DevelopmentJanuary 2003 New York State Office of Mental Health 2003.All rights reserved.This training material was prepared for internal use by the New York State Office of MentalOMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 1 of 59
OMH HIPAA Training Programvideo script with graphics - FinalHealth (the “State”) and its employees and was not intended to serve as legal advice to anyother individuals or entities. The State expressly disclaims: (a) any warranties orrepresentations as to the accuracy or completeness of the information contained herein; and, (b)any responsibility of liability to third parties who may rely upon it. Individuals and entities whowish legal advice are advised to consult their own attorneys.Please contact: Counsel, NYS Office of Mental Health, 44 Holland Avenue, Albany, NY 12229,if you wish to obtain information about, or permission for, the reproduction, distribution or use ofthis material.The NYS Office of Mental Health does not discriminate on the basis of race, color, nationalorigin, gender, religion, age, disability or sexual orientation in the admission to, access to, oremployment in its programs or activities. Reasonable accommodation will be provided uponrequest.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 2 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOOMH HIPAA Training ProgramIntroduction (Jane)This is an important time in healthcare. The HealthInsurance Portability and Accountability Act, orHIPAA as it is commonly known, providesunprecedented patient rights and assurances for theprotection of a patient’s health information. For thestaff of the New York State Office of Mental Healthand our partners, HIPAA reminds us of ourcommitment to provide the best in care and servicesfor New York State’s mental health patients andservice recipients. Physicians, therapists, and allOMH staff share in the administration and practiceof HIPAA policy.New York State is – and always has been - a leaderin ensuring and safeguarding patient information.The trust placed in us by the residents of New YorkState is a responsibility we hold close, and thistraining program is an important step in putting thatresponsibility into action. I encourage all of you toengage your co-workers in dialogue regardingHIPAA. Working together, OMH staff can continue tobe leaders in healthcare and among the nation’smost-trusted, most-respected professionals inmental health.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 3 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOJane –Throughout this program you will be presented withvarious facts behind HIPAA, the reasons HIPAA is inplace, and OMH’s policies concerning HIPAA.Accompanying this program is a learning guide. Atvarious points, you will be directed to stop the programand complete a series of learning activities. Once you’vecompleted the learning activities, restart the programand continue.LEARNING OBJECTIVES Recognize OMH policies regarding HIPAA. Identify the main policy reasons behind HIPAA. Recognize the three main areas of HIPAA: Privacy,Security, and Electronic Data Interchangetransactions. Understand new terms and language: e.g., CoveredEntities, Business Associates, and Trading Partners. Identify what is expected of you as a member of theOMH Workforce. Recognize issues in the workplace related to HIPAA. Understand whom to approach for more informationand assistance.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.So, what exactly will you learn in this program? Afteryou’ve completed this training you’ll be able to: Recognize OMH policies regarding HIPAA.Identify the main policy reasons behind HIPAA.Recognize the three main areas of HIPAA as privacy,security and Electronic Data Interchange transactions.Use new terms like Covered Entities, BusinessAssociates, and Trading Partners.Identify what is expected of you as a member of the OMHworkforce.Recognize issues in the workplace related to HIPAA.Understand whom to approach for more informationregarding HIPAA.Page 4 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOJane – continuedThe training program is in three parts: This first part isan overview. When we’ve completed this section, you’llbe presented with the details behind OMHimplementation of HIPAA’s privacy regulations and thefinal section covers OMH’s approach towards HIPAA’ssecurity provisions.Whether you’re a physician, clinical specialist, mentalhealth direct care worker, medical records staff person,administrative or support staff member, HIPAA affectsyou and how you do your job. We’ll be covering a numberof terms, definitions and other issues. These will becovered in more detail further in the program.PLEASE STOP THE PROGRAM AND BEGINLEARNING ACTIVITY TWOOMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.My name is Jane and