Open Arms Health Clinic 

​

​

Open Arms Health Clinic has a strong tradition of protecting the privacy of patient information. Confidentiality has always been a part of the health care culture and strict adherence to the Health Insurance Portability and Accountability Act, or HIPAA, must be practiced by all clinic volunteers.

​

TRAINING OBJECTIVE: To have every volunteer understand what HIPAA is and how it applies to their work at Open Arms Health Clinic.

 

What is HIPAA?

• HIPAA is a federal law. Violation of the law is a felony.

• HIPAA covers ALL forms of protected health information: oral, written and electronic, including social media.

 

Why are we as volunteers involved in HIPAA training?

It is everyone's responsibility to ensure the confidentiality of patient information seriously. Anytime volunteers come in contact with patient information, or any personal health information – written, spoken or electronically transmitted – they become involved with some facet of HIPAA regulations. It is for this reason that the law requires awareness training for all health care personnel, including volunteers. HIPAA refers to this information as protected health information or PHI.  Health information that identifies someone or can be used to identify someone must be protected.

 

Sharing patient information

HIPAA, under the consent rule, allows for the provider to use health information for Treatment and Operations. Under the Minimum Necessary Rule, volunteers should only have access to the information they need in order to fulfill their assigned duties.

 

HIPAA allows us to share patient information for...

• Providing care to patients and normal business activities such as quality improvement training, auditing customer service, and resolving grievances. If use of the information does not fall under one of these categories, you must have the patient's signed authorization before sharing that information with anyone!

​

• If personal health information (PHI) is involved, STOP! Ask yourself does my sharing this information involve treatment or normal operations for the patient. If the answer is NO, do not pass it along unless you have been authorized to do so! This includes information you may see or hear as a volunteer about fellow volunteers, friends and acquaintances receiving treatment sharing information requires authorization from the patient involved.

 

• A patient may or MAY NOT designate a family member or friend to receive their personal information. This designation must be documented in writing with the patient’s signature.

​

What are some of the patient's rights?

• Under HIPAA, patients have a right to know how their health information may be used or disclosed and that they have certain privacy rights.  These rights are communicated to our patients through a document called HIPAA Information and Consent.

 

HIPAA allows patients to:

• Obtain a list of whom we have shared their PHI with for the past six years.

• Review and copy their medical record

• Request restrictions on the use or sharing of their information.

 

Providing for the security of patient information

COMPUTERS: We must make sure all health information, no matter where it is, is secure.  This includes information stored on computers. Everyone who uses a computer has a duty to keep health information secure.
 

HIPAA requires that we protect all patient information on computers by:

• Properly signing on with individual IDs and passwords

• Signing off computers if walking away from the desk

• Keeping IDs and passwords confidential

• Protecting computer screens from unwanted viewing

• Never accessing patient health information in a public area or on unsecured wifi networks.

• Avoiding any mention on Social Media of information such as patient care or clinic interactions which could be linked to a patient.

 

DISPOSAL OF RECORDS: Paper records must be handled and disposed of carefully, such as using a shredder instead of throwing patient information in the trash. Electronic records must also be stored and disposed of in ways to prevent unauthorized access.

 

ENCRYPTED EMAILS & FAXES: HIPAA requires that we protect all patient information transmitted electronically. Volunteers involved with these tasks will receive special training.

 

What are the consequences of not complying with the law?

It has always been against Open Arms Health Clinic’s policy to improperly share, use, or dispose of patient information in the wrong way. Under HIPAA there are now fines and penalties for this.

​

We treat privacy seriously.  A breach of privacy may result in termination as an Open Arms Health Clinic volunteer.  Wrongful and willful disclosure of health information is a felony and carries fines that can involve jail time.

​

It is everyone's responsibility to report violations or wrongdoings. Whether someone received patient information improperly or shared patient information in the wrong way, everyone has a responsibility to report violations. When in doubt- ASK! The Clinic Director or Operations Manager is a good place to start for answers to your questions and for reporting issues.

​

Adapted from Wood County, Ohio Medical Reserve Corps HIPAA and Confidentiality Guidelines, 3/7/2021

​

​