Louisiana State University Health Sciences Center Administration & Finance
 
PRIVACY POLICY AND PROCEDURES Policy #:  2100.7
LSU Health Sciences Center New Orleans
Date Effective: April 14, 2003		 Table of Contents
purpleline

Patient Information Policy

Training and Education Requirements for Members of LSUHSC-NO's Workforce

SCOPE:

All Louisiana State University (LSU) System health care facilities and providers including, but not limited to hospitals, physician practices, clinics, schools, etc. on the LSU Health Sciences Center New Orleans Academic Campus.

Nota Bene: All LSU System health care facilities and providers including, but not limited to hospitals, physician clinics, schools, etc. on the LSU Health Sciences Center New Orleans Academic Campus, are referred to in this policy as LSUHSC-NO.

PURPOSE:

To provide guidance for the education and training of the health care facilities and providers affiliated with the LSUHSC-NO regarding LSUHSC-NO policies and procedures on Health Information Privacy and the Health Insurance Portability and Accountability Act, Standards for Privacy of Individually Identifiable Health Information (HIPAA Privacy Regulations).

POLICY:

All LSUHSC-NO health care facilities and providers must provide members of its workforce with education and training on the LSUHSC-NO policies and procedures on Health Information Privacy and the HIPAA Privacy Regulations.

DEFINITIONS:

Protected Health Information (sometime referred to as “PHI”) – for purposes of this policy means individually identifiable health information that relates to the past, present or future health care services provided to an individual. Examples of Protected Health Information include medical and billing records of a patient.

Workforce – Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for the facility, is under the direct control of such facility, whether or not they are paid by the facility. This includes full- time, part-time, or PRN staff, regularly scheduled contract workers, volunteers, students, and others defined by the health care facility.

Privacy Officer – person designated by LSUHSC-NO as the Privacy Officer.

PROCEDURE:

1.0 LSUHSC-NO will provide education and training regarding LSUHSC-NO’s health information privacy policies and procedures to all workforce members, including managers, executives, employed physicians, and employees no later than the effective date of the Health Insurance Portability and Accountability (HIPAA) privacy regulations.
2.0 Subsequent to the effective date of the HIPAA privacy regulations, education and training regarding health information privacy must be:
2.1 Provided to new members of the workforce within a reasonable time after starting work at LSUHSC-NO
2.2 Provided to affected members of the workforce within a reasonable time after material changes in the health information privacy policies and procedures become effective due to:
  • Changes in federal or state laws;
  • Changes in accreditation standards;
  • Changes in the Notice of Privacy Practices; or
  • Changes in procedures or practices within the facility even if they do not stimulate a change in the Notice of Privacy Practices.
3.0 All education and training must be documented and maintained for six years. Documentation may be maintained in written or electronic form from the date of its creation or the date when it was last in effect, whichever is later. Types of documentation may include, but are not limited to:
  • Copies of the text of materials used to conduct training;
  • Information about the presenter and other information to establish the qualifications of the presenter to provide the education or training;
  • Education or training session attendance records;
  • Meeting minutes;
  • Grand rounds attendance lists;
  • Samples and details of awareness and education tools such as posters, tent cards, tri-fold table cards and payroll envelope stuffers; and
  • Test results that measure the retention and/or mastery of the subject matter, if educational training curricula include testing components.
4.0 LSUHSC-NO will designate the methodologies by which the educational requirement will be accomplished, including, but not limited to, classroom sessions, self-directed tools, awareness and periodic reminder programs, on-the-job training procedures, web-based processes, etc.
5.0 Components of the educational programs should include for those employees who have direct patient contact, or work extensively with PHI, but are not limited to the following:
  • Introduction to HIPAA and the privacy rule;
  • Explanation of the Privacy Officer’s role and responsibilities;
  • Overview of the facility’s privacy policies and procedures, including where the documents are maintained and can be accessed;
  • Definitions of key terms such as HIPAA, Protected Health Information (PHI), Individually Identifiable Health Information (IIHI), privacy, confidentiality, disclosure, access, use, minimum necessary, etc.;
  • Explanation of all privacy forms including:
    • Authorization
    • Request to amend PHI
    • Request for restriction on use and disclosure of PHI
    • Complaint form, and how to file a complaint
    • Accounting of disclosures of PHI
    • Request and copy PHI
    • Notice of Privacy Practices
  • Defining patient’s rights as it relates to privacy of PHI, including how to protect patient rights;
  • Recognizing how the privacy policies and procedures affect the tasks an individual performs, including aspects of physical security of PHI and the minimum necessary standard;
  • Reinforcing the LSUHSC-NO commitment to privacy and protection of patient’s health information, in both medical and billing records;
  • An understanding of the possible sanctions resulting from a failure to comply with the HIPAA rule or the facility’s privacy policies, procedures and processes; and
  • Who in the facility is available to answer privacy questions within their department and outside their department.
6.0 In addition to general overview education and as part of job specific training, LSUHSC-NO will provide health information privacy education based on the role of the workforce members in the organization as necessary and appropriate to carry out their function in the organization.
7.0 LSUHSC-NO will establish regular policy review dates to assure training content reflects any material changes to the facility’s Privacy Policies and Procedures.
8.0 LSUHSC-NO may request that its workforce sign a Confidentiality Agreement. See Attachment A.

RESPONSIBILITIES:

1.0 LSUHSC-NO Human Resources Department and the Privacy Officer ensures that health information privacy training and education is incorporated into the initial orientation process for all members of the workforce.
2.0 LSUHSC-NO Privacy Officer ensures education and training is incorporated into intermittent training classes held whenever there is a change in health information Privacy Policies and Procedures.
3.0 LSUHSC-NO Privacy Officer ensures information and tools are available to assist departments in presenting health information privacy training.
4.0 LSUHSC-NO Privacy Officer ensures workforce members receive appropriate training as necessary and appropriate to carry out their function at LSUHSC-NO.
5.0 LSUHSC-NO Privacy Officer is responsible for providing updates for trainers on any changes or enhancements to the HIPAA privacy rule.
6.0 LSUHSC-NO Privacy Officer and Human Resources Department shall define and document the members of the facility’s workforce to be trained in health information Privacy Policies and Procedures.

REFERENCES:

45 C.F.R. § 164.530(b)
Disclaimer © 2009 LSUHSC Privacy Policy