Published on

Published in: Education, Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Confidentiality Diana Fernandez MHA 6 90 September 14, 2011 Instructor: Dr. Ray Borges                                                                                                
  2. 2. What is HIPAA? <ul><li>The Health Insurance Portability and Accountability Act (HIPAA) of 1996 Public Law 104-191 is an act that specifies the privacy, security and electronic transaction standards with regard to patient information for all health care providers. It was assigned into law on August 21, 1996 and came about in response to rapidly expanding technology and the need for standardization in the health care industry (Choi, 2006). </li></ul>
  3. 3. Privacy Rule <ul><li>WHAT IS THE HIPAA PRIVACY RULE? </li></ul><ul><li>establishes the conditions under which individuals or organizations may use and/or disclose personal health information; </li></ul><ul><li>sets an industry standard for disclosing only the minimum amount of information necessary to satisfy an authorized request for patient information; and </li></ul><ul><li>requires organizations to appoint a privacy officer to conduct privacy assessments, create policies to protect patient privacy, train staff, and establish an internal grievance process (NGA). </li></ul>
  4. 4. Security Rule <ul><li>The Security Rule applies only to protected health information in electronic </li></ul><ul><li>form (EPHI), and requires a covered entity to ensure the confidentiality, integrity, and </li></ul><ul><li>availability of all EPHI the covered entity creates, receives, maintains, or transmits. </li></ul><ul><li>Covered entities must protect against any reasonably anticipated threats or hazards </li></ul><ul><li>to the security or integrity of such information, and any reasonably anticipated uses </li></ul><ul><li>or disclosures of such information that are not permitted or required under the </li></ul><ul><li>Privacy Rule; and ensure compliance by its workforce (USHHS). </li></ul>
  5. 5. HIPAA Safeguards <ul><li>Safeguards are the solutions and tools used to implement security policies. Individually identifiable health information should be protected with reasonable technical, physical and administrative safeguards to ensure its confidentiality, integrity, and availability to prevent unauthorized or inappropriate access, use, or disclosure (USHHS). </li></ul>
  6. 6. Physical Safeguards <ul><li>Physical safeguards to ensure compliance with HIPAA’s Security Rule may be the easiest way to begin the compliance process. </li></ul><ul><li>Examples of Physical Safeguards </li></ul><ul><ul><li>Office alarm systems </li></ul></ul><ul><ul><li>Sign in stations at computer terminals </li></ul></ul><ul><ul><li>Employee electronic swipe cards </li></ul></ul><ul><ul><li>Locked offices containing computing equipment that stores electronic health information (Choi, 2006). </li></ul></ul>
  7. 7. Administrative Safeguards <ul><li>The administration plays an integral part in establishing compliance with HIPAA security standards (Choi, 2006). </li></ul><ul><li>Examples of Administrative Safeguards </li></ul><ul><ul><li>Designate a privacy officer with primary responsibility for ensuring compliance with the regulations </li></ul></ul><ul><ul><li>Establish training programs for all employees </li></ul></ul><ul><ul><li>Implement appropriate policies and procedures intentional and accidental disclosures of protected information </li></ul></ul><ul><ul><li>Implement appropriate sanctions for violations of the privacy guidelines (DeMuro, 2001). </li></ul></ul>
  8. 8. On-going Staff Training/Education <ul><li>Conduct orientation of new staff and on-going education </li></ul><ul><li>of existing staff on organization’s: </li></ul><ul><li>Privacy policies & procedures </li></ul><ul><li>Security </li></ul><ul><li>Policies & Procedures </li></ul><ul><li>Technical security services </li></ul><ul><li>Compliance Reviews </li></ul><ul><li>Random Audits to ensure that security and privacy measures are being put into action </li></ul><ul><li>Establish confidentiality agreements with all staff members </li></ul>
  9. 9. References <ul><li>Choi, Y., Capitan, K., Krause, J., & Streeper, M.. (2006). Challenges Associated with Privacy in Health Care Industry: Implementation of HIPAA and the Security Rules. Journal of Medical Systems, 30(1), 57-64.  Retrieved September 12, 2011, from ProQuest Computing. (Document ID: 2157468781). </li></ul><ul><li>National Governors Association. Center for Best Practices. (n.d.) Retrieved September 12,2011, from World Wide Web: </li></ul><ul><li>Paul R DeMuro & W Andrew H Grant III. (2001, January). HIPAA privacy standards raise complex implementation issues. Healthcare Financial Management, 55(1), 42-7.  Retrieved September 12, 2011 from ABI/INFORM Global. (Document ID: 66093850). </li></ul><ul><li>U.S. Department of Health and Human Services. Office of Health Information Privacy. (n.d.) Retrieved September 12, 2011 from the World Wide Web: </li></ul>