docURMC Safety Orientation 2016 - Upson Regional Medical Center
download 
Report Transcription
URMC Safety Orientation 2016 - Upson Regional Medical Center
URMC Safety Orientation 2016 Mission of URMC Upson Regional Medical Center is committed to providing quality health care services to all patients based on the health needs of our population Mission Our goal is to be the employer of choice for healthcare workers, by creating a culture where employees feel valued and are inspired to be advocates for patients. Values Constancy of Purpose Integrity & Honesty Quality Care & Professionalism Respect & Team Work Customer Service Patient Safety Emergency Code Reporting Dial Extension 1000 to Report all Emergencies and Codes!! Handouts URMC Standards of Behavior AIDET Sample Patient Satisfaction Survey Code Red Procedure Fire Code Red Announcement Made over paging system stating general location of fire Reporting to Location of Fire An available employee from each unit reports & brings fire extinguisher All additional employees report to their work area Use RACE and PASS Determination of patients receiving oxygen in clinical areas “Code Red, ALL CLEAR” Do not resume routine function until an “all clear” is announced R.A.C.E Rescue Alarm Pull alarm and dial extension 1000 to report fire/location Contain Rescue individuals from immediate fire/smoke area Close door to area to contain fire/smoke Extinguish Extinguish the fire if it is safe to do so P.A.S.S. Pull Aim Squeeze Spray Fire Hazards Smoking Observe and enforce “No Smoking” Blockage of Exit Ways Keep exit ways clear Electrical Hazards Report any frayed, broken or overheated cords/electrical equipment Fire Doors Keep all fire doors closed/Do not wedge or prop open Hyperbaric Chamber Increased risk of flammability Evacuation Hospital designed in a unit concept to contain fire and smoke Types of evacuation Horizontal=moving laterally Vertical=moving down one or more floors Building=moving out of building Never evacuate upward; always go laterally, down, and then out Refer to charts on each unit for evacuation procedure Tobacco Free Campus Policy No smoking on URMC Premises. Includes any indoor or outdoor space owned, leased or operated by URMC. Includes parking lots & driveways Includes vehicles on URMC property No tobacco applies to all employees, volunteers, visitors, patients, physicians, vendors, contracted employees, contractors, etc. Tobacco products includes cigarettes, cigars, pipes, smokeless tobacco, chew, snuff, dip, electronic cigarettes and any other similar product Tobacco-Free Campus Policy If a student has an odor of smoke, this is considered violation of policy and can result in immediate dismissal URMC offers a tobacco cessation program. Call 706-647-8111 (ext. 1149) to register RAPID RESPONSE TEAM Purpose: To provide guidelines for clinical staff to obtain medical assistance when a patient exhibits acute changes in their condition warranting urgent medical attention. Early Warning Signs/Criteria Staff member is worried about the patient, “patient just doesn’t look right” Acute change in Heart Rate <50 or >120 Acute change in SBP <90 mmHg Acute change in respiratory rate ≤8 or >28 per min Acute change in O2 Sat. <90%, despite O2 Acute change in level of consciousness Acute change in urinary OP to <100 ml in 4 hrs., or <200ml in 8 hrs, if not a renal failure patient Sudden onset of Chest Pain, if not on Chest Pain Protocol New, repeated, or prolonged seizures Acute uncontrollable Bleeding RAPID RESPONSE TEAM Call the Rapid Response Team (RRT) when patients meet any of the Early Warning Signs/Criteria If there is evidence of Early Warning Signs, activate the RRT by dialing extension 1000 and ask the operator to page the Rapid Response Team to ______ (location) RN with current ACLS/Critical Care Experience and Respiratory Therapist respond Code Blue – Cardiac Arrest What is it? What Should You Do? Cardiac Arrest Call extension 1000 to report the code and the exact location. If available in your area the Code Blue button should be activated. If trained to do so, initiate Basic Life Support (CPR) Who Will Respond? All physicians in-house at the time, the Emergency Department (ED) physician on duty, nurses from ICU & SCU, a nurse from ED that will bring the Rapid Sequence Intubation (RSI) box, the primary care giver, Respiratory Therapy, EKG technician, phlebotomist, any EMT's, and the Director or House Administrator. CODE BLUE PALS Pediatric Cardiac Arrest—age 8 or less What should you do? Follow reporting procedure for Code Blue When reporting, Say it twice to the operator. Example: “Code Blue PALS, ground floor, cafeteria; Code Blue PALS, ground floor cafeteria”. Who will respond? In addition to the routine responders to a Code Blue, A Pediatric nurse will bring the Pediatric Floor crash cart to the area where the Code Blue PALS was called. Code Blue Outside – Collapsed victim found outside on the hospital grounds What should you do? Follow Code Blue Reporting Procedure State twice to the operator: “Code Blue Outside", giving exact location. If you do not have a cell phone, go immediately to the closest phone to report code. If trained in BLS, immediately return to the unresponsive person and initiate BLS. Code Blue Outside – Collapsed victim found outside on the hospital grounds Who will respond? Assigned ED Nurse & URMC Code team members will respond to the announced Code Blue Outside or Wellness location. A Security staff member will obtain the AED, resuscitation bag, and Code Blue Outside Box from the ED and transport the ED nurse or assigned Shift Supervisor to the scene. Although EMS will be called in an Outside Code Blue it is at the discretion of the code leader how to transport the patient. Note: The hospital has AEDs (Automated External Defibrillator) for outside use on the hospital's premises and for use prior to arrival of EMS. Locations include the Cafeteria, Emergency Department and Wellness Center Code Blue in ED—Cardiac Arrest in the ED What is it? Patient is in cardiac arrest in ED Who will respond? Phlebotomy, Respiratory, Radiology (portable), Cardiology (EKG), and House Admin. Code Stroke—Patient presents with stroke symptoms Called by the ER Physician or may be called on an inpatient unit after Rapid Response Activation Pharmacist, Phlebotomist, Respiratory Therapist, Radiology, EKG Tech, House Admin., and Stroke Coordinator respond CT is prepared to receive patient If outside of ED, the ED nurse will respond with TeleNeurology equipment and medication box Code Trauma—patient presents with severe multisystem traumatic injuries Phlebotomist, Respiratory Therapy, Radiology Tech, EKG tech and House Administrator respond Code Triage - Internal or external event that disrupts normal operation or services. Large influx of patients (i.e. community disaster) Event that disrupts normal operation of services (i.e. building damage from weather-related event) What should you do? Staff at work will report to their work area. Consult with preceptor or instructor for specific student instructions. Inpatient care areas, determine the number of patients that could