1. MHA690: Health Care Capstone (MNL1331B
Sandra Dee Garrison
Ashford University
Dr. Teresita Gonzalez
HIPAA TRAINING: TRAINING EMPLOYEES ON
PROTECTING PATIENT HEALTH INFORMATION AND
CONFIDENTIALITY.
2. WHAT IS HIPAA
• HIPAA stands for Health Insurance Portability and
Accountability Act
• This law, known as public law 104-191, was signed by
President Bill Clinton on August 2, 1996, and became
effective on June 1, 1997.
• The law has five Titles, (1)Insurance portability, (2)Fraud
and Abuse Medical Liability Reform,(3) Tax Related
Health Provision, (4)Group Health Plan Requirements,
and (5)Revenue Offsets.
3. The HIPAA Privacy Rule
The HIPAA Privacy Rule provides federal
protections for individually identifiable health
information held by covered entities and their
business associates and gives patients an array of
rights with respect to that information. At the same
time, the Privacy Rule is balanced so that it
permits the disclosure of health information
needed for patient care and other important
purposes. (www.hhs.gov)
4. KINDS OF INFORMATION PROTECTED BY
THE PRIVACY RULE.
THE PRIVACY RULE PROTECTS INFORMATION KNOWN AS
PROTECTED HEALTH INFORMATON (PHI). PATIENTS HAVE A RIGHT
TO BE PROVIDED WITH THIS INFORMATION AT MEDICAL VISITS
WHEN THEY PRESENT FOR CARE IN THEIR NOTICE OF PRIVACY
RIGHTS. THE TYPES OF INFORMATION THAT IS KNOWN AS PHI IS:
• PATIENT NAMES DIAGNOSES
• DATE OF BIRTH SEXUAL PREFERENCES
• ADDRESSES TELEPHONE NUMBERS
• INSURANCE INFORMATION BENEFICIARY INFORMATION
• SOCIAL SECURITY NUMBERS ROOM NUMBERS
• WEB ADDRESSES MEDICAL PROVIDER INFORMATION
• LICENSE PLATE NUMBERS DISCHARGE DATES
• MEDICAL RECORDS NUMBERS DATE OF ADMISSIONS
• DATE OF DEATH
• PHOTOGRAPHS ******ANY OTHER INFORMATION FOR WHICH
• FINGERPRINTS PERMISSION WAS NOT OBTAINED OR IT IS NOT
• RELIGIOUS AFFILIATIONS MEDICALLY WARRANTED BY LAW.
• MARRIAGE INFORMATION
5. HIPAA SECURITY RULES. WHAT IS THIS?
The HIPAA Security rules are designed to protect the patients’ information
against unauthorized access. Computers and Information Technology
equipment should have either encryption or have log-in and password
accesses to ensure that patient information is protected.
The security rules also deal with email access and transmission of information
to authenticate the receiver of the messages and to ensure adequate
protection, by verifying email addresses and sending only the needed
information.
Information to keep secure: Flash drives, computer servers, emails, faxes, and
data that is being disposed of should be shredded and a contract company
should arrange for pick up.
6. ARE YOU READY TO BE TESTED?
• NURSE MARY NOTICES THAT THE UNIT SECRETARY HAS GOTTEN ILL AND
GONE TO THE EMERGENCY ROOM. WHILE THE SECRETARY IS IN THE
EMERGENCY ROOM SHE IS TREATED AND RELEASED. NURSE MARY IS STILL
ON DUTY AND BEING CONCERNED, SHE CALLS THE E.R. AND ASKS A
FELLOW NURSE ABOUT THE TREATMENTS THAT ARE PERFORMED ON THE
SECRETARY AND SHE ALSO LOOKS UP THE LAB RESULTS ON THE UNIT
SECRETARY. CAN SHE DO THIS, SINCE SHE IS THE NURSE ON THE UNIT
AND IS CONCERNED?
• NO, THIS IS AN INVASION OF PRIVACY. NURSE MARY SHOULD NOT LOOK AT
ANOTHER EMPLOYEES OR ANY OTHER PATIENTS INFORMATION UNLESS IT
IS IN THE COURSE OF HER TAKING CARE OF THE PATIENT, THIS IS A
VIOLATION OF THE HIPAA LAW AND COULD LEAD UP TO TERMINATION.
7. ARE YOU READY TO BE TESTED?
SHARON IS READY TO GO ON BREAK BUT DOES NOT HAVE THE PROPER
RELIEF AT THE NURSING DESK. JANE OFFERS TO RELIEVE HER FOR LUNCH
AND SAYS THAT SHE WILL SIT THERE AND ANSWER THE CALLS AND PUT ALL
PATIENT ORDERS IN THE COMPUTER FOR SHARON. SHARON, BEING SO
RELIEVED TO GET A BREAK, KNOWS THAT JANE DOESN’T HAVE COMPUTER
ACCESS BUT IS WILLING TO LEAVE HE COMPUTER ON, AS SHE HAS WORKED
WITH JANE FOR OVER 12 YEARS. IS IT OKAY FOR SHARON TO ALLOW JANE
ACCESS TO THE COMPUTER SO THAT THE WORK CAN GO ON?
NO, THIS IS A VIOLATION OF THE HIPAA SECURITY RULE. EACH EMPLOYEE
SHOULD HAVE THEIR OWN ACCESS CODES OR LOG-ONS FOR IDENTITY.