3. HIPAA Privacy Rule The HIPAA privacy rule provides protection of personal health information held by covered entities and gives patients an array of rights with respect to that information (DHS, 2012). Health information cannot be used or disclosed without proper authorization by the patient or legal guardian for minors.
4. Covered entities Covered entities are health care providers, health plans, and a healthcare clearinghouse. Health care providers are doctors, clinics, psychologists, dentists, chiropractors, and other health care professionals.
5. HIPAA Privacy Rule
6. Protected Health Information The privacy rule protects all “individually identifiable health information” held or transmitted by a covered entity in any form or media, whether electronic, paper, or oral (DHS, 2012). The principle behind the privacy rule is to limit the use and disclosure of PHI .
7. Breach of Confidentiality A breach of confidentiality is a disclosure of information to a third party without patient consent or court order (AMA, 2012). Patient information can only be released with patient’s consent in writing or verbal. HIPAA consider the release without authorization only to facilitate treatment or health care operations (AMA, 2012).
8. Enforcement and Penalties HHS (2003) impose civil penalty of $100 per failure and may not exceed $25,000 per year . Criminal penalties of $50,000 and up to one year imprisonment for HIPAA violations, $100,000 with five years for false pretenses, and $250,000 with ten years for using, selling of PHI.
9. Safeguarding and Security Sensitive patient information should have security controls. Staff should turn off or log off when not using the computer. Patient information should not be discussed on hallways or elevators. Access of information should be according to the work involved.