be sent home. Prepare to receive patients. Wear ID badge at all times Code Tornado WATCH—Conditions exist for severe thunder storm or tornado What should you do? Report to assigned work area Close windows and blinds Remove objects from window sills (books, plants, etc.) Clear hallways of obstructions Keep patients & visitors away from windows Inform patients & visitors of situation *When safe, an "all clear" will be announced which places hospital back into normal operation. Code Tornado WARNING – A Tornado has been sighted What should you do? Keep patients in their rooms. (Possible Exception: For ICU and Women’s Services refer to their individual plans.) Place patient’s shoes on the patient if possible. Move patient’s beds as near to the inner wall (away from window) as possible. Family should also stay in room. Close all doors to the patient’s room. Limit use of telephones to emergency situations only. Remain calm and reassure patients and visitors. Prepare to initiate “Code Triage” if necessary. Prepare to evacuate if necessary *Note: When safe, an "all clear" will be announced which places the hospital back into normal operations. Hazardous Materials SDS Safety Data Sheets (SDS) Provides proper procedures and handling for working with a particular substance SDS located in each department CODE ORANGE A hazardous material exposure that has happened in the facility or outside of the facility. A hazardous material exposure that has happened in the facility or outside of the facility. What should you do? Stay away from the hazardous material or contaminated person. Do NOT go to the Emergency Dept. unless you are contaminated. Direct any guest who arrives and claims exposure to go outside the building. Call Extension 1000 to report the Code Orange. Who will respond? Decontamination will take place outside of the building by the Decontamination Team. CODE PINK—Infant or Child Abduction What should you do? Inform the operator of a "CODE PINK" and give the age of the patient and the location of the occurrence. Example: "Code Pink, 5, Pediatrics" All personnel will be alert to any unusual events or activity of employees, patients, visitors, or other internal and external customers. Flow of traffic out of the hospital and parking lots will be stopped by designated staff. Law enforcement is notified. Note: Internal security systems are used to prevent infant/child abduction. CODE MANPOWER – Patient or visitor has become uncontrollable or violent What should you do? Notify Operator and give exact location Who will respond? A designated nurse from each unit and all male employees will respond to the Code Manpower. The House Administrator or Department Supervisor will assist with traffic control and send unnecessary staff back to their departments. The security officer, in collaboration with the charge nurse or department manager should decide whether to call 911 depending on the extent of the crisis. Code “B”—Bomb Threat What should you do? Stay calm. Listen. Indicate to a co-worker what is occurring. They will alert the switchboard operator at extension 1000 to notify the police and Administration. Try to keep the caller talking. Record date, exact time and as much of the conversation as you can. Note any information displayed on the phone. Listen closely to the caller's voice. Try to determine and record as much information about the caller and bomb information as possible. Who should respond? Security, Administration and Law Enforcement Code Silver –Individual has a weapon What should you do? If you encounter a person with a weapon or if a hostage situation should occur: If you are on the floor of the incident: Dial extension 1000 to report code and provide location, number of perpetrators, victims, and or hostages, and type of weapon involved. Remove all patients and personnel from public view. Locked doors are safest. Safe zones include stairwells and badge access rooms. Clear hallway of all people if possible and seek shelter. Remain out of public view until "All Clear" is called. All other facility personnel: Do NOT go to the area specified in the Code Silver. Security, Law Enforcement and Administration will manage the incident. Door Lock System Badge Access Protects all from unauthorized access and ensures a safe/secure environment Highly sensitive areas utilize control access doors Emergency Dept ICU Labor and Delivery Medical Records Nursery Pharmacy Some areas, including external doors, lock at a designated time If doors are forced open, an alarm will sound Confidentiality Must protect protected health information by law Signature of Confidentiality Agreement Violations Accessing information not within your scope of responsibility Misusing, disclosing, or altering patient info Disclosing passwords Leaving a securing application (computer) unattended Attempting to access a secured application without authorization Violations may constitute corrective action and termination from clinical rotation Code Assist – Assistance is needed to lift or move a patient or visitor What should you do? Staff can initiate the code by calling the operator at extension 1000, requesting a “Code Assist” and giving the specific location. Who will respond? A designated staff member from each unit and all male employees will respond to the Code Assist. A mechanical lift will be taken to reported location. Fall Prevention Observe environment for potentially unsafe conditions Ensure traffic areas are clear of obstacles Clean up spills immediately Secure electrical cords and wires away from walkways Take ownership of your environment Fall Risk Fall Risk Assessment is completed on all patients on admission, upon transfer to another unit, and with any change in patient condition (i.e. surgery) Patients who are at a high risk for falls can be identified by: Yellow snap added to wrist band. (mandatory) Yellow sign “Call, Don’t Fall” posted on door to patient’s room (mandatory) Yellow hospital Gown Bed alarms are to be used for all high fall risk patients Post Fall Huddle after a patient fall Back Safety Back Injuries can be costly to you and to URMC. Let’s Stay Safe!! Use proper body mechanics: Avoid bending at the waist Bend your knees Hug the load Avoid twisting Push rather than pull Use lift equipment Ask for help!!! Patient Safety: Identify Patients Correctly Use at least two identifiers to identify patients to make sure each patient gets the correct medicine and treatment. Name and Date of Birth or Name and Medical Record Number Make sure that the correct patient gets the correct blood when administering a blood transfusion. Checked by two staff at pick up in the Blood Bank and by two nurses at the patient’s bedside before administration. Patient Safety: Improve Staff Communication Report critical results to the right staff person and or physician on time Critical Results must be reported to the physician within 1 hour and documented in the medical record. Patient Safety: Use Medicines Safely--Labeling Label all medicines that are not already labeled. For example medicines in syringes, cups and basins. Do this in the area where medicines and supplies