Confidentiality Diana Fernandez MHA 6 90 September 14, 2011 Instructor: Dr. Ray Borges
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 Public Law 104-191 is an act that specifies the privacy, security and electronic transaction standards with regard to patient information for all health care providers. It was assigned into law on August 21, 1996 and came about in response to rapidly expanding technology and the need for standardization in the health care industry (Choi, 2006).
WHAT IS THE HIPAA PRIVACY RULE?
establishes the conditions under which individuals or organizations may use and/or disclose personal health information;
sets an industry standard for disclosing only the minimum amount of information necessary to satisfy an authorized request for patient information; and
requires organizations to appoint a privacy officer to conduct privacy assessments, create policies to protect patient privacy, train staff, and establish an internal grievance process (NGA).
Safeguards are the solutions and tools used to implement security policies. Individually identifiable health information should be protected with reasonable technical, physical and administrative safeguards to ensure its confidentiality, integrity, and availability to prevent unauthorized or inappropriate access, use, or disclosure (USHHS).
Physical safeguards to ensure compliance with HIPAA’s Security Rule may be the easiest way to begin the compliance process.
Examples of Physical Safeguards
Office alarm systems
Sign in stations at computer terminals
Employee electronic swipe cards
Locked offices containing computing equipment that stores electronic health information (Choi, 2006).
The administration plays an integral part in establishing compliance with HIPAA security standards (Choi, 2006).
Examples of Administrative Safeguards
Designate a privacy officer with primary responsibility for ensuring compliance with the regulations
Establish training programs for all employees
Implement appropriate policies and procedures intentional and accidental disclosures of protected information
Implement appropriate sanctions for violations of the privacy guidelines (DeMuro, 2001).
On-going Staff Training/Education
Conduct orientation of new staff and on-going education
of existing staff on organization’s:
Privacy policies & procedures
Policies & Procedures
Technical security services
Random Audits to ensure that security and privacy measures are being put into action
Establish confidentiality agreements with all staff members
Choi, Y., Capitan, K., Krause, J., & Streeper, M.. (2006). Challenges Associated with Privacy in Health Care Industry: Implementation of HIPAA and the Security Rules. Journal of Medical Systems, 30(1), 57-64. Retrieved September 12, 2011, from ProQuest Computing. (Document ID: 2157468781).
National Governors Association. Center for Best Practices. (n.d.) Retrieved September 12,2011, from World Wide Web: http://www.nga.org
Paul R DeMuro & W Andrew H Grant III. (2001, January). HIPAA privacy standards raise complex implementation issues. Healthcare Financial Management, 55(1), 42-7. Retrieved September 12, 2011 from ABI/INFORM Global. (Document ID: 66093850).
U.S. Department of Health and Human Services. Office of Health Information Privacy. (n.d.) Retrieved September 12, 2011 from the World Wide Web: http://www.hhs.gov/