Professional Reminders and HIPPA training
1:
Check when you have to renew professional licenses and liability insurance-KEE is a marketing coop, so no need to share as you run your own business but if it helps for accountability reasons, feel free to share with us and we will place in our 2024 folder.
2:
Let us know if you would like a high school student intern to support you- knowing that these are high school students with abilities and activities that vary.
3:
Let us know if you have any web updates, certifications you would like to share or targeted marketing/offerings you are doing.
4:
Reminder on Ambassador Portal-great place to connect and see our Monthly collaborative offerings:
~Go to Web page: www.keewellness.com
~Click on Ambassador Portal in footer
~Password: WELL4@ll (second two L’s are lower case)
5: Place the 2nd Monday of every month at 1pm on your calendar! Come and connect- we will offer more evening zooms for those that request- we did this last year and had low turnout, but we are willing to try again.
6:
Passwords
Zoom:
keewellnessspecialists@gmail.com
Keewellness#2023
Vimeo:
keewellnessspecialists@gmail.com
Keewellness#2023
HIPPA 2024 Training Summaries
All of us and our patients deserve a Right to Privacy
In the United States, everyone has certain privacy rights regarding information about their health, including how this information is collected, used, stored, and disclosed.
If we work with personal health information, we have a duty to handle it responsibly. Protecting this health information is about respecting the person it pertains to. And it’s the law.
The Purpose of HIPAA
In 1996, the US Congress passed the Health Insurance Portability and Accountability Act, or HIPAA, partly to safeguard health-related personal information. HIPAA rules are updated periodically.
HIPAA creates national standards for handling healthcare data between clinicians, hospitals, insurance companies, billing services, and others. It streamlines administration, improves healthcare, and lowers costs.
Violations and Consequences
It’s important to understand and follow HIPAA to prevent fraud or misuse of health-related personal information and protect privacy. Its improper disclosure could cause embarrassment, emotional distress, or discriminatory treatment.
Federal and state regulators monitor compliance and prosecute misconduct. A violation of our HIPAA policy or other privacy-related policies may result in disciplinary action, including termination of employment.
3 Principle Rules of HIPPA:
This defines how PHI may and may not be used and disclosed by applicable organizations. The rule guarantees individuals the right to access, understand, and control the use of their health information.
The rule aims to balance the need for information shared between healthcare entities to provide effective and efficient healthcare with the need to protect individuals’ privacy.
This focuses on safeguarding ePHI. It requires applicable organizations to ensure the confidentiality, integrity, and security of ePHI by implementing administrative, physical, and technical safeguards.
The safeguards, tailored for each organization, should prevent ePHI from being inappropriately disclosed, modified, or deleted. The rule also ensures that ePHI is accessible for use when authorized.
A breach involves improper access or disclosure of PHI. The Breach Notification Rule establishes the duty for a covered entity to address the breach and notify the affected people and others, as required, within a certain time frame.
The disclosure of PHI may be allowed for three reasons:
- Authorized – When the person the PHI relates to approves its use or disclosure orally or in writing. This person also can opt out of certain disclosures of PHI.
- Permitted – When the Privacy Rule allows its disclosure.
- Required – When a court, law enforcement, or government entity seeks the data for legal or other legitimate purposes.
Minimum Necessary Standard
This standard requires that when PHI disclosure is permitted, only the minimum information necessary should be provided to accomplish the intended healthcare function. There are a few exceptions.
The reasonable reliance standard assumes that those who request PHI for a legitimate purpose seek only the right amount of PHI for their need.
Glossary:
What is PHI?
Health-related information that can link to a specific person becomes protected health information, or PHI. This includes information in written, verbal, or electronic form.
The use and disclosure of this information are protected. PHI can relate to:
- The person’s past, present, or future physical or mental health.
- The provision of healthcare services to the individual.
- A record of past, present, or future payment for healthcare services for the individual.
HIPAA controls and safeguards PHI to:
- Effectively serve the individual’s healthcare needs and the larger healthcare community.
- Preserve the confidentiality and privacy of PHI.
- Protect the individual from PHI’s misuse, loss, or theft, which can put the person at risk of embarrassment, identity theft, or other unscrupulous action.
What is ePHI?:
The abbreviation for PHI transmitted electronically is ePHI (or EPHI). Because ePHI is more easily at risk of being lost, stolen, or otherwise compromised, HIPAA specifically protects the privacy and security of ePHI.