are set up. Patient Safety: Use Medicines Safely--Anticoagulants Take extra care with patients who take medicines to thin their blood. The following are used to insure safety: Heparin Protocol Warfarin Protcol Lab value monitoring Patient Safety: Use Medicines Safely Record and pass along correct information about a patient’s medicines. Find out what medicines the patient is taking and compare those medicines to new medicines given to the patient. Admission Medication Reconciliation completed on every patient Must be completed timely Patient Safety: Check Patient Medications Make sure the patient knows which medicines to take when they are at home. Tell the patient it is important to bring their up-to-date list of medicines every time they visit a doctor. Patients receive a “Patient Friendly” Discharge Medication Reconciliation Patient Safety: Prevent Infection—Hand Hygiene Use the hand cleaning guidelines from the Centers for Disease Control and Prevention or the World Health Organization Hand hygiene expected Wash hands when hands visibly dirty or soiled with body fluids Used alcohol-based hand rub to decontaminate hands when not visibly soiled Secret Shoppers When to perform hand hygiene Before: having contact with patients putting on gloves inserting any invasive device manipulating an invasive device After: having contact with a patient’s skin having contact with bodily fluids or excretions, nonintact skin, wound dressings, contaminated items having contact with inanimate objects near a patient removing gloves Patient Safety: Reduce Infection—MDRO’s Use evidence-based practices to prevent infections that are difficult to treat (MDRO=multi-drug resistant organism) We screen high risk patients for MRSA Medical record is flagged if results are positive Contact isolation used for patients with history or confirmed MDRO Patient Safety: Reduce Infections—Central Line Infections Use evidence-based practices to prevent infection of central lines Educate staff, patients and families about central line-associated infections and importance of prevention Use a catheter checklist and standardized protocol for central venous catheter insertion Perform hand hygiene prior to catheter insertion/manipulation Use a standardized protocol to disinfect catheter hubs and injection ports before drawing blood from central lines Evaluate all central venous catheters and remove nonessential catheters Patient Safety: Prevent Post Operative Infections URMC Strategies: Pre-operative Bath Pre-operative surgical site prep Special Dressings Post-op Orders Active monitoring Patient Safety: Prevent Cather-Associated UTI’s Strict criteria for catheters Actively track all urinary catheters and promote removal as soon as possible Patient Safety: Identify Patient Safety Risks Find out which patients are most likely to commit suicide. Suicide risk assessment for all newly admitted patients. High risk patients and patients that have attempted suicide are placed in safe rooms with one-on-one monitoring Patient Safety: Preventing Wrong Site, Wrong Procedure, and Wrong Person Surgery Conduct a pre-procedure verification process Verify the correct procedure, for the correct patient, at the correct site When possible, involve the patient in the verification process Identify the items that must be available for the procedure Use a standardized list to verify the availability of items for the procedure. Match items to the patient. Patient Safety: Preventing Wrong Site, Wrong Procedure, and Wrong Person Surgery Site Marking Marked when there is more than one possible location (i.e. Right or Left Extremity) Before the procedure is performed Patient involved, when possible Marked by the physician who is accountable and present when procedure is performed Made at or near the procedure site, visible after site prep and draping Patient Safety: Preventing Wrong Site, Wrong Procedure, and Wrong Person Surgery Time Out The procedure is not started until all questions or concerns are resolved Conducted immediately before procedure or making incision Involves the immediate members of the procedure team and is documented. Another time-out is performed before starting each procedure. Unexpected Events Any situation that is not consistent with the routine operation of the facility or routine care of the particular patient Report the following to URMC Staff: Patient Injuries Patient Falls Treatment Errors Medication Errors Unexpected Patient Outcome Visitor Incidents Personal Injury A Variance Report will be completed Standard Precautions Includes hand hygiene Includes use of personal protective equipment before exposure to blood, body fluids, secretions (except sweat), mucous membranes or non-intact skin Gloves-when hand contamination is anticipated Masks and eye protection-when splashes may occur Gowns-when soiling of clothing may occur Use regardless of diagnosis ALL patients, ALL the time Contact Precautions Prevents transmission of infectious agents that are spread by direct or indirect contact with the patient’s environment VRE, C. Difficile, noroviruses, RSV, MRSA Applies to excessive wound drainage & fecal incontinence Private room Wear gown and gloves for all interactions Don PPE before entry to room and discard before exiting room Use of dedicated equipment or clean between use Airborne Precautions Prevent transmission of infectious agents that remain infectious over long distances when suspended in the air Rubeola virus (measles) Varicella virus (chicken pox) Mycobacterium tuberculosis SARS Patients places in isolation Wear mask or respirator (depending on illness) Do not enter room if you have not been fit tested for a respirator Droplet Precautions Prevent transmission of pathogens spread through close respiratory or mucous membrane contact with respiratory secretions B. pertussis, influenza virus, adenovirus, rhinovirus, N. meningitides, group A streptococcus Private room Wear a mask when in close contact with patient Patient should wear mask if transported outside of room and follow Respiratory Hygiene/Cough Etiquette Medical Equipment Equipment used to diagnose, care, treat or monitor patients Inspection, testing, maintenance to minimize clinical and physical risks Remove and report failed/broken equipment to staff A work order for repair will be completed by URMC staff Safe Medical Device Act of 1990 requires the report of death or serious injury Orientation is required prior to using equipment MRI Safety Magnetic Resonance Imaging (MRI) uses powerful magnetic field, radio waves and a computer to produce pictures “MRI Checklist” completed and reviewed on every patient prior to receiving MRI Iron or other magnetic objects must not be brought into the neighborhood of the magnet MRI is on at all times!!! No one will be allowed to enter MRI room without permission of MRI technologist Utility Systems For each type of utility failure, URMC maintains a Contingency Plan that maps out: What to expect Whom to contact Employee responsibilities Electrical During electrical failure utilize red receptacles/receptacles with red dots Battery operated flashlights located in each