Welcome to the first installment of the optometry HIPAA newsletter! The HIPAA Steering Committee wants to keep you informed about the rules and regulations necessary to protect the safety and privacy of our patients.

Geoff Wiggins, our college’s HIPAA Security Officer, is responsible for the safety and security of our patients’ protected health information (PHI). This includes PHI in all forms: verbal, written, or electronic. Some of the ways we protect PHI are encrypted computers networks, password protected computer programs, keycard protected restricted clinic areas, and shred bins for proper disposal of any written forms of PHI. Geoff and Cathy Beatty, the college’s HIPAA Privacy Officer, are the key points of contact to report any potential or suspected HIPAA violations.

Cathy Beatty, our college’s HIPAA Privacy Officer, oversees all ongoing activities related to the development, implementation, and maintenance of the organization’s privacy policies in accordance with applicable federal and state laws. This includes ensuring patients are provided a Notice of Privacy Practices (NPP), managing requests for the appropriate release of PHI, and addressing privacy complaints from patients and staff.

Protected health information (PHI): any information about health status, provision of health care, or payment for health care that is created or collected by a “Covered Entity” and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient medical record or payment history.

Covered Entity: a health plan, a health clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a standard financial or administrative transaction.

Minimum Necessary: employees should access the minimum necessary PHI to perform their job duties.

We are proud that many of our clinic patients are often recruited to serve as subjects within a clinical research project that could impact the quality of care for future generations. Did you know that you need special approval to access Compulink to review any patient data for research purposes? Additionally, all access to patient records for research purposes must be conducted using “view only” restricted accounts, even if you have Compulink access because you work in the clinic. To request access to use Compulink to support a current or future research project, have your supervisor click on the Request Access to Compulink link on the college homepage or click here: https://apps.optometry.osu.edu/?app=Compulink

What should you do when you find a stack of printed test results on the windowsill next to the printer?

1. Find matches and burn the test results before an auditor finds it.
2. Bring the stack of test results to the lunch room to ask other students who left them there.
3. Put the test results in your locker so you can use them for your next case report.
4. Quickly report the location, date, time and nature of the information found to Geoff Wiggins (Security Officer) or Cathy Beatty (Privacy Officer) so that further training can be provided and to avoid a privacy breach.

Answer: #4

Where should you put a document with a patient’s name and office visit information that you found on the fax machine in the mail room?

1. Do not touch it. You could be accused of leaving PHI in plain view.
2. Put the document in a shred bin.
3. Secure the document in an envelope and place the document in Scott Fultz’s (Mailroom Coordinator) mail box for distribution.

Answer: #3

What should you do with a check with payment information for a patient service that has date of service, patient name, and insurance account number that was mistakenly put in your mailbox?

1. Leave immediately with the check. Proceed to your bank and cash it.
2. Record the patient’s name and insurance account number on a separate paper and keep it in case anyone questions you about it. Conceal that paper in your locker.  If no one approaches you about it within 30 days, place the paper with patient information in a shred bin.
3. Secure the document in an envelope and deliver it to the Billing office on the third floor of Starling-Loving.

Answer: #3

Health and Human Services (HHS) Overview for Professionals: http://www.hhs.gov/hipaa/for-professionals/index.html

Frequently Asked Questions: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/frequently-asked-questions.page