I’ll be leading you through thisTraining Program.Page 5 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOJane –Let’s begin with a typical conversation that you could bea part of in the very near future.Hi Kevin, so what can I help you with?Kevin –I’ve heard some things about HIPAA, and it sounds veryconfusing.Jane –Well first, let me ask you what you’ve heard aboutHIPAA?Kevin –I’ve heard that HIPAA is an incredibly complex law,thousands of pages in length and will drasticallychange healthcare delivery.Jane –Okay, what else?OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 6 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOKevin –Well, staff will have to do just about everything differently.Agencies will have to establish entirely new contracts andpaper work in order to comply with HIPAA. And I heard thatnurses and others won’t be able to discuss patient issuesat nurse’s stations or in private areas because of HIPAA orshare information the way they need to.Jane – (smiling and/or laughing) Okay anything else?Kevin –I read that patients will no longer be able to have a friendor family member pick up a prescription for them.Jane –Thanks for that overview Kevin. What you have just sharedare a number of the popular misconceptions about HIPAA.In reality, none of those statements are true! HIPAA is anew federal law dealing with the privacy and securityafforded to a patient’s health information, among otherthings. Because of the health care profession’s – andparticularly New York State’s – long-standing commitmentto patient confidentiality, many healthcare workers andnon-direct healthcare workers may not see a major impacton their work practices as a result of HIPAA. HIPAA isreally an affirmation of the importance of patient privacyand confidentiality and as such, HIPAA details specificrequirements to safeguard patient information. Let’s take aquick look at some of HIPAA’s basic facts.HIPAA OVERVIEWThe purposes of HIPAA are to: Provide continuity and portability of health benefitsto individuals in between jobs. Provide measures to combat fraud and abuse inhealth insurance and health care delivery. Reduce administrative expenses in the healthcaresystem; administrative costs have been estimated toaccount for nearly 20% of healthcare costs. Provide uniform standards for electronic healthinformation transactions. Ensure security and privacy of individual healthinformation.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Jane –The Health Insurance Portability and Accountability Act isa federal law passed in 1996. It has several purposes,among them to provide protection to people between jobsin the form of health insurance portability, and to combatfraud and abuse in health insurance and healthcaredelivery. Additionally, the law seeks to reduce paperworkassociated with health care, which has been estimated tobe nearly 20% of all healthcare costs. To make theelectronic transfer of health information more efficient,HIPAA establishes new uniform standards for sharing thatinformation via computer. Most importantly, HIPAAprovides new federal requirements to ensure theconfidentiality and privacy of health information.Page 7 of 59
OMH HIPAA Training ProgramVIDEOvideo script with graphics - FinalAUDIOKevin –Well, that clears it up. I understand everything now.Jane –It’s only an overview Kevin. HIPAA is a federal law thatallows people to maintain their medical insurance coveragewhile switching jobs, but more importantly to us, it alsosimplifies health care administration and providesprotection to health information.Kevin –Does HIPAA provide more protection than current NewYork State laws?Jane –Sometimes yes. Sometimes no. In some cases, New YorkState law and HIPAA address the same issue and theymay provide different guidance. When this occurs, it isnecessary to compare the laws to figure out whetherHIPAA or State law is “more stringent,” that is, to determinewhich law provides greater protection to health information.Kevin –So how do you know which law must be followed?HIPAA Administrative Simplification Categories Privacy Security Electronic Data InterchangeJane –Well, here, it is important to remember that one of HIPAA’smain purposes was to provide greater rights andprotections to health care patients. So, whichever law doesthat - HIPAA or New York State law - is the one thatapplies. OMH’s Counsel’s office has compared HIPAA withexisting New York State laws regarding the protection ofpatient information and has detailed that comparison in adocument referred to as a “Preemption Analysis.” Anyonewith questions regarding how HIPAA compares specificallywith New York State laws, may want to review thatdocument which is available on OMH’s Internet site orthrough OMH Counsel’s Office.Kevin –Okay, so getting back to HIPAA -- how is it organized?Jane –The area of HIPAA affecting us the most concerns theprivacy and protection afforded to patient healthinformation. This area – called Administrative Simplification– contains three standards identified as Privacy, Securityand Electronic Data Interchange, or EDI for short.