department ID Badges Wear at all times for security purposes. Your badge will only allow access to allowed departments/locations Turn your badge in to Human Resources or forward to Education Director at the end of clinical rotation. Dress Code As a representative of URMC, it is appropriate that each staff member present a neat and well-groomed appearance in accordance with the highest standards intended to insure that the Medical Center continues its excellent reputation for rendering quality health care services. Dress Code School issued scrubs or uniform acceptable Clean, unwrinkled, modest clothing Wear badge @ eye-level Tattoos covered at all times Shoes: clean, no toeless shoes or shoes with holes in top No chewing gum in patient care areas Dress Code No more than one ring per hand (exception: wedding set) Necklaces no longer than18 inches; simple chain with small pendant allowed No more than two earrings per ear; small; no dangling earrings No other visible piercings Dress Code Hair neat and clean; must be worn so as it will not interfere with patient care Facial hair neat and trimmed Nails short (1/4 “), clean, manicured No nail polish or artificial nails May not wear fragrance in patient care areas Makeup conservative Parking May park lower fenced-in parking lot (# 4 ) Thank You For Choosing URMC! If you have questions or need assistance, contact the Education Dept. @ ext. 1476 Student Safety Post-Test Student Safety Post-Test Minimum Passing Score=85 1. Dial extension __________ to report all emergencies and codes to the switchboard operator. a. 100 b. 1000 c. 0 d. 1234 2. The “R” of the acronym RACE stands for: a. Rush b.Respond c. Rescue d.Rapid 3. It is acceptable for a student to smoke while on URMC campus. a. True b. False 4. You are preparing to enter the elevator and hear a Code Red announced over the intercom, you know that this means: a. There is a threat of a fire and you should enter the elevator. b. There is a threat of a fire and you should take the stairs. c. There is a threat of a bomb and you should enter the elevator. d. There is a threat of a bomb and you should take the stairs. 5. You enter a patient’s room and observe that the patient is not breathing. You press the code button and dial extension 1000 to report a Code ________ and the patient’s room number. a. Blue b. Black c. Orange d. Pink 6. What does a Code Tornado Warning indicate? a. Electricity outage b. Tornado sighting in the immediate area c. Fire within the building d. Staff member needs assistance with an aggressive patient 7. You are making rounds on the Postpartum Unit when a mother reports to you that her child has been taken by someone other than URMC staff. Which code would be implemented? a. Operation Rescue b. Code Triage c. Code Pink d. Code Blue PALS Student Safety Post-Test Filing Number: ADM.EDUC.07.F002 Original or Revised Date: 12/15/2015 Page 1 of 3 Student Safety Post-Test 8. Emergency, ICU, Labor and Delivery, and Nursery departments have door lock systems requiring badge access. a. True b. False 9. Which team would be called in the event a patient’s condition deteriorates? a. Code Blue Team b. Rapid Response Team c. The Raiders d. The Hospitalist 10. What should occur immediately prior to any operative or bedside procedure to ensure patient safety? a. A time out b. A black out c. Patient consent d. Nothing necessary 11. As long as gloves are worn during patient or surface contact, it is not necessary to perform hand hygiene. a. True b. False 12. When hands are visibly soiled, using two pumps of alcohol hand rub is a safe practice for hand hygiene. a. True b. False 13. Contact precautions include: a. Private Patient Room b. Wearing gown and gloves for all interactions in the patient’s room c. Donning PPE after entering the patient’s room d. A and B only 14. It is necessary to wear a mask for close contact with a patient who has been diagnosed with influenza. a. True b. False 15. A patient is suspected of having Tuberculosis, which precautions are necessary? a. Airborne isolation room b. Wear a fit-tested N-95 or higher level disposable respirator and should be donned prior to entry and removed after exiting the room. c. Gloves, gown, goggles or face shield if substantial spraying of respiratory fluids anticipated d. All of the above Student Safety Post-Test Filing Number: ADM.EDUC.07.F002 Original or Revised Date: 12/15/2015 Page 2 of 3 Student Safety Post-Test 16. Under what circumstances would Code Triage be called at URMC? a. An internal or external disaster b. A patient stops breathing or becomes pulse less c. An infant/child abduction d. A patient/visitor becomes aggressive or violent 17. You have a question about handling or working with a particular substance. Which onsite reference would you seek for more information about the proper procedures? a. A PDA b. The preceptor c. A medical textbook d. The safety data sheet (SDS) 18. What is one way that fall risk is communicated as part of the fall reduction program at URMC? a. A blue bandana b. A yellow snap on the patient’s wristband c. A Code Pink d. A Code Orange 19. It is acceptable to copy the patient’s chart and use patient records outside of URMC for research or school purposes. a. True b. False 20. As a student at URMC, I understand that all patient assessments, treatments, and procedures must be performed under the direct observation of my preceptor. a. True b. False Student Safety Post-Test Filing Number: ADM.EDUC.07.F002 Original or Revised Date: 12/15/2015 Page 3 of 3 HIPAA Educational Session This Session Covers: HIPAA Privacy Rule HIPAA Security Rule Breach Notification Rule Our HIPAA Officers: HIPAA Privacy Officer Suzanne Streetman Director of Risk Management Ext. 1240 [email protected] Call the Privacy Officer w ith questions about privacy of oral, paper or electronic patient inform ation and to report breaches. HIPAA Security Officer Doug Thompson Chief Information Officer Ext. 1107 [email protected] Call the Security Officer w ith questions about security of electronic patient inform ation and protections of our com puter system s. “Protected Health Information” (“PHI”) – Key Term “PHI” is oral, w ritten or electronic patient health information relating to a person’s present, past or future condition, treatment or payment. Examples: Medical records Referral forms Rx orders Oral communications about a patient’s health Test results (x-ray, MRI, CT, labs, etc.) Billing or claims information Any info tied to a patient’s health that identifies a patient in any way NOTE: Patient information and photographic, video and x-ray or other images are protected health information and should not be disclosed inappropriately - even if you remove the patient’s name!! Protected Health Information (“PHI”) Examples of information that could be PHI when tied to information about a person’s health, include Name Geographic subdivisions smaller than state – Street Address City County Precinct Zip Date of birth/death; age Telephone number Fax number Email address Social Security number Medical record number Credit card number License number Vehicle license plates Fingerprint