HIPAA STAFF COMPLIANCE TRAINING AND CHECKLIST
This form must be completed by all staff and new hires and maintained in the HIPAA compliance manual.
Directions: Please read each statement fully and check off your understanding. Read the attached “Frequently Asked Questions” section. Sign this checklist and turn in.
Definition:Protected Health Information. Protected health information is covered by HIPAA. What does protected health information mean? Individually identifiable health information that is or has been electronically maintained or transmitted by a covered entity, including such information when it is in non-electronic form or discussed orally. What does individually identifiable health information mean? Any information, including demographic information, collected from an individual that: a) is created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse; and b) relates to the past, present or future physical or mental health or condition of an individual, the provision of healthcare to an individual; or the past, present or future payment for the provision of health care to an individual, and (I) identifies the individual or (II) with respect to which there is reasonable basis to believe that the information can be used to identify the individual. Data elements that make information individually identifiable include: Name, address, employer, relatives' names, DOB, telephone and fax numbers, e-mail addresses, SSN, medical record numbers, member or account number, certificate/license number, voice/fingerprints, photos, or other number, code or characteristics such as occupation.
I have read and understand our clinic’s HIPAA privacy policies.
I ensure that confidential patient information is protected in the clinic and that reasonable safeguards, as outlined in our “Notice of Privacy Practices”, are followed.
Papers, forms and files that contains confidential patient information, such as names, social security numbers, birth dates and diagnosis, are disposed of properly (such as shredding), and not put in with regular trash.
I ensure that any equipment used to handle personal health information of patients, such as copy machines, computers, and fax machines are not left unattended when in use or where unauthorized persons can access them.
When I transport personal health information to another location, it is handled securely.
I ensure that mail that may contain personal health information is handled securely and not left unattended or where unauthorized persons can access it.
When I discuss patients in such a way that their identity would be known, I do so with authorized persons only and in limited access areas.
I understand that prior to obtaining treatment (when possible) patients should be informed in writing of our privacy practices (Consent For Use and Disclosure of Health Information Form), and should sign and receive a copy of this form.
I understand that our patients have the right to withdraw their authorization to release their personal health information and that they must do so in writing.
I understand that every effort must be made to get a patient’s written consent to release protected health information prior to doing so. If an emergency or substantial communication barrier exists, we will try to obtain consent from the patient or their responsible party.
I understand that we may disclose personal health information to a patient’s family member, close friend or other person that the patient identifies as having a close involvement in their health care. If the patient is unable to agree to disclosure, we will disclose only such information as is necessary in our professional judgment.
I understand that patient’s have the right to inspect and copy their personal health information.
I understand that patient’s have the right to amend their personal health information by submitting a written statement into their permanent health record at the clinic.
I understand that we must maintain an accounting of any disclosure of patient information that does not pertain to treatment, payment or healthcare operations and that the patient has the right to inspect that accounting of disclosures.
I understand that the patient has the right to request restrictions to the release of their information even for purposes of treatment, payment or healthcare operations. Such requests must be made in writing by the patient to our clinic.
I understand that our clinic must maintain a copy of our “Notice of Privacy Practices” in an accessible location, such as the reception room, and that patients may request and receive a copy of the written policy.
I ensure that no one has access to patient files or personal health information that is not authorized, such as sales or cleaning people, computer repair people, or service people, unless they are supervised by myself or one of the clinic staff.
I understand that HIPAA law does not cover disclosures of information in Worker’s Compensation cases and that our clinic is still required to provide information to employers, work comp carriers and the State to resolve such cases.
I understand that in worker’s compensation cases, the clinic is required to reasonably limit the amount of protected health information disclosed for payment purposes to the minimum necessary.
I understand that patients do not have the right to withdraw their consent for disclosure of protected health information under worker’s compensation guidelines.
I respect patient’s privacy by speaking quietly when discussing a patient’s condition with family members or other staff in a waiting room or other public area.
I respect patient’s privacy by avoiding using patients’ names in public hallways and elevators, and posting signs to remind employees to protect patient confidentiality.
I respect patient’s privacy by isolating or locking file cabinets or records rooms.
I respect patient’s privacy by providing additional security, such as passwords, on computers maintaining personal information.
I respect patient’s privacy by never discussing patient’s or their protected health information outside the clinic.
I have read, understood, and agree to the above points.
______
SignatureDate
______
Printed Name