2. What is the HIPAA/PHI?
The U.S. Department of Health and Human Services (DHHS) has set a
national regulation for individual protection called “the Health
Insurance Portability and Accountability Act of 1996” (HIPAA) which
was created to make certain that health insurance coverage is available
after leaving an employer and also to offer a standard for healthcare
transactions. In this process, Congress acknowledge that the privacy of
healthcare information was needed and that it is necessary to have
this law to avoid fraud and abuse of information. The Privacy Rule
controls the use and the discloser of individual “identifiable health
information called protected health information (PHI)”. PHI is the
health care record that addresses the diagnosis and injuries/conditions
of an individual. This act sets limits and founds suitable safeguards to
hold violators accountable; it allows patients to make knowledgeable
choices and offers patients the right to gain a duplicate of their own
healthcare record. (“Hipaa privacy rule and public,”)
3. What is the HIPAA Security Act?
The HIPAA Security Rule is distinct by the 18th HIPAA
identifiers. The Security Rule describes the principles,
measures and approaches for protecting electronic PHI and
the ways this is done is by retrieving, transmitting and
reviewing records correctly.
The three HIPPA Security Rule are as follows: Administrative
Safeguards-These are the people who keep track on what is
going on with the records or computers. Physical Safeguards –
These are the firewalls that are in place for hacker, this also
has to do with updates of the system and having Backup
/Recovery software. Technical Safeguards –This is the system
that encrypts the document so it can be unread from the
outside people. ("Hipaa security rule," )
4. Safety Tips
•Privacy Officer and the Security Officer are in each Healthcare facility
so please be aware of what you do:
•Close the door when conducting discussions about a patient or
talking to them in depth about their condition.
•Don’t leave or open/copy medical records where others can see (such
as copy machines, fax machines/mail boxes or file cabinets.
•Don’t share passwords, always cover it when typing it in (lock
computer ,when they are not near by and press alt, ctrl and delete)
•If they are making a copy of a record for a patient return it to it right
place. When disposing a record please put it in the assign place for it.
Examples of PHI are:
Social Security Numbers
Medical record numbers
Health plan beneficiary numbers
5. When looking at a patient record
without permission:
Penalties might not go beyond a calendar year for numerous
abuse, correction should occur through a 30-day period once
the manager or higher up have knowledge of the misuse
unless the time frame has been extend by the Office for Civil
Rights or the Department of Justice. If DOJ has knowledge of
the information being shared, they will force a criminal
penalty for the action which means that they might face a
criminal penalty of up to $100-$50,000 per violation/up to
one-year of incarceration. The criminal penalties can change
if there were dishonest pretenses which as a result would
increase to $100,000/up to five years of incarceration and to
$250,000/up to 10 years imprisonment would occur if the
information was retailed, transferred mischievous intent
occurred. ("Health information privacy," )
6. Note to self:
At no cost, should you give any information to anyone
about a patient until they show you an i.d. and you have
to always remember that the only information you can
give them is their own. If it is a minor the parent(s) have
rights to the record or if the spouse give a written or
verbal consent to give the information to the spouse it
would have to reflect the time frame or date of care that
can be discussed. Please keep your sign in list updated so
if the person does not have an appointment but they
came in to ask you something about their record, this will
be consider your proof on why you were in there record,
even though they were not scheduled.
7. References
•Health information privacy. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understandi
ng/summary/index.html
•Hipaa security rule and compliance. Retrieved
from http://www.hipaaguidelines101.com/hipaasecurity.htm
•Hipaa privacy rule and public health . (n.d.).
Retrieved from
http://www.cdc.gov/mmwr/preview/mmwrhtml/m
2e411a1.htm