Full or partial face or other identifiable images, even xray Unique identifying characteristics HIPAA Privacy Rule Overview Requires Protection of Oral, Written & Electronic PHI Restricts Certain Uses and Disclosures of PHI Provides Individual Patient’s Rights Establishes Civil and Criminal Penalties for the Health System and Individual Violators (employees, physicians, volunteers, medical students, etc.) Who must comply? YOU!! YOU are responsible for protecting PHI!! NOTICE OF PRIVACY PRACTICES (“NOPP”) URMC uses a NOPP to notify patients about HIPAA at check-in on the first visit – including Our Privacy Obligations Common Uses and Disclosures of PHI Patient Rights How for Patient to File a Privacy Complaint. URMC must post its current NOPP in the facilities and on its website in clear and prominent location. Patients must acknowledge in writing receipt of NOPP. Uses and Disclosures of PHI HIPAA Privacy Rule allows uses or disclosures of PHI for Treatment of patients Payment of patient claims/bills Health care operations of the Health System and its Medical Staff **If not expressly permitted by the HIPAA Privacy Rule, the use or disclosure is NOT allowed without written, patient authorization.** Treatment: PHI can be used or disclosed for Treatment Examples: Provide health care services Coordinate health care services Manage health care services Consults between providers Referrals from one provider to another **HIPAA should never hinder patient care!! Payment: PHI can be used or disclosed for Payment Examples: Obtain premiums Coordinate benefits Bill claims Obtain payment for providing care to a patient Obtain pre-authorization for services Health Care Operations: PHI can be used or disclosed for Health Care Operations of the Health System Examples: Audits Customer service Training Quality improvement Grievance resolution Provider credentialing (peer review) General business of the health system NOTE: Use and disclosure for certain common marketing or fundraising purposes may be prohibited. Check with the Privacy Officer. Other Permitted Uses & Disclosures of PHI CONSULT OUR HIPAA POLICIES OR HIPAA PRIVACY OFFICER BEFORE USING OR RELEASING PHI FOR REASONS OTHER THAN TREATMENT, PAYMENT OR HEALTHCARE OPERATIONS!!! Authorization Form For uses or disclosures of PHI not expressly allowed by HIPAA, patient should sign a special Authorization form authorizing the release. For example, We may need an authorization to use/disclose patient information for research, marketing and fundraising purposes. We often must obtain an authorization for release of psychotherapy notes, AID/HIV info, mental health info, communicable disease info, alcohol and drug abuse/rehab info, etc. Check with the HIPAA Privacy Officer for form and/or more information. Minimum Necessary Rule The HIPAA Privacy Rule requires you to make reasonable efforts to limit your uses and disclosures of PHI to the minimum amount necessary to accomplish the task. Only use/disclose PHI on a NEED TO KNOW BASIS !!! The Minimum Necessary Rule does NOT apply to uses and disclosures For treatment, Made to the individual patient Made pursuant to a patient written authorization, or For certain legal and compliance functions Individual Patient Rights Under HIPAA, Patients have the: Right to access, inspect, obtain a copy medical and billing records – sometimes electronically Right to request amendment of medical records Right to an accounting of disclosures of PHI made outside our Health System and Medical Staff Right to request restrictions on use/disclosures of PHI NOTE: Health System may be required to comply with an individual’s request not to disclose PHI to the patient’s health insurance company when the individual pays for health care service out of pocket and in full. See policies. Individual Patient Rights (cont.) Under HIPAA, Patients have the: Right to receive confidential communications Hospital must accommodate reasonable requests by individuals to receive PHI communications by alternative means or at alternative locations. Right to file complaints about uses/disclosures of PHI Right to receive written Breach Notification that explains what happened and how they can protect themselves, etc. Right to opt out of receiving marketing and fundraising correspondence SEE OUR POLICIES ON EACH OF THESE PRIOR TO RELEASE OR AGREEMENT!! NOTIFY THE HIPAA PRIVACY OFFICER IF A PATIENT WISHES TO ACT ON ONE OF THESE RIGHTS!! Sale of PHI or Use/Disclosure of PHI for Personal Gain … IS PROHIBITTED!!!!!! IS ILLEGAL !!!!!! SHOULD NOT BE DONE!!!!!! Examples: Selling or using a patient list to promote a product Removing patient lists when you leave the hospital / medical office practice Using the hospital patient lists to promote your or someone else’s personally owned business. There are some narrow exceptions. Ask your HIPAA Privacy Officer. HIPAA Security Rule HIPAA Security Rule protects electronic PHI (“ePHI”) HIPAA Security Rule requires us to protect the integrity, confidentiality and availability of ePHI. URMC has conducted a risk analysis and has implemented administrative, physical and technical safeguards and an audit system to protect ePHI. Security Rule: Safeguards ePHI URMC has put Administrative Safeguards in place to protect ePHI, such as: Risk analysis, assessments and management processes Audits of our computer systems for inappropriate uses/disclosures Workforce access controls Business associate contracts with our outside vendors Anti-Virus software Access and password management and termination (unique passwords, etc.) Contingency plans Back-up Data Disaster Recovery Plan Emergency operation Testing Security Rule: Safeguards ePHI URMC has put Physical Safeguards in place to protect ePHI, such as: Facility controls Locks on doors Visitor limitations Disaster and emergency recovery of PHI Workstation use and security procedures Computer disposal and reuse processes to clean PHI Back-up data and storage processes. Security Rule: Safeguards ePHI URMC has put Technical Safeguards in place to protect ePHI, such as: Access controls Unique passwords Auto logoff Authentication of user Emergency access procedures Transmission security Integrity controls Encryption Security Safeguards Our Information Services (IS) uses anti-virus software and Internet firewalls to protect our network and computer workstations from malicious software (malware), viruses, trojans, worms, etc. that could harm our information systems. IS controls software updates and patches. If your computer “freezes,” windows open by themselves, data is missing, or you experience slow network performance, you should contact IS Technical Support at extension 1119 for assistance. Unique Passwords Your user name and password is specific to you. Do not share!! Safeguard it at all times – if you think your password has been compromised, you should contact Information Systems Technical Support immediately at 1119. Encryption Do not send PHI through email if another option is available. You are required to encrypt any outgoing emails that contain PHI. Encryption puts the email into an unreadable code to ensure that unauthorized