2. WhatisHIPAA?
HIPAA: Health
Insurance
Portability and
Accountability
Act
It was passed by
Congress in 1996
It includes
requirements for
Transfer and continuation of health
insurance coverage for millions of
American workers and their families
when they change or lose their jobs
Reducing healthcare fraud and
waste
The protection and confidential
handling of protected health
information
3. HIPAAPrivacyRule
Establishes national
standards to protect
individuals’ medical
records and other
personal health
information
Imposes restrictions
on the use/disclosure
of personal health
information
Gives patients rights
over their health
information, including
rights to examine and
obtain a copy of their
health records, and to
request corrections.
6. Individual’s
past, present
or future
physical or
mental health
or condition
Provision of
health care to
the individual
The past,
present, or
future
payment for
the provision
of health care
to the
individual
Any
information
that identifies
the
individual
Protected Health Information (PHI) or “Individually
identifiable health information” is information,
including demographic data, that relates to:
7. PHI can be disclosed without individual’s permission /
authorization for 12 national priority purposes:
• Required by law
• Public health activities
• Victims of abuse, neglect or domestic violence
• Health oversight activities
• Judicial and administrative proceedings
• Law enforcement purposes
• Decedents (PHI may be disclosed to coroners/medical
examiners/funeral directors to identify the deceased)
• Cadaveric organ/eye/tissue donation
• Research
• Serious threat to health and safety
• Essential government function
• Workers’ compensation
8. ReasonableSafeguards
Speaking in a low voice when speaking to family members of a patient in
a public area like a waiting room
Not using patients’ names in public hallways and elevators when
discussing cases
Posting notices/signs in public areas reminding employees to
respect patient confidentiality
Limiting access to areas/rooms where patient data is stored –
through access cards/ biometric identification/locks
Implementing additional security measures on machines/computers
where patient data is stored – these can be passwords/unique log-in ids
to approved individuals and so on
9. Want to learn more about HIPAA, its requirements and best
practices to comply with them? ComplianceOnline webinars and
seminars are a great training resource. Check out the following
links:
• How to examine security policies, practices, and risk issues to
comply with HIPAA
• How to use social media and texting without breaking HIPAA
rules
• How to Conduct risk analysis to comply with HIPAA
• HIPAA/HITECH Assessment for Healthcare Business Associates
• How to comply with HIPAA Omnibus Rule
• Understanding new rules and responsibilities of Privacy Officer
under HIPAA
• HIPAA Security and Breach Rule Compliance
Thank you !