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 8 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOKevin –Privacy, Security and .Jane –EDI, electronic data interchange. EDI is that part ofHIPAA that establishes standards for transferringhealth information via computer. EDI is highlyspecialized and concerns primarily informationsystems professionals and those directly involvedwith electronic billing. This training programfocuses on what every member of the workforceneeds to be aware of to safeguard the privacy andensure the security of patient health information.Kevin –So HIPAA has three areas: Privacy, Security andEDI.Jane –Right.Kevin –You mentioned privacy. Aren’t health recordsalready private and confidential?Jane –Yes, health information is confidential under NewYork State law, but HIPAA tells us how patient’shealth information can be used or shared withothers, and it provides patients with certain rightsconcerning their health information. For example,under HIPAA, people have the right to receivewritten notice of how their healthcare provider canuse their healthcare information.Kevin –And security what’s new about security andHIPAA?OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 9 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOJane –HIPAA’s security standard mandates how healthinformation is protected. One way to think about thedifference between privacy and security is this – theprivacy standard allows a patient to control who hasaccess to his or her health information. The securitystandard makes sure that the information is keptsafe from unauthorized access, whether thatinformation is in paper or electronic form. Eachorganization or entity subject to HIPAA, like OMH, isrequired to translate HIPAA’s security standard intosecurity practices that their own organization andtheir own workforce will use to keep a patient’shealth information safe.Kevin –Like using locked cabinets, or offices.Jane –Right. HIPAA’s security standard establishesadministrative, physical and technical safeguards forpatient data and information.Kevin –I think I understand. What about EDI – that soundsvery technical.Jane –EDI really should not be a concern to most OMHemployees. At the facility level, the HIPAA EDIstandard doesn’t change the way patient data isentered into the OMH system. In fact, onlyemployees within the OMH Central Office will reallynotice anything different – on a regular basis, theywill roll-up patient and related payment dataprovided by OMH facilities and convert the data intothe format required by HIPAA. While it won’t affectthe work of most OMH employees, once eachorganization subject to HIPAA, like OMH, makes theEDI systems adjustments it needs to make, thisprocess is expected to save the healthcare system agreat deal of money.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 10 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOKevin –That’s reassuring.HIPAA sets National Standards for Privacy of confidential health information, or whatkind of information is protected. Security of health information, or how thatinformation is protected via physical security,technical security and administrative securitymeasures. Electronic exchange of health information.Jane –So, thus far:HIPAA is a federal law that sets national standards for theprivacy of health information or what kind of information isprotected, the security of health information, or how thatinformation is protected, and it sets national standards forthe electronic exchange of data.Kevin –Before we get into more specifics Jane, I’ve got one morequestion.Jane –Sure.HIPAA Violations Law provides for penalties ranging from 100 to 250,000 and up to 10 years in prison. Most severe penalties are for willful disclosure ofprivate health information. OMH actions to address violations of policies andprocedures related to HIPAA will be consistent withexisting practices and disciplinary processes.Kevin –If HIPAA is a law, then . . . there must be penalties for notfollowing it. Are OMH employees at risk for not followingHIPAA?Jane –Depending on the severity of the offense, penalties for notfollowing HIPAA regulations can be as much as 250,000and 10 years in prison.Kevin –Wow! This is serious!Jane –Protecting patient healthcare information is serious. Themost severe penalties are for those incidences when anindividual willfully discloses private health information.For example, if someone disclosed private healthinformation in return for payment or for commercialadvantage, he or she could face a 250,000 fine and tenyears in prison.Kevin –What if someone simply makes, you know, an “honestmistake?”OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 11 of 59