people cannot read the email and use the PHI to steal someone’s identity or cause them harm. Encryption Please call ext 1119 for instructions on how to encrypt outgoing emails. NEVER send PHI in a Text Message. Texting PHI is a direct violation of HIPAA Security. Text messages are not password protected, plus the receiving device may not be password protected and encrypted. Audits The IS Department audits our computer systems for inappropriate uses and disclosures of PHI. Therefore, you should be careful of your actions when using our systems. You should never send PHI to your personal or private email address, even if you encrypt it as you send it out. HIPAA Security Rule See Additional Rules for Protecting PHI at the end of this slide presentation for practical tips on protecting ePHI. Contact the Security Officer with questions and review the Health System’s full HIPAA Security Policy Manual available in Policy Manager. Be Careful When Using Social Media in the Health Care Industry Examples of common social media: Facebook, Twitter, YouTube, texting, emailing, etc. Because you work in the health industry, you are constantly exposed to confidential, highly sensitive patient and business information. DO NOT use or disclose patient or confidential business information on social media sites. Why?? Because federal and state laws prohibit disclosure of this information . . . and because your patients and job depend on it! What Is Social Media? Use of Social Networks Use of Facebook, Twitter, YouTube, blogging and similar social or business networking applications while at work “on the clock” is prohibited. Remember if you access social media sites from a personallyowned device, you should do so only during breaks or lunch – and then do so responsibly. Social media networking is distracting and could lead to patient care and privacy issues. If you identify your employer on your personal social media page, you should make it clear that your views are your personal views and are not those of this Health System. At any time, on any form of social media: Never post Health System trade secret, proprietary or confidential business info!! Never post patient information (“PHI”), even if you remove the name!! Examples of prohibited posts: I had a terrible day. 22 yr old patient died in ED. I love my new job: I got to treat a burn victim today!! Use of Social Networks (cont.) Never photograph or video patients with cameras, cellular phones, smart phones or similar devices and never post photos/x-rays, etc. on networking sites – even if the name of the patient is deleted. Never email PHI outside of this Health System to a private home address or to an unauthorized person/company. NOTE: Health System social media policies are not meant to prohibit employee NLRA Section 7 protected activities. Violations of social media restrictions may result in disciplinary actions – particularly if it results in a privacy violation or is deemed to have interfered with your job performance. Potential HIPAA Penalties Violating patient privacy under HIPAA has criminal penalties as well as civil. These include: Up to $50,000 fine and up to one year in jail for knowingly obtaining or disclosing PHI in violation of HIPAA Up to $100,000 fine and up to 5 years in jail for doing the above under false pretenses Up to $250,000 fine and up to 10 years in jail for doing the above with the intent to profit or do harm with the information Potential HIPAA Penalties Other penalties can include Loss of Job NOTE OF CAUTION: The HIPAA Security Rule requires us to audit our computer systems for HIPAA compliance. Our system creates a snapshot of the records you view, print, forward and disclose. We can tell if you are viewing or sending PHI when you should not. So, do not do it!!! Our HIPAA Privacy and Security Rules Protecting PHI requires an individual and team effort. There are many good habits you can practice to help protect our patients privacy. Some of these include: Read and refer often to our HIPAA Privacy and Security Policies and Procedures, available in Policy Manager. If you see PHI lying around, pick it up and make sure that it is delivered to the appropriate person/place. Be discrete when talking about PHI in open areas. Keep your voice down! Don’t discuss PHI in the cafeteria, elevators, at home or in public places (even in religious settings such as during prayer requests). Our Rules (Continued) Help your co-workers comply with HIPAA by bringing noncompliant actions to their attention. Access and disclose PHI only on a “need to know” and “minimum necessary” basis. Always use appropriate fax cover sheets for all out-going communications containing PHI - warning the recipient that PHI is enclosed and should be protected. Check email and fax addresses before hitting “send.” Log out, secure or lock your computer (if possible) when away from your screen. Turn screens so that they cannot be viewed by public/visitors/unauthorized employees. Avoid leaving clipboards with medical information in places where it could be looked at, altered, or stolen. Our Rules (Continued) DO NOT talk about patient issues with friends, family, or in public places. Never share your computer user name or password with anyone. REMEMBER: Your user name and password tie any computer activity to you! We audit for security compliance. Lock doors or file cabinets that should be locked. Never take or send PHI (electronic or hardcopy) outside of the facility unless you have permission to do so. Store laptops in trunk of vehicle – not in open view. Our Rules (Continued) Do not save PHI to unencrypted disks or drives. Do not social network while at work – no Twitter, blogging, Facebook, cell photos, etc. Do not post PHI on social network sites. Follow Policies and Procedures for retaining and disposing of PHI. Shred PHI before throwing into a trash can or dumpster. Follow Policies and Procedures for reporting concerns about wrongful uses/disclosures or conduct involving PHI. Report any suspected breaches of PHI immediately to the Privacy Officer. Protect PHI as if it were your own!! Report Suspected Wrongful Conduct URMC’s ability to prevent and detect wrongful conduct in a timely manner depends, in part, on the eyes and ears of its workforce and medical staff. Employees are encouraged to report suspected wrongful conduct or concerns without fear of retaliation as the result of the report by: Discussing the concern with a supervisor. Contacting the HIPAA Privacy Officer or HIPAA Security Officer Leaving a message on Compliance confidential hotline. Contacting Compliance Officer directly. **It is a condition of your employment that you report suspected wrongful conduct as soon as you become aware of it. **If we know about a problem, we can correct it before it becomes a bigger problem!! HIPAA Breach Notification REPORT all potential Breaches to the Privacy Officer ASAP!! The Privacy Officer will determine whether notice of the Breach must be given to the patient, media and federal government. HIPAA requires the Health System Privacy Officer to send written notice to a patient of a Breach of PHI, in some cases when required by law. REACH is an unauthorized use, access or disclosure of unsecured PHI. HIPAA Breach Notification Wrongful or inadvertent uses or disclosures of PHI could qualify as a Breach and should be reported to the Privacy Officer. Examples of Potential Breaches: A lost or stolen laptop containing PHI Failing to shred patient records before throwing them away Giving PHI to an unauthorized person Leaving medical records open and in plain view Gossip Sending PHI to a home yahoo or gmail email account Reviewing medical records of yourself, friends, family members, significant others or celebrities (NO snooping!!) HIPAA Student Post-Test Name: ___________________________________ Date: _______________ The minimum passing score is an 88. 