CHAM Arrival - Patient and Family Experience Latest Update Graded A

CHAM Arrival - Patient and Family Experience Latest Update Graded A Protecting a patient's privacy and confidentiality is governed by the Health Insurance Portability and Accountability Act of 1996. Also known as "HIPAA." Under HIPAA law, the patient has the right to control who will see or obtain their protected, identifiable health information. Protecting and keeping this information private is one of the most important functions of Patient Access Services. According to the Department of Health and Human Services, the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules were established to protect the privacy and security of health information and provide individuals with certain rights to their health information. Among other provisions, the Privacy Rule sets standards for when protected health information (PHI) may be used and disclosed, while the Security Rule requires safeguards to ensure that only those who should have access to electronic protected health information (ePHI) will be given access. The Breach Notification Rule requires HIPAA covered entities to notify the Department of Health & Human Services (HHS), affected individuals, and in some cases the media (and business associates to notify covered entities) of breaches of unsecured PHI. Another HIPAA rule administered by CMS is the Administrative and Simplification Rules. This rule includes: Transaction and Code Set Standards, Employer Identifier Standard and the National Provider Identifier Standard. The Minimum Necessary Standard is a requirement under the HIPAA Privacy Rule. It requires that covered entities take reasonable steps to limit the use or disclosure of PHI. People should only access, use or disclose the health information that is minimally necessary to accomplish a given task or purpose. An employee's access should be limited to the minimum necessary access to accomplish their particular job function. All communications with patients or about patients involving their personal health information must be protected, private and limited to people who have been authorized or whose job requires the use of the information. Patient Access Services plays a critical role in protecting our patients' private information. We are privy to patients confidential PHI with every patient encounter. Such as: the patients name, address, age, social security number, medical record, encounter number, insurance and any other personal information as well as the reason the person is in the hospital, treatment plans, medications or any observation about their current or past health condition. The patient has the right to control who will see or obtain their protected, identifiable health information. Protecting and keeping this information private is one of the most important functions of Patient Access Services According to the Centers for Disease Control and Prevention, here are some of the ways in which Patient Access professionals can protect our patient's privacy: **Any situation: •Confirm the patient's identity at the first encounter •Never discuss the patient's case with anyone without the patient's permission (including family and friends during off-duty hours) •Never leave hard copies of forms or records where unauthorized persons may access them •Use only secure routes to send patient information (for example, official mail) and always mark this information confidential •When using an interpreter, ensure that the interpreter understands the importance of patient confidentiality **When in an office, clinic, or institution: •Conduct patient interviews in private rooms or areas •Never discuss cases or use patients' names in a public area •If a staff member or health care worker requests patient information, establish his or her authority to do so before disclosing anything • Keep records that contain patient names and other identifying information in closed, locked files •Restrict access to electronic databases to designated staff •Carefully protect computer passwords or keys; never give them to unauthorized persons • Carefully safeguard computer screens •Keep computers in a locked or restricted area; physically or electronically lock the hard disk •Keep printouts of electronic information in a restricted or locked area; printouts that are