Training for healthcare organization staff to be aware of HIPAA violation and Security of Patient Health Information.

1. HIPAA PRIVACY AND
SECURITY TRAINING
Jasmay Amataga
MHA 690: Health Care Capstone
February 21, 2019
Dr. Hwangji Lu

2. What is HIPAA?
• The Health Insurance Portability and
Accountability Act (HIPAA) is federal legislation
which addresses issues ranging from health
insurance coverage to national standard
identifiers for healthcare providers.
• The portions that are most important for our
purposes are those that deal with protecting
the privacy and security of health data, which
HIPAA calls Protected Health Information
(PHI).

3. What is PHI?
• Any information, transmitted or maintained in any
medium, including demographic information:
• Created/received by covered entity or business
associate;
• Relates to/describes past, present or future physical or
mental health or condition; or past, present or future
payment for provision of healthcare; and
• Can be used to identify the patient

4. Failure to Comply
• Every health care organization is expected to develop policies and
procedures to guide practices within their facility. Every person who
provides care or assistance to patients in the facility is expected to
understand and comply with HIPAA regulations.
• Each team members work is important for patient care. At the same time,
it is essential that all patients’ health information be kept confidential.
• Organization or individuals that violate the Privacy rules are subject to
monetary fines (range of $100 - $1.5 Million) and or civil or criminal
charge (of 1-10 years of prison time).
• Failure to comply may also hurt the reputation of the facility, put
accreditation at risk and result in costly lawsuits.

5. GOAL
The goal of the privacy program is to
protect confidential information from
improper use or disclosure.
What does this mean to you?

6. Your Responsibility
• Respect confidential information about patients and
use information only to perform your specific role
• Be sure patient information is only given or disclosed to
others who have a legal right to it.
• What information needs to be kept private:
All information that identifies an
individual is considered confidential

7. Unauthorized Disclosures
• Some of the biggest threats to patient privacy is unintentional
disclosure of information:
• Discussion a case where other patients or visitors may overhear, such as in
elevators, hallways or the cafeteria
• Leaving sensitive information out where patients or visitors can see it.
• Another threat to patient privacy is when a workforce member
intentionally uses or discloses information in an unauthorized
way:
• Copying information and taking it home
• Removing medical records from the health facility and giving them to others
who have no legal right to them.
• Deliberately sharing information with unauthorized persons (family
members, friends, or news reporters).
• Using confidential information in gossiping about patients
• Leaving a computer unattended after logging in to an application
• Sharing passwords with others or leaving passwords are

8. Reporting Violations
If you witness or suspect a confidentiality violation of a
HIPAA privacy information, you must report it immediately
to your supervisor.
Other reporting means include:
• Report to a privacy officer, security officer, or quality
assurance.
Reporting is everyone’s responsibility!

9. References
• Institute of Medicine (US) Committee on Health Research and the Privacy of
Health Information: The HIPAA Privacy Rule; Nass SJ, Levit LA, Gostin LO,
editors. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving
Health Through Research. Washington (DC): National Academies Press
(US); 2009. 2, The Value and Importance of Health Information Privacy.
Available from: https://www.ncbi.nlm.nih.gov/books/NBK9579/
• U.S Department of Health and Human Services (2019). The HIPAA Privacy
Rule. U.S Department of Health and Human Services. Retrieved from:
https://www.hhs.gov/hipaa/for-professionals/privacy/index.html