1. To protect my password, I should: (select EACH answer that is true; this question may have more than one correct answer) Answers □ Write it on a note taped to my computer monitor so that it will be easy to remember. □ Use a “strong” password that includes letter, numerals, and special characters. □ Change my password immediately and report this violation if I think my password has been compromised. □ All of the above 2. When entering a patient room where a visitor/family member is present, Answers □ I should give the patient the opportunity to object my discussing his/her care in front of the visitor/family. □ I should ask the patient if it is okay that I talk to him/her in front of the visitor/family. □ I should not assume a visitor is a family member involved in the patient’s care just because the visitor is of the same race as the patient or because the visitor appears to be very friendly with the patient. □ All of the above. 3. There are no limits on uses and disclosures of protected health information (PHI). Answers □ True □ False 4. Choose the item(s) that are protected health information (PHI) and that should be protected from inappropriate uses or disclosures: Answers □ Information about a patient’s past health care that could identify the patient □ Information about a patient’s present health care that could identify the patient □ Information about a patient’s future health care that could identify the patient □ All of the above 5. Workforce members should not engage in social networking (e.g. Facebook, Twitter, testing, YouTube, etc.) while at work and should not ever discuss or post patient information/images or xrays on such sites even if the patient name has been removed. Answers □ True □ False HIPAA Student Post-Test Filing Number Original or Revised Date Page 1 of 3 HIPAA Student Post-Test 6. Individuals have a right to: Answers □ Request an account of certain disclosures of PHI. □ Ask that a provider not disclose treatment information to a health plan if the patient has paid out of pocket and in full for the service. □ Request a copy of the individual’s medical records in electronic format. □ Request confidential communications and/or their name not be listed in the hospital or nursing home directory. □ All of the above 7. It is acceptable to share a patient’s medical record with: Answers □ Clinicians involved in the patient’s treatment □ People with a legal right to review the record □ Agencies (such as a state surveyor, DNV, CMS) looking into the quality of care at the facility □ All of the above 8. I am required to report any suspected breaches or security incidents to the HIPAA Privacy Officer. Answers □ True □ False 9. Only the health care entity can be penalized for non-compliance with HIPAA. Individual employees cannot be held accountable. Answers □ True □ False 10. Which of the following are examples of controls that protect the security of our computer systems? Answers □ Internet firewalls □ Anti-virus software □ Installation of software updates and patches □ All of the above 11. Which of the following are examples of protected health information (PHI)? Answers □ Diagnostic test results (lab, ultrasound, etc.) □ The patient’s date of birth □ The patient’s name □ Electronic medical records □ Paper medical records □ Health insurance claim form □ All of the above HIPAA Student Post-Test Filing Number Original or Revised Date Page 2 of 3 HIPAA Student Post-Test 12. It is acceptable to send PHI to my home email (e.g., Yahoo, Gmail, etc.) so that I can work on work-related projects at home as long as my supervisor has given approval. Answers □ True □ False 13. Which of the following could qualify as a breach of PHI? Answers □ Lost or stolen laptop with patient billing or medical records □ Posting PHI to Facebook about my day at work □ Throwing out patient files in the trash/dumpster without appropriately shredding □ Snooping in my own or my significant other’s medical record □ Misdirected emails or faxes or sending PHI to my home email address □ All of the above 14. It is acceptable for me to give my cousin a copy of a patient list so that he can send flyers notifying the patients that he is opening a new business in town. Answers □ True. This is a great way for my cousin to grow his new business. □ False. Sale or inappropriate use or disclosure of PHI is illegal and could result in civil and criminal penalties (including jail time). 15. What statements are true about HIPAA? Answers □ It is federal law. □ It affects all in the health care industry. □ It protects the privacy and security of a patient’s health information. □ It sets standards for electronic and physical security of a patient’s health information. □ All of the above. 16. Dr. Steve Urkel is on call and in charge of Ms. Statis Ulcer’s care. During the shift, the patient’s temperature becomes high and she has abnormal lab results. It is acceptable for the nurse to text Dr. Urkel to report this. Answers □ True □ False HIPAA Student Post-Test Filing Number Original or Revised Date Page 3 of 3 Confidentiality and Non-Disclosure Agreement Organizational information that may include, but is not limited to, financial, patient identifiable, employee identifiable, intellectual property, financially non-public, contractual, of a competitive advantage nature, and from any source or in any form (i.e. paper, magnetic or optical media, conversations, film, etc.), may be considered confidential. (Information’s confidentiality and integrity are to be preserved and its availability maintained). The value and sensitivity of information is protected by law and by the strict policies of Upson Regional Medical Center. The intent of these laws and policies is to assure that confidential information will remain confidential through its use, only as a necessity to accomplish the organization’s mission. As a condition to receiving a computer sign-on code and allowed access to a system, and/or being granted authorization to access any form of confidential information identified above, I, the undersigned, agree to comply with the following terms and conditions: 1. My Sign-On Code is equivalent to my LEGAL SIGNATURE and I will not disclose this code to anyone or allow anyone to access the system using my Sign-On Code. 2. I am responsible and accountable for all entries made and all retrievals accessed under my Sign-On Code, even if such action was made by me or by another due to my intentional or negligent act or omission. Any data available to me will be treated as confidential information. 