This document discusses the Health Insurance Portability and Accountability Act (HIPAA) and its requirements for protecting patient health information. It provides an overview of key HIPAA terms like protected health information (PHI) and introduces HIPAA guidelines around privacy, security, and the responsibilities of covered entities like the Philadelphia Center. The document outlines HIPAA rules for appropriate use and disclosure of patient data, administrative and technical safeguards required, and accountability measures like audits, training, and complaint procedures to enforce compliance.

1. Philadelphia Center
N.W. Louisiana AIDS Resource Center
http://www.hhs.gov/ocr/privacy/

2. Electronic Health Information Exchange in
a Networked Environment
Introduction to HIPAA
Health Information Portability and Accountability Act of (1996)

3. HIPAA Basics
 HIPAA compliance and
confidentiality must be
maintained for the sake of
the client, the employee,
and the organization.
 Compliance is mandatory
for any organization dealing
with medical records.
 HIPAA stands for Health
Insurance Portability &
Accountability Act of 1996.
 PHI stands for Protected
Health Information.
 TPO stands for Treatment ,
Payment, and Operations.
 OCR stands for Office of Civil
Rights—Hotline #: (1-
800-537-7697)
 HIO stands for Health
Information Organization.
 PRP stands for Privacy Rule
Policies

4. HIPAA Basics
 All client information and
money spent at the
Philadelphia Center needs to
be protected and HIPAA has
guidelines to help us do this.
 HIPAA also has audits that
makes sure the Philadelphia
Center is within guideline
limits and the Audit is tough.
 We, the IT’s, are aware of
HIPAA and the necessary
things needed to make sure
the Philadelphia Center is in
compliance.
There should be openness and
transparency about policies,
procedures, and technologies that
directly affect individuals and/or
their individually identifiable health
information (PHI).

5. HIPAA
Philadelphia Center
Accountability
 A HIPAA audit will look something like this:
 We need to make sure that we have all bases covered in
case they decide to make us their next audit.

6. The Privacy Rule
 The Standards for Privacy of Individually Identifiable Health
Information (“Privacy Rule”) establishes, for the first time, a set of
national standards for the protection of certain health information.
 The U.S. Department of Health and Human Services (“HHS”) issued
the Privacy Rule to implement the requirement of the Health
Insurance Portability and Accountability Act of 1996 (“HIPAA”).

7. The Privacy Rule
 The Privacy Rule standards address the use and disclosure of
individuals’ health information—called “Protected Health
Information” by organizations subject to the Privacy Rule — called
“covered entities,” as well as standards for individuals' privacy rights
to understand and control how their health information is used.
 Within HHS, the Office for Civil Rights (“OCR”) has responsibility
for implementing and enforcing the Privacy Rule with respect to
voluntary compliance activities and civil money penalties.

8. Electronic Health Information Exchange in
a Networked Environment
Accountability
Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)

9. ACCOUNTABILITY
 The Privacy Rule provides the foundation for accountability
within an electronic health information exchange
environment
 Requires covered entities (Philadelphia Center) that
exchange Protected Health Information (PHI) to comply with
its administrative requirements
 Requires Philadelphia Center employees to adhere to the
HIPAA privacy rules

10. ACCOUNTABILITY
Administrative
Requirements
 The Philadelphia Center must have
written policies and procedures in place
to implement privacy standards See 45
C.F.R. § 164.530(b)
 Employees should be trained on those
policies and procedures
 The Philadelphia Center director must
reprimand employees who violate
established Privacy Rule Policies [See 45
C.F.R. § 164.530(e)]
Privacy Rule Requirements
 A Philadelphia Center, Client complaint
form has to be created See 45 C.F.R. §
164.530(d)
 A Notice of Privacy Practices has to be
sent to every Philadelphia Center
client
 Contact information and instructions
on how to file complaints should be
included with the Notice of Privacy See
45 C.F.R. § 164.530(b)(1)(vi)-(vii)

11. Electronic Health Information Exchange in
a Networked Environment
Collection, Use, and
Disclosure Limitation
Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)

12. Permitted Uses
& Disclosures
 To the Individual
 Used for Philadelphia’s
Treatment, Payments,
Health Care Operations
 Uses and Disclosures with
Opportunity to Agree or
Object
 Incidental Use and
Disclosure
 Public Interest and Benefit
Activities
 Limited Data Set
 Basic Principle
 Required Disclosures

13. Philadelphia Center
N.W. Louisiana AIDS Resource Center
http://www.hhs.gov/ocr/privacy/