1. Week 1 Discussion 2
Confidentiality
MHA 690
Niah DeJesus
HIPAA Law: Privacy and Security of Patient Health Information
2. Health Insurance Portability and Accountability Act
(HIPAA)
Provides protection and safeguards against
the misuse of confidential patient health
information.
Two Part Protection
Privacy Rule
○ Protects individuals’ health information while allowing
the flow of health information needed to provide and
promote high quality health care.
Security Rule
○ Protects individuals’ health information while allowing
covered entities to adopt new technologies to improve
the quality and efficiency of patient care.
3. Covered Entities
Who must follow the HIPAA Law?
Health Plans
○ Health Insurance Plan: Private and Government Programs
HMOs and Company Health Plans
Health Care Providers
○ Hospitals, Clinics, Doctors, Nurses, Pharmacies, Dentists
any provider that transmits information electronically
Health Care Clearinghouses
○ Entities that process nonstandard health information they
receive from another entity into a standard (i.e., standard
electronic format or data content), or vice versa. (HHS, 2014)
4. What information must be protected?
Information that is put into a patient’s medical
record
Conversations that you have with your patient
Health insurance information
Billing information
5. How to ensure privacy compliance
Follow safeguard policies.
The use and disclosure of patient information must be
necessary to accomplish care/treatments.
Protect your log-in information.
Ensure that you are signing in only when necessary to
view your patients information during treatment.
Log out before walking away from workstation.
When speaking with patient and/or authorized
individuals ensure that no unauthorized individuals can
hear the conversation.
Do not discuss patient information with unauthorized
individuals.
6. Penalties for Violating HIPAA Law
Dependent upon severity of violation:
Suspension or Termination of employment
Civil Penalties: Fines up to $50,000 per violation
Criminal Penalties: Fines from $50,000- $250,000 with the
possibility of imprisonment from 1-10 years.
(Mcgrory-Dixon, 2013)
7. Final Remarks
You are accountable for ensuring the
privacy, confidentiality, and integrity of
patients’ health information.
Only access information for your patient
and when necessary.
Be mindful of workstations and closing
patient information before walking away.
Only discuss patient information with
authorized individuals.
8. References
HHS. (2014). For Covered Entities and Business Associates. U.S.
Department of Health & Human Services. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities
/index.html
Mcgrory-Dixon, A. (2013). HHS toughens HIPAA violation penalties.
benefitspro. Retrieved from
http://www.benefitspro.com/2013/04/09/hhs-toughens-hipaa-
violation-penalties