3. I will not attempt to learn or use another’s Sign-On Code. 4. I will not access any on-line computer system using a Sign-On Code other than my own. 5. I will not access or request any information I have no responsibilities for. In addition, I will not access any other confidential information, including personnel, billing or private information. 6. If I have reason to believe that the confidentiality of my User Sign-On Code/password has been compromised, I will immediately change my password and notify the Security Officer. 7. I will not disclose any confidential information unless required to do so in the official capacity of my employment or contract. I also understand that I have no right or ownership interest in any confidential information. 8. I will not leave a secured computer application unattended while signed on. 9. I will comply with all policies and procedures and other rules relating to confidentiality of information and sign-on codes. 10. I understand that my use of the system will be periodically monitored to ensure compliance with this agreement. 11. I agree not to use the information in any way detrimental to the organization and will keep all such information confidential. 12. I will not disclose protected health information or other information that is considered proprietary, sensitive, or confidential unless there is a need to know basis. 13. I will limit distribution of confidential information to only parties with a legitimate need in performance of the organization s mission. 14. I agree that disclosure of confidential information is prohibited indefinitely, even after termination of employment or business relationship, unless specifically waived in writing by the authorized party. 15. This agreement shall survive the termination, expiration, or cancellation of this agreement. 16. I understand that if I access information intentionally outside of the scope of my work that I may be held responsible for penalties and fines associated with my actions. Print Name: ____________________________Role: ______________________________ SIGNATURE: _______Date and Time: ___________________ Confidentiality and Non-Disclosure Agreement HIPAA.ADM.509.F001 Revised: 07/02/2015 Page 1 of 1 Cultural Diversity Diversity in the Workplace Objectives: • Raise level of awareness about importance of sensitivity to diversity of health care workers. • Provide language around topic of diversity. • Learn tools to work effectively with a diverse customer base. What Exactly Is “DIVERSITY”? • Diversity refers to all the ways that individuals are unique and differ from one another. • Broken down into PRIMARY and SECONDARY characteristics. Examples of Diversity • • • • • • • • Age Race Marital Status Education Profession Religion Gender Likes/Dislikes • • • • • • • • Language Lifestyle Life Experiences Geographic Location Eye Color Sexual Orientation Disability Economic Status Primary Characteristics: Qualities We Are Born With • • • • • Gender Eye Color Hair Color Race Birth Defects Secondary Characteristics: • • • • • Religion Educational Level Parental Status Geographic Location Socioeconomic Status What Exactly Is “Culture”? • Patterns of Daily Living by a Group of People Learned Consciously or Unconsciously Examples of Culture • • • • • • • Language Practices Customs Food Clothing Religion Superstitions • • • • • • • Architecture Holiday Celebrations Family Unit Dating Rituals Art Governing Music Barriers to Accepting Others • • • • Perceptions Bias Prejudice Stereotypes PERCEPTION • Thought resulting from a feeling. • Based on opinions, likes, dislikes, attitudes, beliefs, values and rationalizations BIAS • An inclination - either for or against an individual or group that interferes with impartial judgment. PREJUDICE • Pre-judging a person or group without sufficient knowledge. • Frequently based on stereotypes. STEREOTYPE • An oversimplified generalization or mental picture about a person or group without regard for individual difference. Components of Communication • Tone of Voice (38%) • Body Language (55%) • Spoken Language (7%) Foundations of Communication • Showing Respect • Demonstrating Empathy • Being genuine RESPECT • Accepting people without necessarily agreeing with them. • Genuinely valuing and supporting without patronizing. EMPATHY • Accurately understanding people’s feelings. • Recognizing an individual’s needs. • Showing sensitivity to the content, nature and intent of people’s concerns. BEING GENUINE • Being sufficiently aware of self to behave in ways that are aligned with inner feelings and thoughts. • Being aware of own limitations in interacting with others. Bridging Diversity • • • • • • • Learn about other cultures. Be willing to accommodate. Be open and flexible. Challenge perceptions. Practice active listening. Avoid judging. Be patient. Bridging Diversity (Cont’d) • • • • • • • Practice effective communication skills. Look for similarities. Show respect. Understand your biases. Avoid slang. Embrace differences. See diversity as a STRENGTH! Diversity may be the hardest thing for a society to live with, and perhaps the most dangerous thing for a society to be without.” -William Sloane Coffin, Jr Safety Orientation Checklist STUDENT ORIENTATION SCHEDULE Name: ______________________________________________________________ Address: _____________________________________________________________ City: _________________________ State: ______ Zip: _________________ Phone : _______________________________ Email:___________________________________ Unit/Office/Dept Name: ____________________ Preceptor: _____________________________ Clinical Rotation Beginning & End Date: _______________ through _______________ Role (circle one): PA Student RN Student Physician Student LPN Student Other (specify) _______________________________ Please initial each item _____ 1. Safety Orientation/URMC Emergency Code Review • Mission, Vision, Values • URMC Standards of Behavior/AIDET/Patient Satisfaction • Fire Hazards/No Smoking Policy/Evacuation Procedure • Safety Data Sheets • Confidentiality • Fall Risk/Back Safety • Patient Safety Practices/Variance Reports • Standard, Contact, Airborne and Droplet Precautions/Hand Hygiene • Medical Equipment/MRI Safety/Contingency Plan for Utilities • ID Badge & Door Locks • Dress Code • Parking _____ 2. Cultural Diversity Handout Received _____ 3. Confidentiality Agreement and HIPAA Post-Test completed _____ 4. Windows and Meditech Access Forms Signed (if applicable) _____ 5. Intranet Resources Reviewed a) Policy Tech b) Clinical Links _____ 6. Pyxis Patient Supplier Access (if applicable) _____ 7. Preceptor Contact Info/Schedule/Instructions _____ 8. Obtain Badge from Human Resources Student Signature: ________________________________________ Instructor Signature: ______________________________________ Safety Orientation Checklist Filing Number: ADM.EDUC.07.F001 Revised Date: 12/10/15 Date: _________ Date: _________ Page 1 of 1