What is an identifier?:
An identifier involves certain personal information that comprises PHI when combined with information about an individual’s health or healthcare. This information set can identify a specific person and their health or healthcare.
The 18 common identifiers used to determine PHI include name, email, address, and social security number.
The 18 identifiers:
- Names
- Dates, except the year alone
- Telephone numbers
- Geographic data, such as address
- Fax numbers
- Social Security numbers
- Email addresses
- Medical record numbers
- Account numbers
- Health plan beneficiary numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plates
- Web URLs
- Device identifiers and serial numbers
- Internet protocol addresses
- Full-face photos and comparable images
- Biometric features (such as retinal scans and fingerprints)
- Any unique identifying number or code
What is De-Identification?
PHI can become “de-identified” by removing all ways to identify the applicable individual. After PHI is de-identified, no restrictions under HIPAA remain for using or disclosing it since it cannot link to a specific individual. In de-identification, a good practice is to obtain a determination from a qualified statistician that the PHI has been de-identified.
Any health information that reasonably can be related to an individual has not been fully de-identified. You must treat it as PHI.
Info on Social Media and protecting PHI and ePHI:
Social Media and PHI and ePHI Thoughts
Risks related to social media can include posting texts, photos, videos, or anything related to work that could reveal the identity of an individual it relates to. Also, it’s a concern to create a post that includes their family members or friends without their permission.
The federal government recommends these measures to protect ePHI on mobile devices:
- Use a password or other user authentication.
- Install and enable encryption.
- Install and activate remote wiping or remote disabling.
- Disable and do not install or use file-sharing applications.
- Install and enable a firewall and security software.
- Keep software up to date.
- Research mobile applications before downloading them.
- Use adequate security to send or receive health information over public Wi-Fi if permitted by our organization.
- Delete all stored health information before discarding or reusing the mobile device.
- Know our standards concerning individuals that PHI relates to, and workplace use.
- As social media changes, recognize how this may create new risks to disclosing PHI. Raise these concerns with your manager or another resource person. Ensure all uses of social media comply with our policies.
- Do not engage in online discussions with individuals related to your work who disclose PHI on social media.
- Discuss your concerns with coworkers about their posts.
- Alert our organization if coworkers disagree with your concerns about their posts.
- Use caution with posts about family and friends disclosing their PHI or involving their health or healthcare.
Who needs to follow HIPAA:
Covered Entities
These include:
- Health plans that pay the costs of medical care, such as health insurance companies, health maintenance organizations, employer-sponsored group health plans, and Medicare and Medicaid.
- Healthcare providers who handle health data like claims or invoices.
- Healthcare clearinghouses that process health information.
Business Associates
Covered entities may contract with business associates to perform services that require them to create, hold, or transmit health-related personal information. Business associates’ subcontractors who handle this health information also must comply with HIPAA.
Business Associates With Covered Entity Services
One type of business associate includes organizations or companies that provide covered entity services such as the following:
- Billing
- Claims processing
- Data analysis
- Utilization review
- Patient safety activities
- Quality assurance
Other Business Associates
The second type of business associate provides other services to covered entities, including the following:
- Legal
- Actuarial
- Accounting
- Consulting
- Data aggregation
- Management
- Administrative
- Accreditation
- Financial
Both Roles
It is possible for a covered entity to also function as a business associate if it has a business associate contract with a different covered entity.
Employers and Group Health Plans
In certain instances where an employer maintains a self-insured or self-administered health plan, it may be a covered entity and must comply with HIPAA. Many factors determine whether the employer is subject to HIPAA. Otherwise, employers generally are not subject to HIPAA. Whether or not it applies, it’s a good practice for an employer to treat employees’ health-related information with care.
We will always update the passwords once the year changes to the year
Website Portal:
Reminder on Ambassador Portal-great place to connect and communicate:
~Go to Web page: www.keewellness.com
~Click on Ambassador Portal in footer
~Password: WELL4@ll (second two L’s are lower case)
Zoom:
keewellnessspecialists@gmail.com
Keewellness#2023
Vimeo:
keewellnessspecialists@gmail.com
Keewellness#2023
Gmail Account:
Login: Email
Password:
Keewellness#2023
KEE Ambassador Page Web:
Most of the basic logins are your email from your ambassador page and the password is your NameWell123 (Capitalize first letter of your name and the W in Well) so for example: ErinWell123 to login and then your can personally change as you see fit