OMH HIPAA Training ProgramVIDEOvideo script with graphics - FinalAUDIOJane –That’s one of the main reasons we are here today, Kevin.Every OMH employee has a role in protecting patientprivacy. Protecting that privacy means that all staff need tofollow OMH policies and procedures. In the event anemployee does not follow procedure or policy, theresponse will be consistent with existing practices. Forexample, the response could include verbal or writtencounseling or disciplinary action, including penalties basedon the severity of the violation. And, penalties couldrange from reprimands, through fines or suspensionswithout pay, to termination of employment. Actions takenby OMH in any such cases will be consistent with existingpractice and disciplinary processes contained in applicablecollective bargaining agreements.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 12 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOKevin –Thanks, Jane – it’s good to know that. Now let meask about who and what organizations HIPAAapplies to. Does HIPAA apply to everybody? Imean, do these new privacy and securityregulations affect everyone?Jane –HIPAA policies and procedures affect virtuallyeveryone and every organization working inhealthcare. Certainly, some individuals andbusinesses will be affected more than others.Kevin –Like who?Jane –Generally, individuals or organizations involvedwith the provision and/or administration ofhealthcare must comply with HIPAA. You mayhave heard the term “Covered Entity.” CoveredEntity is the term used by HIPAA to define whomust comply with HIPAA requirements.Covered Entities must Comply with HIPAA andfall into Three Groups:Health plans - Insurance companies or similar agenciesthat pay for health care.Healthcare providers - Physicians, hospitals, or anyother provider who has direct or indirect patient contact.Healthcare clearinghouses - Companies that facilitatethe processing of health information for billing purposes.Kevin –I have heard that term. What is a “Covered Entity?”Jane –Simply put, Covered Entities are thoseorganizations that must comply with HIPAA. Theyfall into three groups:Covered Entities include health plans such asinsurance companies or similar agencies that payfor health care.Covered Entities include most healthcare providerslike hospitals, physicians or outpatient healthprograms who have direct or indirect patientcontact that use electronic transactions to engagein the business of health care, such as to do theirbilling.The last group of Covered Entities is healthcareclearinghouses. These are companies thatfacilitate the processing of health information forbilling purposes.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 13 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOKevin –So the Office of Mental Health would be a CoveredEntity because OMH operates a number ofpsychiatric centers.Jane –That’s right. Throughout this training and whilediscussing HIPAA, you will hear the term “CoveredEntity” quite often.Kevin –Another term that I have heard being used is“Business Associate.” What are they?Business Associates – Contractors, agencies or otherorganizations that provide services to Covered Entities;and, in order to provide their services, need access topatient information.Jane –Business associates are contractors or organizationsthat provide services for or on behalf of a CoveredEntity like OMH and in order to provide their servicesthey need access to patient information. Forexample, some OMH contractors, depending on theirneed to access patient information, may be classifiedas Business Associates.Kevin –Like an IT consultant who needs access to OMHpatient information on our computers in order to testthe system might be a Business Associate?Jane –Right. Since they need access to patient informationto do their job, they would, under thosecircumstances, be Business Associates.Kevin –What about physicians who some of our OMHpatients are referred to for things like emergency ordental care?Jane –Generally, doctors who provide patient care areHealth Care Providers, so under thosecircumstances, the doctors would be CoveredEntities – not Business Associates – and therefore asCovered Entities, HIPAA directly applies to them.Kevin –How about the guy who fills the water coolers on apatient ward?OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 14 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOJane –Well, since that contractor does not need patientinformation to do his job, he is NOT a BusinessAssociate. Business Associates are those contractorsor organizations that must have access to patientinformation