Welcome to UF

We’re from the Privacy Office and we’re here to help you…

HIPAA Orientation College of Nursing– Fall 2014

Cheryl Webber, MS, RHIAUniversity of Florida Privacy Manager

Jacksonville Campus

Learning Objectives

HIPAA Training Requirements

Practical Tips for Compliance

Breach Notification

What do Patients Value?

Trust

• Patients must trust their care givers enough to share personal and often sensitive information needed for care.

If trust is broken, the health of the patient suffers first, and the reputation of the institution may follow.

HIPAA Training

Orientation and Annual Training are different!

You must complete the appropriate online module

Electronically sign the Confidentiality Agreement

Additional training modules for Shands and VA may be required!

HIPAA TrainingComplete:• General Awareness Training – if you will not be involved in any research

OR

• HIPAA for Researchers – if you will be involved in human subject research.

• NOTE: If you completed the official training between December 1 and today, you’re good to go – until next January.

Training and Re-training….

Failure to complete the training on time is a Level II HIPAA violation and will result in disciplinary action.

Be sure you are included in your college or department’s email list – ◦If so, you will also be on the All-HSC email list.

Privacy SanctionsSanctions for HIPAA violations are serious:• Fines• Jail-time

UF Sanctions• Loss of student privileges, computer access• Verbal counseling up to termination• Suspension or expulsion• Reporting to professional licensing or

credentialing boards

New Penalties

So, a breach involving PHI for 10 individuals could cost anywhere from $100 to $50,000 per disclosure

Tiers DescriptionMinimum

per Violation

Max per Year (for identical violations)

Tier A Did not know $100 - $50,000 $1,500,000

Tier B Reasonable cause – not willful neglect

$1,000 - $50,000 $1,500,000

Tier CWillful neglect –

corrected w/in 30 days

$10,000 - 50,000 $1,500,000

Tier D Willful neglect – uncorrected $50,000 $1,500,000

Common HIPAA Violations Unauthorized disclosures:• Be aware of your surroundings when discussing patients• Use extra caution with privileged information

Improper use of portable devices: laptops, PDAs, camera phones, etc. • Recording (and sharing) unauthorized pix and videos• Failure to use encryption• Losing or misplacing equipment

Removal of PHI or health records from UF premises.

Practical Tips for ComplianceShare PHI only with those who have a

professional need to know.Use strong passwords consistent with UF

policies.Properly destroy PHI.Do not disable virus protection

applications.

Practical Tips for ComplianceYou are responsible for activity originating from

your account.

Do not access your own record or that of a family member’s

Email PHI when necessary-within the UF domain

Encrypt external emails containing PHI-avoid AOL, Yahoo, Gmail.

Breach Notification

HITECH Act and Florida law requires covered entities to report breaches to the patient when:

– Unencrypted PHI is disclosed

– An individual’s SSN is inappropriately disclosed

Examples of a BreachA breach is any unauthorized disclosure:

• Stolen laptop/tablet

• Accidental disclosure- sharing PHI with someone over the phone or in person you thought was the patient

• Emailing/faxing patient information to an unauthorized third party

Reporting a BreachTo your supervisorUF Privacy Hotline: (866) 876-4472Online at privacy@ufl.edu

If you know about a Privacy or Security incident, it is your responsibility to report it!

Primary Take-Aways

Only access the PHI you need.

Complete HIPAA training

Report a breach

Questions?UF Privacy Office

◦(352) 273-1212

◦Privacy@ufl.edu

• Cheryl Webber, MS, RHIA

◦(904) 244-6229

◦Cheryl.Webber@jax.ufl.edu