HIPAA requires healthcare providers, health plans, and clearinghouses to protect patients' privacy and confidentiality. It applies to individually identifiable health information including medical records, insurance information, and demographic data. HIPAA protects this protected health information whether in paper, electronic, or verbal form. Violations can result in civil penalties up to $250,000 and jail time up to 10 years depending on the nature and intent of the violation. Healthcare workers must only access health information as authorized and keep all patient information private and confidential.

1. HIPAA:Privacy, Confidentiality, and SecurityPresented by: Libby Goodman

2. What is HIPAA?HIPAA stands for the Health Insurance Portability and Accountability Act of 1996.It is a law that requires all healthcare providers to promise the privacy, confidentiality and security of the health information of every person.Patients have the right to this.

3. Who has to follow the HIPAA rules?Health care providers, including doctors, dentists, chiropractors, therapists, hospitals, nursing facilities, clinics, pharmacies, home health agencies, hospices, long-term care facilities, and personal care facilities of any type or size.Health plans and health insurance companies.Healthcare clearinghouses, such as billing services.

4. What kind of information does HIPAA protect?Information about the person’s past, present or future health condition, health treatment, or payment of healthcare services.Information that identifies you, or tells who you are such as name, phone, address, DOB, diagnosis, SS #, employer, position or other identifying data.Protected Health Information (PHI) comes in many formats – paper, electronic, or conversation, primarily patient’s medical record.

5. Exceptions to HIPAA rule…EmergenciesPublic health needs, such as infectious diseasesMandatory reporting of a child and elder abuse and neglectJudicial (court) and administrative (insurance companies) proceedings

6. Ways you can protect patients’ privacy and confidentiality:Confidentiality of health information Always treat resident records as confidentialKnow your workplace rules related to PHIEveryone has the right to decide who has access to their health informationOnly authorized staff should be allowed to view health informationDo not include casual notes in a patient’s chartDo not let unauthorized people hear or see another person’s PHI

7. HIPAA violations can cost you!Single violation= $100 civil money penaltyMultiple violations of an identifcal requirement or prohibition made during a calendar year = up to $25,000 Wrongful disclosure of individually identifiable health information = up to $50,000 & up to one year jail timeWrongful disclosure of individually identifiable health information committed under false pretenses = up to $100,000 & up to 5 years jail timeWrongful disclosure of individually identifiable health information committed under false pretenses with intent to sell, transfer or use for commercial advantage, personal gain or malicious harm = up to $250,000 & up to 10 years jail time

8. Examples of what is NOT okay…Reviewing a medical record for no reasonEven if it is someone famous, it is not acceptable. It may seem that the public is aware of their personal details, but the information in the public is often not correct and PHI details are never okay to review or discuss unless you are an authorized to view it or know it.

9. Protecting privacy is best policyKeep in mind how you would want others to handle your PHI. Treat your patient’s PHI with the same respect you would want for your own.

10. Thank you!Questions, please contact your supervisor or the Health Information Management Department.