1. Knock, Knock!
Who’s there?
HIPAA!!
HIPAA who?
I can’t tell you THAT!!

2. 
Jessica McGrail
Maria Radziminski
Nicole Ring
Juliet Nwokedi
Rodolfo Tadeo
Jacksonville University
June 5, 2014
Group Presentation

3. What are the Top Violations of The
Health Insurance Portability and
Accountability Act (HIPAA)?

4. 
Health Insurance Portability &
Accountability Act
WHAT IS HIPAA?

5. 
HIPAA is a federal law
HIPAA establishes uniform rules for protecting
health information & privacy
HIPAA rules were invented to
balance between the flow of information
while protecting the privacy of patients. (US
Department of Health and Human Services,
2014, May 27).
What is HIPAA?

6. 
What does HIPAA say?
The patient has the right to:
Request access to health information
Request to amend their health information
Request restriction to information sharing
Request accountability of disclosures (US
Department of Health and Human
Services, 2014, May 27).

7. 
HIPPA’s Protection
Who Does
HIPPA Protect?
How Does
HIPPA Protect?

8. 
Who and What Does
HIPPA Protect?
HIPPA Protects
Your Individual
Health Information
 HIPPA also Protects
Individual Identifiable
Health Information (IIHI)
 name or partial name
 Address or zip code
 Social Security number
 Birth date
 Phone number
 Diagnosis
 Employer
 Relatives
 Billing information
(US Department of Health
and Human Services, 2014,
May 27).

9. 
How Does HIPPA
Protect?
 Requires covered entities
to implement security
measures to protect
improper disclosure of
health information
 Set limits on user access to
individual health
information
 Training programs are
implemented for
employees on how to
protect your health
information
(US Department of Health
and Human Services, 2014,
May 27).

10. 
What Information Does
HIPAA Protect?
 Sharing any personal
health information with
anyone other than the
patient, persons
authorized by the
patient to receive IIHI,
or a person directly
involved in patient care
is a violation of HIPAA
(Hebda & Czar, 2013).

11. Personal Ipad

12. 
 Patient’s health information must be secure against
threats to inadvertent disclosure, integrity or
availability (Hebda & Czar, 2013).
Using patient information on personal
computer and taking it home

14. 
 Adding password protection and encrypted files
increases security protection (Hebda & Czar, 2013).
Losing backup disks or portable drives
with patient health information

15. FACEBOOK

16. 
Social Media
 The nurse exposed patient data by posting onto her
Facebook page
 How do we safeguard against this?
 Don’t post/tweet or blog about patients
 Don’t discuss medical conditions
 “If you wouldn’t say it in an elevator, don’t put it
online” (Ekrem, 2011).
 Don’t exchange personal data

17. Dashboard

18. 
Dashboard
 The nurse asked another nurse for access to their
dashboard…this should NEVER happen!
 How can we prevent this violation of HIPAA?
 Never share your sign-on information
 Never write passwords down
 Change passwords regularly and use a combination of
upper and lowercase letters, numbers and symbols
 If the program asks to ‘remember’ your password, do not
say yes
 If you think your password has been compromised,
report it immediately. (University of Wisconsin-Madison,
2003).

20. 
Wrong Fax Number
Prevention
 Confirm that fax numbers are correct before sending
information to prevent wrong delivery.
 Make use of cover sheet.
 Use sealed envelopes for delivery.
 The use of an encryption key makes it impossible to
read confidential information.
 This safeguards fax transmissions that might be sent
to a wrong number. (Hebda & Czar, 2013).

21. I
N
C
O
M
P
L
E
T
E
A
U
T
H
O
R
I
Z
A
T
I
O
N

22. 
Preventing Incomplete
Authorization
 Only the patient or personal representative has the right
to access patient’s health information!!
 Information privacy form must be completely filled out
during admission.
 Personal information cannot be given to any entity
without written authorization from patient.
 Patients can add and amend an incomplete personal
health information in a written request to the healthcare
provider to avoid ideal representative confusion. (US
Department of Health and Human Services, 2014, May
27).

23. THE
TEXT

24. 
 PHI may NEVER be shared with anyone who is not directly
involved in patient care. Therefore, texting a friend or loved
one any information that could be used to identify a patient is a
violation of the HIPAA code. (US Department of Health and
Human Services, 2014, May 27).
 “The Privacy Rule protects all individually identifiable health
information held or transmitted by a covered entity or its
business associate, in any form or media, whether electronic,
paper or oral. Individual identifiable health information is
information that relates to the individual’s past, present or
future physical or mental health or condition, the provision of
healthcare to that individual, and that identifies the
individual… ” (Hader & Brown, 2010).
Texting PHI

25. 
Texting PHI violates HIPAA in a couple of
ways.
First, text messages are not secure or
encrypted. “Texting patient information is
not legal unless the text messages are
transmitted through a secure and encrypted
network.” (Clinch, 2012).
Second, texting does not allow the receiver to
verify the sender’s identity. (Clinch, 2012).
Texting Personal Health Information is a
violation of HIPAA!!

