HIPAA
Provider Requirements
Federal Law & DDD requires agency providers to implement protections and practices to comply with the Health Insurance Portability and Accountability Act (HIPAA) as it relates to Privacy Practices. Our HIPAA policy and procedures ensure that Individuals and Families understand their Privacy Rights and as a provider we understand our responsibility for keeping HIPAA protected information confidential.
Caregiver Responsibility
Health care professionals, Caregivers and Direct Support Professionals (DSPs) included, have always had a duty to protect the privacy of the people they support. HIPAA sets federal privacy standards and defines what kind of health information is protected.
Protected Health Information (PHI)
- Protected health information (PHI) is any health information that can be linked to an individual. Protected health information includes a person’s written health record, whether on computer or on paper; billing information from health care and human service providers; and spoken information about that person’s condition.
- Protected health information is protected from unauthorized use. In general, those who have access to an individual’s protected health or billing information may disclose only the minimum information necessary for the intended purpose. An improper disclosure of protected health information may result in criminal or civil legal actions.
- As an employee, staff, intern, volunteer or contractor you are allowed access to the records of Individuals, or operational business information which includes protected health information.
Access to Individual's confidential information is permitted only on a need to know basis and limited to the minimum amount of confidential information necessary to accomplish the intended purpose of the use, disclosure or request.
Online & Social Media:
For staff and caregivers, there are certain dangers to be aware of when posting online. First and foremost is the Health Insurance Portability and Accountability Act (HIPAA). HIPAA privacy regulations require providers to protect Individual's confidentiality and health data. In terms of social media, that means staff members cannot post protected health information (PHI). HIPAA defines PHI as individually identifiable health information transmitted by or maintained in electronic media or any other medium or form.
Social media activities that violate HIPAA include: posting any identifiable individual's health information without written consent, sharing photos of individuals even if partially obscured, discussing specific Individual cases publicly, gossiping about Individuals online, and responding to Individuals/Families reviews in a way that reveals protected health information (PHI).
Key points about HIPAA violations on social media:
- Sharing identifiable information:
Posting any details about a Individual's medical condition, diagnosis, treatment, or even their name on social media without their explicit consent is a HIPAA violation. - individual photos:
Even if you blur a Individual's face, a photo that could potentially identify them based on other visual cues is considered a HIPAA violation. - General discussions about Individuals:
Talking about a Individual's case in a way that could be linked back to them, even if you don't mention their name, can be a violation. - Responding to Individual's reviews:
If you respond to an Individual or family review online in a way that reveals protected health information, it can be considered a HIPAA violation.
Examples of HIPAA violations on social media:
- Posting a picture of a Individual's injury on Facebook
- Sharing a story about a Individual's unique medical condition on Twitter
- Complaining about a specific Individual on a public forum
- Posting a status update about a Individual's appointment without their consent
01
Eleos HIPAA Policy
To establish a uniform system to implement the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 as it relates to Privacy Practices.
As a provider we will not use or disclose protected health information (PHI) as identified under HIPAA except as authorized by the individual who is the subject of the information or as explicitly required or permitted as per Division Circular #53.
02
HIPAA Fact Sheet
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) offers protections for millions
of America’s workers that improve portability and continuity of health insurance coverage.
03
Confidentiality Agreement
It is the policy of Eleos that all employees, staff, interns, volunteers, and contractors respect and preserve privacy and confidentiality of Individual's information and Eleos Confidential Information per
Eleos HIPAA & Protected Health Information (PHI) Policy.
04
Privacy Practices
This notice describes how medical information about Individuals, may be used and disclosed and how Individuals can obtain access to the information.
In addition, Individuals Rights and Our responsibilities including our legal duties and privacy practices.
Questions or Concerns
As a staff member, if you ever have HIPAA related questions, need clarification or wish to report a HIPAA violation.
Please contact our Privacy Officer/Compliance Manager Marquis Johnson at m.johnson@eleosfamilyservices.com
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.