This document provides an overview of HIPAA training. It discusses what HIPAA is, including the Privacy and Security Rules, and what protected health information it covers. It outlines patients' rights to privacy and access to their health information. It describes the responsibilities of covered entities to comply with HIPAA and protect patient privacy. Finally, it discusses breaches of HIPAA and the associated penalties.
3. What is HIPAA
Federal Law protecting
health information
Privacy Rule covers Protected
Health Information (PHI) –
addresses use and disclosure
Security Rule covers Electronic
Protected Health Information
(ePHI)
Health Insurance
Portability and
Accountability Act of
1996
U.S. Department of Health and Human Services (n.d.). Retrieved from hhs.gov/hipaa
4. Patients Rights
Health information privacy rights
Right to privacy
Right to ask questions
Right to file a complaint
Access to health information
Right to privacy
Health information security
Right to make PHI changes
Right to receive an accounting of
PHI disclosures
Right to confidential
communications
Privacy
protection
5. Provider
Responsibility
Provide patient with a Notice of
Privacy Practices
Respond to patient requests for
Access to their PHI
Accounting of disclosures
Restrictions on uses and
disclosures of health information
Confidential communications
Protecting
Patients’ Rights
6. Who is a
Covered Entity?
Health Care Providers –
Doctors, Clinics, Hospitals,
Psychologists, Chiropractors,
Dentists, Nursing Homes,
Pharmacies (who transmit
electronically)
Health Plans - Health Insurance
Companies, HMOs, Company
Health Plans, Government
Programs that Pay for Health
Care
Health Care Clearing House -
Process Nonstandard Health
Information into Standard Form
electronically
Individuals,
organizations, and
agencies that must
comply to HIPAA
Rules
7. Privacy Rule
All “individually Identifiable
Health Information” in any
form, electronic, paper, oral
Demographic
Past, present, future physical
or mental health or condition
Health provision
Past, present, future payment
of health provision
What is Protected?
9. Security Rule
Health Plans
Health Care Clearing Houses
Health Care Providers who
Transmit Health Information
Electronically
Who is Covered?
10. Security Rule
Individually Identifiable Health
Information that can be
received, maintained, or
transmitted electronically
Requires administrative,
technical and physical
safeguards
What is Protected?
11. Breach of
HIPAA
Employee information disclosure
Mishandling medical records
Theft of PHI through lost or stolen
electronic devices
Texting patient information
Posting patient info on social
media
Illegal access of patient files by
employees
Social breaches
Lack of written consent for
disclosure
Access of patient information from
unauthorized devices
Lack of HIPAA training
What Not To Do
12. Enforcement
Rule
Did not Know = $100 to
$50,000 per violation
Reasonable Cause = $1,000
to $50,000 per violation
Willful Neglect (Corrected) =
$10,000 to $50,000 per
violation
Willful Neglect (Not
Corrected) = $50,000 per
violation
Penalties for HIPAA
Non-Compliance
(Federal Register, 2009, p. 56127)
13. References
Federal Register. (2009, October 30). Rules and Regulations. U.S. Department of Health and Human
Services. Vol. 74 No. 209. Retrieved from
hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/enforcementrule/enfifr.pdf
U.S. Department of Health and Human Services (n.d.). Retrieved from hhs.gov/hipaa
Zabel, L. (2016, June 22). 10 common HIPAA violations and preventative measures to keep your
practice in compliance. Becker Hospital Review. Retrieved from
beckershospitalreview.com/healthcare-information-technology/10-common-hipaa-violations-and-
preventative-measures-to-keep-your-practices-in-compliance
Editor's Notes
Thank you for viewing & listening to my presentation!