Transcription
HIPAA – Annual Training 2017-2018
Test Out Option for HIPAA Annual TrainingCorizon Health is offering a test out option on Annual HIPAATraining. Here is how it works:1. You may take a 10 question pre-test regarding HIPAA. If you pass with ascore of 100%, you may skip the full training course and receive a“Completed” status for this annual requirement.2. You MUST attain a 100% score.3. If you miss no more than two questions, you may qualify to re-take the pre-test. If you miss 3 or more questions on the pre-test, you will be redirectedto the course.4. If you attain a 100% the second time around, you will receive a“Completed” status for this training. However, if you do not achieve a 100%score on your re-test, you will be required to complete the entire trainingmodule.
Test Out Option for HIPAA Annual TrainingNOTE: If you are a new hire and have never taken the HIPAATraining module before, you are NOT eligible for the pre-testoption. Please You MUST take the ENTIRE New Employee HIPAAtraining module.1. If you would like to take the pre-test option, please let your site Super Userknow so that you can take the test now.2. If you would prefer to take the entire training module and then take thetest, then please proceed with the training module at this time and yourSuper User will provide you the test.
Topic 1Time to complete Topic 1OverviewApproximately 15 minutes
Introduction/ObjectivesAt the conclusion of this training module, you should havean understanding of the following:5 Corizon Health’s Privacy and Security Policies and Procedures; What constitutes Protected Health Information (PHI); The General Rules for the use and/or disclosure of PHI; The HIPAA Privacy and Security Rules and how each affectsEmployees in the workplace; The appropriate method for identifying and reporting Privacyand/or Security Violations and/or Incidents;2012 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
Introduction/Objectives (continued)At the conclusion of this training module, you should havean understanding of the following:6 A patient’s rights surrounding his or her PHI and the roleEmployees have in exercising and/or preserving these rights; The HITECH Act and the Final Omnibus Rule (2013); Business Associates and the role and requirements surroundingeach; Enforcement measures that are available in the absence ofcompliance; and Each Employee’s responsibility in terms of Privacy and Securitysurrounding PHI in the workplace. Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms7 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Breach The acquisition, access, use, or disclosure of protectedhealth information in a manner not permitted undersubpart E of this part which compromises the securityor privacy of the protected health information.
HIPAA Term: Business AssociateA person or entity, other than an Employee or othermember of the workforce of the Company, whichperforms, or assists in the performance of, a function oractivity on behalf of Corizon Health or a Corizon HealthBusiness Associate involving the use and/or disclosure ofindividually identifiable health information.Such functions or activities include claims processing oradministration, data analysis, processing or administration,utilization review, quality assurance, billing, benefitmanagement, and repricing. Business associates alsoinclude any providers of legal, actuarial, accounting,consulting, data aggregation, management, administrative,accreditation, or financial services to Corizon Health or aBusiness Associate thereof, where the provision of suchservices involves the disclosure or use of individuallyidentifiable health information.9 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Business Associate Agreement Agreement between the Company and a BusinessAssociate, pursuant to which the Business Associate agreesto provide certain protections of PHI received by or createdon behalf of the Company. Corizon Health Corizon Health, Inc., Corizon, LLC, and their affiliatedentities. Designated Record Set Please refer to your Corizon Health Privacy Policies forspecific information on the Designated Record Set.10 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Disclosure Log Record maintained by Corizon Health of all disclosures ofPHI as required to be maintained pursuant to Privacy andSecurity Policies and Procedures. Employee Any person whose conduct, in the performance of workfor Corizon Health, is under the direct control of CorizonHealth, whether or not such person is paid by CorizonHealth and whose duties bring such person in contactwith PHI. For the purpose of these Privacy and SecurityPolicies and Procedures, the term “Employee” includes,but is not limited to, customer service representatives,any administrative personnel, and any personnel underCorizon Health‘s control who deliver health care servicesor items to inmates in correctional institutions.11 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Final Omnibus Rule The final rule announced by U.S. Dept. of Health andHuman Services which implements a number ofprovisions of the HITECH ACT, effective March 26, 2013with a compliance date of September 26, 2013.12 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Health Care Operations Administrative and managerial activities of CorizonHealth including quality assessment and improvementactivities, legal compliance activities, business planningand development activities, and other businessmanagement and general administrative activities. Health Oversight Activity Activities by a Health Oversight Agency for the purposeof oversight of the healthcare system (whether public orprivate, or government programs) in which healthinformation is necessary to determine eligibility orcompliance, or to enforce civil rights for which healthinformation is relevant.13 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Health Oversight Agency An agency or authority of the United States, a state, aterritory, a political subdivision of a state or territory, oran Indian tribe, or a person or entity acting under agrant of authority or contract with such public agency,that is authorized by law to conduct Health OversightActivities. HIPAA The Health Insurance Portability and Accountability Actof 1996, commonly referred to as “HIPAA”, is a federallaw which created a national standard for the privacyand security of protected health information (“PHI”).14 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms HITECH Act Health Information Technology for Economic and ClinicalHealth Act Individually Identified Health Information Health