2. THE PRIVACY ACT
The HIPAA Privacy Rule establishes national standards to protect
individuals’ medical records and other personal health
information and applies to health plans, health care
clearinghouses, and those health care providers that conduct
certain health care transactions electronically. The Rule requires
appropriate safeguards to protect the privacy of personal health
information, and sets limits and conditions on the uses and
disclosures that may be made of such information without
patient authorization. The Rule also gives patients rights over
their health information, including rights to examine and obtain
a copy of their health records, and to request corrections.
3. WHO IS RESPONSIBLE FOR
PATIENT PRIVACY
HEALTHCARE PROVIDERS
Physicians
Nurses
Hospitals
Clinics
IINSURANCE COMPANIES
HMOs
Company Health Plans
Government Programs
4. WHO IS RESPONSIBLE FOR
PATIENT PRIVACY
HEALTH INFORMATION DEPARTMENT
Claims Department
Benefits and Eligibility Department
Referral Department
Healthcare and Premium Payments
Department
We are all responsible as a team for our patients’
privacy!
5. WHAT ARE WE RESPONSIBLE FOR?
(1) access control, to minimize the inappropriate
retrieval of critical, electronically stored
information
(2) encryption of private health data, to prevent
intruders from locating transmissions across
cyberspace, and to make recoding the
transmission more difficult
(3) integrity control, to protect the validity and
reliability of HCIT-accessible data
(4) authentication, to help the organization
identify who is authorized and therefore allowed
to access specific documents and records
6. WHAT ARE WE RESPONSIBLE FOR?
(5) audit control, to allow for meaningful tracing
of inappropriate information access and retrieval
(6) alarms, to provide warnings and alerts about
attempted or intended intrusions into stored
private data
(7) event reporting, to ensure that any breach of
HIPAA standards and regulations is swiftly
reported and the resulting damages controlled
quickly and effectively
7. PENALTIES
HIPAA Violation Minimum Penalty Maximum Penalty
Individual did not know $100 per violation, with an $50,000 per violation,
(and by exercising annual maximum of with an annual maximum
reasonable diligence $25,000 for repeat of $1.5 million
would not have known) violations (Note:
that he/she violated maximum that can be
HIPAA imposed by State
Attorneys General
regardless of the type of
violation)
8. PENALTIES
HIPAA violation due to $1,000 per violation, with $50,000 per violation,
reasonable cause and not an annual maximum of with an annual maximum
due to willful neglect $100,000 for repeat of $1.5 million
violations
9. PENALTIES
HIPAA violation due to $10,000 per violation, with $50,000 per violation,
willful neglect but an annual maximum of with an annual maximum
violation is corrected $250,000 for repeat of $1.5 million
within the required time violations
period
10. PENALTIES
HIPAA violation is due to $50,000 per violation, $50,000 per violation,
willful neglect and is not with an annual maximum with an annual maximum
corrected of $1.5 million of $1.5 million
11. THE GOAL
IT IS OUR JOB AS A TEAM
TO PROTECT OUR
PATIENTS’ RIGHTS AND
PRIVACY
12. REFERENCES
HIPAA Violations and Enforcement [Report]. (2012).
American Medical Association. Retrieved from
http://www.ama-assn.org/ama/pub/physician-
resources/solutions-managing-your-practice/coding-
billing-insurance/hipaahealth-insurance-portability-
accountability-act/hipaa-violations-enforcement.page
Understanding Health Information Privacy. (2012).
Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/ind
ex.html
Wolper, L. F. (2011). Health Care Administration: Managing
Organized Delivery Systems ( 5th Edition). Boston: Jones
and Bartlett Publishing Retrieved from VitalSource