26. 
 We avoid violating the Privacy Rule of the HIPAA code
by NEVER texting ANY patient information. Whether a
name, a room number, or a diagnosis, PHI must be
guarded carefully to ensure the safety and security of our
patients. (Hebda & Czar, 2013).
 As nurses, we must protect our patients by honoring their
privacy and not discussing them with anyone who is not
directly involved in their care, even if we feel the
information is benign or could not be traced back to the
patient. Especially in the case of text messages, we just
never know who could be intercepting PHI.
How do we avoid this
violation of HIPAA?

28. 
 What is an incidental disclosure of PHI?
 According to The University of Chicago’s HIPAA
Program Office (2006, paragraph 2), “While
reasonable precautions should be used to avoid
sharing patient information with those not involved
in the patient’s care, it is possible that minor
amounts of patient information may be disclosed to
people near where patient care is delivered or being
coordinated. This is referred to as an incidental
disclosure.”
Incidental Disclosures of PHI

29. 
 The HIPAA laws state that as long as reasonable efforts
are made to minimize incidental disclosure, sharing
patient information that may be overheard is okay. (US
Department of Health and Human Services, 2014, May
27). But what are reasonable measures?
 Refusing to discuss one patient in front of another patient
or his/her family members, for example, a roommate
 Using a quiet voice to discuss PHI over the phone, such as
with a discharged patient, another healthcare facility, or a
patient’s family member
 Avoiding conversations about patients in public areas,
such as the elevator, hallway, or cafeteria (The University
of Chicago, 2006).
Incidental Disclosure

30. 
 The nurse in the video is violating the HIPAA code
because she is not using reasonable measures to
avoid an incidental disclosure of PHI.
 To avoid violating the Privacy Rule, nurses can
encourage patients and family members to come in
to the hospital to discuss sensitive PHI.
 Nurses can also seek out a private area to discuss
PHI over the phone, and make an effort to use a
quiet voice so that others will not overhear. (The
University of Chicago, 2006).
How can we do our
part?

32. 
 Although it may seem obvious, the release of the
incorrect patient's information can occur through
careless mistakes.
 If your facility contains records for two patients with
the same name your staff must be trained to
correctly file all medical records, and release
documents only for the authorized patient.
 The use of red name tags in front of charts upon
admission helps notify staff members of patients
with the same name. (Department of Health and
Human Services, n.d.).
Release of the Wrong
Patient's Information

33. SHRED
IT

34. 
Paper PHI should never be thrown in the
regular trash can.
Placing PHI in trash bins or dumpsters is not
a secure method of disposing of PHI.
Failing to shred patient information before
disposal could lead to dangerous
consequences. (Hebda & Czar, 2013).
Improper Disposal of
Patient Records

35. 
 Before PHI can be thrown out it should be made
indecipherable by shredding or burning.
 Another alternative is to hire a reputable company to
destroy the records.
 Placing small bins at each work station clearly
labeled “PHI FOR PROPER DISPOSAL ONLY – DO
NOT TRASH” will prevent information from
accidentally ending up in the trash. (Department of
Health and Human Services, n.d.).
Proper Disposal of
Patient Records

36. 
 Most of us believe that our medical and other health
information is private and should be protected, and
we want to know who has this information.
 HIPAA gives you the right to protect your health
information and sets rules and limits on who can
look at and receive your health information.
 It regulates the use of all forms of individuals'
protected health information, whether electronic,
written, or oral.
Conclusion

37. 
 Clinch, T. (2012). Nursing Practice Question: Is Texting/ Receiving Patient Information a HIPAA Rules
Violation?. Nursing News, 36(2), 8.
 Department of Health and Human Services. (n.d.). Summary of the HIPAA Privacy Rule. Retrieved May
24, 2014, from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
 ehow (2014, May 28). HIPPA individual identifiable information. Retrieved from
http://www.ehow.com/about_6297969_hipaa-individually-identifiable-information.html#ixzz331NjetR4
 Greene, A. H. (2012). HIPAA Compliance for Clinician Texting. Journal Of AHIMA, 83(4), 34-36.
 Hader, A., & Brown, E. (2010). LEGAL BRIEFS. Patient Privacy and Social Media. AANA Journal, 78(4),
270-274.
 Hebda, Toni, and Patricia Czar. Handbook of Informatics for Nurses & Healthcare
Professionals. Boston: Pearson, 2013. Print.
References

38. 
 Onesource (2014, May 27). The Top 10 Most Common HIPPA Violations. Retrieved from
http://www.onesourcedoc.com/blog/bid/95955/The-Top-10-Most-Common-HIPAA-Violations
 The University of Chicago. (2006, October). HIPAA - Incidental Disclosures of PHI.
Retrieved May 24, 2014, from http://hipaa.bsd.uchicago.edu/incidental_disc.html
 University of Wisconsin-Madison. (2003). HIPAA Security Practices Best Guidelines
#6. Retrieved from: https://hipaa.wisc.edu/docs/passwordManagement.pdf
 US Department of Health and Human Services (2014, April 4). Alaska settles HIPAA security
case for $1,700,000. Retrieved from
http://www.hhs.gov/news/press/2012pres/06/20120626a.html
 US Department of Health and Human Services (2014, May 27). Health Information Materials.
Retrieved from http://www.hhs.gov/ocr/privacy/hippa/understanding/consumer/index.html
References