HIPAA Summary for Training


Published on

This summary provides basic background of the Health Insurance Portability and Accountability Act of 1996

  • Be the first to comment

  • Be the first to like this

HIPAA Summary for Training

  1. 1. Health Insurance Portability andAccountability Act of 1996 (HIPAA) Privacy and Security Rules Summary The Healthcare Team
  2. 2. TRAINING & AWARENESS1. Introduction to HIPAA2. PHI Identifiers and Awareness3. Security Measures4. Privacy Breaches5. Policies & Procedures
  3. 3. What is HIPAA?The Health Insurance Portability andAccountability Act (HIPAA) is a federal lawthat specifies administrative simplificationprovisions that:1. Protect the privacy of patient information2. Provide for electronic and physical security of patient health information3. Require “minimum necessary” use and disclosure4. Specify patient rights to approve the access and use of their medical information
  4. 4. Protected Health Information (PHI)PHI is any information about healthstatus, provision of health care, orpayment for health care that can be linkedto a specific individual
  5. 5. Protected Health Information (PHI) 18 IdentifiersName Account numbersPostal address License numbersAll elements of dates except year Health plan beneficiary numberTelephone number Medical record numberFax number Device identifiers and their serial numbersEmail address Vehicle identifiers and serial numbersURL address Biometric identifiersIP address Full face photos and other comparable imagesSocial security number Any other unique identifying number, code, or characteristic
  6. 6. When should you use PHI?1. Only when necessary to perform your job duties2. Use only the minimum necessary to perform your job duties
  7. 7. How do I secure PHI?• Use electronic data only in a firewall environment (cloud)• Do not download to a non-protected environment: • Laptop • Flashdrive• Do not verbally release PHI outside the office• Do not leave PHI on answering machines• Ensure all paper, cds, and records are locked up or destroyed
  8. 8. Privacy Breaches• Talking in public areas too loudly or to the wrong person• Lost/stolen or improperly disposed of paper, mail, films, notebooks• Lost/stolen laptops, PDAs, cell phones, media devices (video/audio recordings)• Lost/stolen zip disks, CDs, flash drives• Hacking or unprotected computer systems• Email/faxes sent to the wrong address, wrong person, or wrong number• User not logging off of their computer system allowing others to access
  9. 9. Notice of Privacy Practices (NOPP)The Notice of Privacy Practices allows PHI tobe used and disclosed for purposes of TPO:  Treatment  Payment  OperationsTPO includes teaching, medical staff/peerreview, legal, auditing, customer service,business management, and releases mandatedby law
  10. 10. RememberAll patient information is private• Personal information• Financial information• Medical information• Protected Health Information• Information in any format: • Spoken • Written • Electronic