Protecting Patient Records

2. THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
OF 1996 (HIPAA)
The HIPAA Privacy Rule requires health
care providers as well as health care
plans to safeguard patient health
information. This federal requirement
applies to both paper and electronic
health care records (HHS, 2013)

3. Patient privacy means:
• Information relating to a
patient’s past, present,
or future physical or
mental state or
condition
• Any information that
can be used to identify
a patient.

4. INFORMATION MAY INCLUDE
• Any information that doctors, nurses or any other health care
providers include in a patient’s record.
• Information or instructions concerning a patient’s treatment or
care with nurses.
• Patient information for a health insurer’s system.
• Patient billing information
• Any information that is used by companies that provide billing,
data, or other services to doctors, health insurers, hospitals,
or other health care organizations.

5. HIPAA SECURITY RULE
When does
HIPAA
become
Protected
health
information?

6. HOW IS MY HEALTH INFORMATION PROTECTED BY HIPAA?
The health care organizations required to comply with HIPAA Privacy Rules
must :
• Follow the Rules about who can look at, receive, and share your health
information.
• Limit use as well as sharing patient information to the minimum.
• Keep agreements in place with service providers to make certain that they
only use health information in accordance with the law.
• Implement HIPAA training for employees on how to protect patient health
information.

8. REFERENCE
U.S. Department of Health and Human Services.
(2013). Your health information security.
Retrieved from http://www.healthit.gov/patientsfamilies/your-health-information-security

9. THE HIPAA BREACH NOTIFICATION RULE REQUIREMENT
• doctors, hospitals, healthcare providers, and insurance
companies are required to notify patient of a "breach" if their
unsecured information is seen or accessed by an
unauthorized party.
• Federal law also requires providers and insurance companies
to immediately notify the Secretary of the U.S. Department of
Health and Human Services as well as notify the public and
media if the breach will affect more than 500 people.

10. THE HIPAA BREACH NOTIFICATION RULE REQUIREMENT

This rule in helps patients to understand that
there are severe penalties to pay if protected
information should for any reason become
unsecure.

This rule also enforces healthcare providers to be
accountable for their patients’ healthcare information.

Health information should always be encrypted to
ensure that other people cannot read it.

11. TAKE CONTROL
Not only should clinicians take the necessary steps to protect
patient sensitive information, but patients should also take responsibility
over their information as well. Here are a few things people should know:
 Confidential information is not protected by HIPAA if the patient shares
information on the internet about their own health condition.
 Patients should be made aware that passwords can prevent hackers from
stealing secured information via E-mail or mobile device.
 Patients should also be made aware that if not careful, medical identity
thieves could use personal health insurance information to gain access to
medical services, prescription drugs, or even surgery.