in order to do their job.Kevin –In our facility, we have many people like students,interns or volunteers that work alongside us. Are peoplelike this, you know, people who work with us, but aren’tOMH employees, are these individuals Covered Entitiesor Business Associates?Jane –For the purpose of HIPAA, students, interns or othersthat function under the direction of OMH are consideredpart of the OMH workforce. So, these individuals arepart of a covered entity and must abide by all HIPAAregulations just as if they were OMH employees.Kevin –What’s the big deal about being a “Business Associate?”Jane –A Business Associate, even though it may not be aCovered Entity, still must agree in writing to safeguardpatient information. OMH, as the Covered Entity, mustensure that written agreements are in place with itsBusiness Associates. These agreements are called“Business Associate Agreements” – we will discussthem some more later on.Kevin –OK, I guess it does make sense that OMH has to ensurethat everyone who needs patient information to do theirjob must properly safeguard it.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 15 of 59
OMH HIPAA Training ProgramVIDEOvideo script with graphics - FinalAUDIOJane –Right. Kevin, let me ask you another question. Does theterm “Trading Partner” mean anything to you?Kevin –No. What’s that?Trading Partners – Organizations that receive patientinformation via electronic transfer.Examples of OMH's Trading Partners: NYS DOH Office of Medicaid Management. Empire Medicare.Jane –A “Trading Partner” is another term that you may hearrelated to HIPAA. It is used in relation to the EDI, or theelectronic exchange of data portion of HIPAA, and“Trading Partner” simply refers to an organization thatreceives EDI transactions. OMH, and anyone OMHsends EDI transactions to, or receives EDI transactionsfrom, could be called a “Trading Partner.” Most “TradingPartners” are covered entities, under HIPAA, in theirown right. In New York State, the main TradingPartners of the public mental health care system are theDepartment of Health’s Office of Medicaid Managementfor Medicaid and Empire Medicare for Medicaretransactions. In Trading Partner agreements, theparties agree to use only the standard electronictransactions, in effect, a standard “vocabulary,” whenthey engage in electronic transactions with one another.Kevin –So there are at least three types of organizations thatare either directly or indirectly covered by HIPAA.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 16 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOHIPAA APPLIES TO:Kevin –Covered Entities: Healthcare Providers, Health Plans,and Healthcare Clearinghouses.The first group is referred to as Covered Entities. Theseare healthcare providers, like physicians, and hospitals,health plans, or healthcare clearinghouses.Business Associates: Organizations or individualsworking with a Covered Entity who must access patienthealth information in order to do their work.Trading Partners: Organizations that exchange patientinformation via electronic transfer.Jane –Right. Covered Entities are directly responsible forcomplying with all of the HIPAA requirements. TheOffice of Mental Health, including all of its inpatient andoutpatient facilities, is a Covered Entity.Kevin –Next are Business Associates. These are organizationsor individuals who work with a Covered Entity andduring the course of the contract, these BusinessAssociates come into contact with patient information inorder to do their work.Jane –Right again. They are indirectly covered by HIPAApursuant to a Business Associate Agreement with aCovered Entity.Kevin –The third group is Trading Partners. Trading Partnersare organizations that exchange patient information inorder to conduct an electronic transaction for certainbusiness purposes.Jane –And the New York State Department of Health isresponsible for managing Medicaid in New York and,therefore, is a good example of a Trading Partner.Similar to Business Associates, they are, as TradingPartners, indirectly covered by HIPAA pursuant to aTrading Partner Agreement. Although, many are in factCovered Entities in their own right, in which case HIPAAwould apply to them directly.PLEASE STOP THE PROGRAM AND BEGINLEARNING ACTIVITY THREEOMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Kevin –Thanks, Jane. It’s starting to make more sense.Page 17 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOJane –Hello again. So far, we’ve covered just the basics ofHIPAA including Privacy, Security, EDI and thosegroups or individuals covered or affected by HIPAA likeCovered Entities, Business Associates and TradingPartners.Kevin –I’m still not sure how HIPAA will change my job, or whatI’m supposed to be doing differently.Jane –That’s okay. It’s important to have