information which relates to: (i) the past,present, or future physical or mental health or conditionof an individual; (ii) the provision of healthcare to anindividual; or (iii) the past, present, or future paymentfor the provision of healthcare to an individual, wheresuch information either identifies the individual, or withrespect to which there is a reasonable basis to believethe information can be used to identify the individual.15 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Patients and Personal Reps The term “patient” may also include the patient'slegally designated "personal representative". Apersonal representative is any of the following [see45 C.F.R. § 164.502(g)]: A conservator of the personof an incompetent patient; an agent appointedunder a power of attorney for health care, if thepatient is incompetent; any other person who canmake health care decisions on behalf of anincompetent patient; A personal representative(i.e., the executor or administrator) of the estate ofa deceased patient or any heir or beneficiary of adeceased patient; parents of minor children; oremancipated minors.16 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Professional Corporation (PC) A corporate entity established and solely owned byphysician shareholders.17 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Protected Health Information (PHI) Health information which relates to: (i) the past,present, or future physical or mental health orcondition of an individual; (ii) the provision ofhealthcare to an individual; or (iii) the past, present,or future payment for the provision of healthcare toan individual, where such information eitheridentifies the individual, or with respect to whichthere is a reasonable basis to believe theinformation can be used to identify the individual. PHI includes not only medical records, but all otherforms or documents that contain individuallyidentifiable information, including but not limitedhealth service request forms, medicationadministration records, sick call requests, daily cliniclogs, etc.
HIPAA Terms Privacy Officer The person who is responsible for the development andimplementation of these Privacy and Security Policiesand Procedures, and overseeing the Company’scompliance with the requirements of the Privacy Rules. Privacy Rules Regulations promulgated pursuant to the HealthInsurance Portability and Accountability Act of 1996(“HIPAA”) at Title 45, parts 160, 162 and 164 of the Codeof Federal Regulations, pertaining to the privacy ofhealth information.19 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Privacy and Security Policies and Procedures The policies and procedures contained herein, whichhave been adopted by the Company as part of its effortsto comply with the Privacy and Security Rules. Public Health Activity The activities of a public health authority for thepurpose of preventing or controlling disease, injury ordisability, including but not limited to, the reporting ofdisease, injury, vital events such as birth or death, andthe conduct of public health surveillance, public healthinvestigations, and public health interventions.20 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Security Officer The person who is responsible for the development andimplementation of Security Policies and Procedures, andoverseeing the Company’s compliance with therequirements of the Security Rule.21 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
HIPAA Terms Unsecured PHI Protected health information that is not renderedunusable, unreadable, or indecipherable tounauthorized persons through the use of atechnology or methodology specified by theSecretary
Who are the Corizon Health Super Users?Who are the Super Users for our companies? All HSAs/DONsAll Field and Regional Office AAsRegional Office DesigneesProfessional Corporation (PC) ShareholdersWho will the Super Users be training? All Site Level Employees PC Employees23 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
Who are the Corizon Health Super Users? What is the Super User role? HIPAA Training Facilitator Initial contact person at the site level for HIPAA related issues24 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
Why is training important?There are many reasons why training is important. Training Training enables Employees to develop the knowledge and skills set necessaryto perform the essential functions of their job in compliance with the law. Advantage Effective training affords Corizon Health a competitive advantage in thecorrectional healthcare market.25 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
Why is training important? Career Training advances an Employee’s career and sense of feeling valued by CorizonHealth. OJT “On the job training” is an investment in Corizon Health’s future as Employeeswill share this knowledge with other Employees (current and new hires) inperforming the essential functions of their job.26 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
Training ComplianceTo begin, you will need to complete this course by completing all of theTopics. After you review the 5 topics, you may take the quiz. We’veestimated your total time to complete this course, including the Quiz, isabout 70 minutes.Topic TitleTopic #Time to CompleteOverview115 MinutesPrivacy Rule215 MinutesSecurity Rule310 MinutesReporting and Enforcement410 MinutesScenarios510 MinutesReview QuizQuiz10 MinutesTotal Time to Complete: 70 Minutes27 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
Training ComplianceAt the end of this training, you will need to take a shortquiz and answer all ten (10) questions correctly. In theevent you do not answer all ten (10) questions correctly,you are required to retake the quiz. The Super User ateach site shall ensure that each Employee takes theQuiz until he/she attains a score of 100%.28 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
Hot Buttons for Corizon Health Disposal of PHI Sensitive information and PHI should NEVER be placed in the regular trash! Hard copy materials that contain PHI, like sick call request forms, must be properlyshredded at your site or placed in a locked shred container for shredding later. DO NOT use an open box under your desk as your shred storage for PHI If you are using an unsecured container to hold PHI for destruction, there is a greaterlikelihood in inappropriate access or that it will accidentally be comingled with regulartrash. Keep in mind that the destruction of actual medical records is client dependent, soplease work with your site management before destroying any medical records.
