HIPAA Training for Healthcare organization and employees awareness.

1. THE VIABILITY OF PERSONAL
HEALTH INFORMATION
HIPAA
CAMILLE MAXWELL- NERY
MHA690: HEALTHCARE CAPSTONE WEEK 1 DISC 2
DR. JARED RUTLEDGE

2. OBJECTIVES
HIPAA regulations in healthcare settings and access
HITECT enactment guidelines under HIPAA
Highlights meanings regarding security breach of health information
Approaches to take in order to avoid breaching HIPAA, HITECT
Types of protected health information
Conclusion
References

3. HIPAA REGULATIONS IN HEALTHCARE SETTINGS
AND ACCESS
• A covered entity can access patient
information for
• Research with granted permission from
the patient/consent.
• Treatment/diagnosis
• Health care emergencies, such as operation
and other life threaten situations with
inform consent.
• Individual use
• Exceptions to the rules includes;
• Some state laws require health care
organizations to disclose certain health
information including communicable
disease, such as AIDS and STDs, Suspected
child abuse or adult abuse without the
patient consent(Pozgar, 2012).
• Individuals who have access to personal
information under HIPAA includes;
• Health plans
• Health care clearinghouses
• Health care providers
• Regional Health Information Organizations, e-
prescribing gateways, or a vendor that contracts
with a covered entity to allow the covered entity to
offer access to personal health record as a part of
its EHR, are business associate if they require
access to PHI on a routine basis (Wager, Lee, &
Glaser, 2013).

4. GUIDELINES UNDER HIPAA/HITECT
1. Boundaries. PHI may be disclosed for health purposes only, with very
limited exceptions (Wager, Lee, & Glaser, 2013).
2. Security. PHI should not be distributed without patient
authorization, unless there is a clear basis for doing so, and the
individuals who receive the information must safeguard it (Wager,
Lee, & Glaser, 2013).
3. Consumer control. Individuals are entitle to access and control their
health records and are to be informed of the purposes for which
information is being disclosed and used (Wager, Lee, & Glaser,
2013).
4. Accountability. Entities that improperly handle PHI can be charged
under criminal law and punished and are subject to civil recourse as
well (Wager, Lee, & Glaser, 2013).
5. Public responsibility. Individual interests must not override national
priorities in public health, medical research, preventing health care
fraud, and law enforcement in general (Wager, Lee, & Glaser,
2013).
6. Security management process must be in place. Using assigned

5. HIGHLIGHTS MEANING REGARDING SECURITY
BREACH OF HEALTH INFORMATION
• There are establishment where criminal and civil penalties for
noncompliance are enforce and the penalties are applied using
a tiered schedule which ranges from $100 for a single violation
to $1,500,000 for multiple violations due to willful neglect
(Wager, Lee, & Glaser, 2013).
• Employee who have missed used their privileges can be subject
to organizational guideline disciplinary actions which could
lead up to termination.

6. APPROACHES TO TAKE IN ORDER TO AVOID
BREACHING HIPAA, HITECT
Administrative Safeguards
• Policies and procedures to govern
organizations required guidelines.
• Access to PHI in all forms must be
restricted to only those employees
who have a need for it to complete
their job function.
• Internal audits play a key role in
HIPAA compliance by reviewing
operations with the goal of
identifying potential security
violation(Pozgar, 2012).
Physical Safeguarding
• Responsibility for security must b
assigned to a specific person or
department.
• Required access control consist of
facility security plans, maintenance
records, and visitor sign-in and
escorts.
• Workstations should be removed
from high-traffic areas, and monitor
screens should not be in direct view
of the public.
• When information flows over open
networks, some form of encryption

7. TYPES OF PROTECTED HEALTH INFORMATION
• This includes information pertaining to the patient overall
status. Here is a short example,
1. Name
2. Age
3. Address
4. Reason for admission to facility
5. Social Security number
6. Marital Status
7. Religion
8. Diagnosis
9. Treatment plan or plan of care

8. CONCLUSION
• Under HIPAA protected information is also defined under the privacy rule as any
information that is related to a person’s physical or mental health, the provision
of health care, or the payment for health care, information that serves to
identifies the person who is the subject of information which has been created
and received by a covered entity and that information is further transmitted and
maintained in any form by that entity is subjected under the privacy privileges of
HIPAA (Wager, Lee, & Glaser, 2013).
• Healthcare services delivery in the United States comprises multiple providers
and in most cases, electronic and mechanical components and coordinated
networks as well (Wolper, 2011). Today there are a wealth of information that
are disperse utilizing various means. The organization have entrusted you with
the needed tools to access patient information for treatment purposes only. Any
identified breaching of information will follow organization policies and
procedure for reporting such breach. Additional actions will be taken to help
with eradicating such occurrences from repeating itself. HIPAA rules and
regulations are to be followed at all times.

9. REFERENCES
1. Kongstvedt, P. R. (2009). Essentials of Managed Health
Care Study Guide (5th.ed). Sudbury, MA: Jones and Bartlett
Publishers, LLC.
2. Pozgar, G. D. (2012). Legal Aspects of Health Care
Administration (11th. ed). Burlington, MA: Jones and
Bartlett Learning, LLC.
3. Wager, K. A., Lee, F. W., & Glaser, J. P. (2013). Health
Care Information Systems A Practical Approach for Health
Care management (3rd. ed). San Francisco, CA: John Wiley
& Sons, Inc.
4. Wolper, L. F. (2011). Health Care Administration managing
Organized Delivery Systems (5th. ed). Sudbury, MA: Jones
and Bartlett Publishers, LLC.