a good overview ofand appreciation for HIPAA in general. Now, we’re goingto explore HIPAA’s privacy standard.Kevin –I’m ready.Jane –Let’s get started.LEARNING OBJECTIVES FOR PRIVACY Identify and understand terms associated withHIPAA Privacy Requirements: Protected Health Information (PHI) Treatment, Payment or HealthcareOperations Discuss OMH policies behind “authorization” and“Notice of Privacy Practices.” Recognize who is a Business Associate. Understand that HIPAA provides patients certainrights with respect to their PHI.When we’re finished with this section, you will be ableto: Identify and understand terms associated withHIPAA’s privacy requirements such as ProtectedHealth Information or PHI and the phrase“treatment, payment or healthcare operations”. Discuss the policy behind “authorization” and“Notice of Privacy Practices.” Recognize who is a Business Associate. Understand that HIPAA provides patients certainrights with respect to their Protected HealthInformationKevin –Before we start, I have a question.Jane –Sure.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 18 of 59
OMH HIPAA Training ProgramVIDEOvideo script with graphics - FinalAUDIOKevin –Privacy of patient information is not new. Everyoneworking in healthcare from support personnel toclinicians already protects patient information. Duringorientation, employees receive training on theimportance of privacy. How is what we’re about to coverany different?Jane –Good question. You’re right Kevin. The concept ofpatient confidentiality is nothing new under existing NewYork State law, particularly with respect to mentalhealth. Revealing that an individual is receiving mentalhealth services risks more than simply breakingconfidentiality. Effective and lasting therapy can oftenonly occur in an environment of confidentiality and trust.Kevin –Right. So how does HIPAA change this?Preemption Analysis Details the difference between New York State Lawand Federal Law. Available through OMH Counsel's Office and theOMH Internet site.Jane –It really doesn’t – the privacy and security afforded tocertain types of health information has always been atthe cornerstone of OMH’s mission – HIPAA does notchange this commitment in any way. However, for thefirst time, HIPAA establishes at the federal level a set ofrights that individuals have regarding the disposition orsharing of their health information. Some of HIPAA’srights and protections were not covered under existingNew York State Law and some are more or lessstringent than what New York State law alreadyprovided. As we discussed earlier, the differencesbetween HIPAA and New York law are spelled out in the“Preemption Analysis” which is available through OMHCounsel’s Office and on OMH’s Internet site.Kevin –So, under HIPAA, do people have the right to know whogets their patient information?.OMH HIPAA Training Program NYS Office of Mental Health 2003. All rights reserved.Page 19 of 59
OMH HIPAA Training Programvideo script with graphics - FinalVIDEOAUDIOA Covered Entity can only use or disclose ProtectedHealth Information or PHI: For treatment, payment or health care operations;OR, As specifically authorized by the patient in writing;OR, If HIPAA provides another exception.Jane –Yes. As a general rule, unless the patient gives expresspermission, a Covered Entity can only use or discloseprotected health information for treatment, payment orhealthcare operations purposes. Otherwise, with a fewspecific exceptions, any use or disclosure must bespecifically authorized by the patient in writing. In otherwords, individuals generally have the right to controltheir personal health information and covered entities Kevin –Covered entities like OMH .Jane –Right, covered entities like OMH have the duty to guardprotected health information. And HIPAA extends thatduty to each member of a Covered Entity’s workforce –that’s why it is so important that all employees know andunderstand what HIPAA is all about.Kevin –There’s that term again. What exactly is “protectedhealth information?”Protected Health Information (PHI) Health Information Individually Identifying Information.Jane –Protected health information, or its abbreviation “PHI,” isany type of health information that contains somethingthat could identify the individual.Kevin –What are some examples of PHI?Jane –Patient notes and records, pharmacy information, billinginformation, background and histories would all beexamples of PHI.Kevin –And, under HIPAA, what sorts of things should OMHemployees know about using or disclosing a patient’sPHI?Jane –“Use PHI,” you mean as in within OMH?OMH HIPAA Training Program NYS Office of Mental H
OMH HIPAA Training Program video script with graphics - Final OMH HIPAA Training Program Page 6 of 59 NYS Office of Mental Health 2003. All rights reserved. VIDEO .