Hot Buttons for Corizon Verification of Identity Before you provide records to an inmate or any other third party, you MUST verifythat the name of the person in the medical record matches the name beingrequested. Does the information within the medical record all belong to that inmate?If two different inmates with the same last name of Smith request their records, check,check again and check a third time to ensure that you are providing the correct recordto the correct inmate "Smith".
Hot Buttons for Corizon Health Unsecured PHIEVERY SINGLE TIME you send an email outside the Corizonhealthdomain that contains any PHI the email MUST BE ENCRYPTED, e.g., yousend medical record to attorney who does not have acorizonhealth.com email address.As a Corizon employee, you must use your Corizonhealth email.DO NOT send emails from your personal email accounts like Gmail orHotmail or your County or state email address that contain any PHI.Corizon, as the covered entity, is responsible for the security of the PHIand we cannot control the security of a third party email system.
What is HIPAA? The Health Insurance Portability and Accountability Act of1996, commonly referred to as “HIPAA”, is a federal lawwhich created a national standard for the privacy andsecurity of Protected Health Information (“PHI”).In learning about HIPAA, it is important to recognize thatthis legislation was enacted with two broad interests inmind: 32PrivacySecurity Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.Congress became concerned abouthow to protect the confidentiality ofhealth care data that was beingelectronically transmitted. Therefore,the purpose of HIPAA was to protectthe privacy and security of PHI.HIPAA legislation was passed in1996. However, it was not until 2003that the Privacy Rule was finallyenacted and later in 2005, the SecurityRule was enacted.
What is HIPAA?In this course, we will first learn about the privacycomponent of HIPAA more precisely referred to as the HIPAAPrivacy Rule.Generally speaking, the HIPAA Privacy Rule was enacted toencompass the following items: Individual rights; Instructions on how to exercise those individual rights;and Uses and/or disclosures of PHI which must beauthorized by the individual (patient) or are requiredby law.33 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
What is HIPAA?After we conclude our discussion of the Privacy Rule, we willredirect our attention to the Security Rule which mandatesthe administrative, physical, and technical safeguardsnecessary to protect the confidentiality, integrity, andavailability of electronic PHI (“ePHI”).The belief was that privacy is a "fundamental right" and that patients should have the abilityto control information pertaining to their care.Therefore, HIPAA gave patients a number of rights, including but not limited to access tomedical records, the right to amend records and the right to restrict certain uses anddisclosures of their PHI.34 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
What is Protected Health Information?HIPAA’s Privacy and Security Rules only apply to PHI, which iscommonly referred to as “PHI”. Therefore, in order forEmployees to understand the important aspects of HIPAA, itis critical to know what PHI is.PHI is defined as individually identified health informationthat is transmitted or maintained in electronic, written, oral,and/or any other recorded form or medium.The Department of Health and HumanServices generally considers any healthrelated information that identifies anindividual, or reasonably could be used toidentify an individual, which is created orreceived by a covered entity to be PHI.35 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
What is Protected Health Information? Individually identifiable health information is: Information that identifies an individual; Information created or received by Corizon Health; and Information that relates to the past, present or future physical or mental healthcondition of the individual. 36Remember: PHI does not just refer to medicalrecords, but any document or form thatcontains individually identifying informationabout the patient. Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
What is PHI?Some common examples of PHI include: Patient medical recordsPrescriptionsBilling informationPatient insurance formsPatient chartsPHI does NOT include: Employment records held by a Covered Entity in its role as an employer Educational recordsIt is important to remember that PHI includes less obvious items in comparison tothose common examples provided. If you are unsure as to whether or not aparticular item constitutes PHI, please consult the Privacy Officer for furtherclarification.37 Corizon Health, Inc. All information and photos are confidential and proprietary. All rights reserved.
How does HIPAA apply to Corizon?HIPAA only applies to “Covered Entities”, which include healthplans, health care clearinghouses and health care providers whouse PHI in connection with certain electronic transactions (such aspayments or claims attachments).38 Corizon Health
Corizon Health is offering a test out option on Annual HIPAA Training. Here is how it works: 1. You may take a 10 question pre-test regarding HIPAA. If you pass with a score of 100%, you may skip the full training course and receive a “ompleted” status for this annual requirement. 2. You MUST attain a File Size: 2MB
