SlideShare a Scribd company logo

HIPAA Compliance For Small Practices

Nisos Health
Nisos Health

HIPAA Compliance For Small Practices: According to the American Health Information Management System (AHIMA), an average of 150 people from nursing staff to x-ray technicians, to billing clerks, have access to patient’s medical records during the course of typical hospitalization.

Healthcare
1 of 30
Download to read offline
Presentation on HIPAA 101
What we want to accomplish  Why need HIPAA  Understand what is HIPAA and its rules?  Understand who it applies to?  Understand why we need to know about HIPAA in NISOS?  Know about PHI and ePHI?
History of HIPAA  Long back, a patient medical record was recorded and maintained primarily on paper and stored in offices of physicians, hospitals, and other healthcare professionals  These records are kept in locked cabinets or closets  With the advent of computers and other technology, we are now able to maintain electronic files that allow us more flexibility in communicating information between offices, and clinics, as well as cutting down on the space requirements storage.
History of HIPAA …  According to the American Health Information Management System (AHIMA), an average of 150 people from nursing staff to x-ray technicians, to billing clerks, have access to patient’s medical records during the course of typical hospitalization.  There are however concerns that the increase in electronic information may result in a loss of privacy and confidentiality  Out of so many people , we must make sure that only those people must have access to the medical information who NEED it
Top Healthcare Data Breaches are due to:  Sharing/ Unauthorized access or disclosure  Hacking  Theft  Loss  Inadequate Disposal
Biggest Healthcare Data Breaches of 2018  Ransomware attack against California provider breaches data of 85000 patients  (Where hackers hit the IT vendor of three center for Orthopedic Specialists locations in February, which locked out users and encrypted patient data)  134512, records breached in malware attack. St Peter’s surgery and Endoscopy Center, in New York, was hit with the second largest healthcare data breach of 2018  Data of 43000 patients breached after theft of unencrypted laptop
HIPAA Law  The Federal government passed a law in 1996 that creates national standards to protect patient’s medical records as well as other personal health information  The Federal legislation is called the “Health Insurance Portability and Accountability Act “
What is HIPAA  Health Insurance Portability and Accountability Act of 1996  HIPAA is the federal statutory basis for the establishment of national standards for the privacy and security of protected health information (ePHI)  HIPAA is about mitigating the risk of a potential health information.  It is steps taken to control or prevent a health hazard from causing harm and to reduce risk to a tolerable or acceptable level
Why need HIPAA  Increased number of data breaches  This law is defined to protect patient privacy as well as the integrity of the medical practice  To promote personal and societal values : Individuality, Respect, Dignity  To promote more transparent healthcare  It is not an option
What is PHI PHI (Protected Health Information) PHI is any information in a medical record that can be used to identify an individual and that was created, used or disclosed in the course of providing a healthcare service Includes  Medical Records  Billing Information  Health Information  Any individually identifiable information
What is ePHI  ePHI – Electronic Protected Health Information  Refers to any protected health information (ePHI) that is covered under HIPAA security regulations and is produced, saved, transferred, or received in an electronic format.
PHI and EPHI Identifiers  There are 18 specific identifiers of electronic protected health information  1. Names  2. All geographic sub-divisions smaller than State ( Including street address, city, country, zipcode and other equivalent geocodes)  3. Dates related to an individual (Birthdate, Admission date, discharge date)  4. Telephone Numbers  5. Fax Numbers  6. Email Address  7. Social Security Number
Who needs to be HIPAA Compliant Federal regulations identified two categories of individuals , organizations, agencies and businesses, that must comply with HIPAA requirements  Covered Entity  Business Associates
Covered Entity A covered entity is anyone who provides treatment, payment and operations in healthcare. Covered Entities Include:  Healthcare Providers  Health Plans  Health Clearinghouses
Business Associates Business Associate is any entity that uses or discloses PHI on behalf of a Covered Entity. Here are some examples of potential Business Associates:  Third-party administrator that assists a health plan with claims processing  Consultant that performs utilization reviews for a hospital  Health care clearinghouse that translates a claim from a crude format into a standard transaction on behalf of a doctor, and forwards the processed transaction to a payer  Independent medical transcriptionist that provides transcription services to a physician Also, a covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.
HIPAA Requirements  HIPAA Privacy Rule  HIPAA Security Rule  HIPAA Enforcement Rule  HIPAA Breach notification Rule
HIPAA Requirements: HIPAA Privacy Rule Definition: The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
HIPAA Requirements: HIPAA Privacy Rule Requirements:  Do not allow any impermissible uses or disclosures of PHI.  Provide breach notification to the Covered Entity.  Provide either the individual or the Covered Entity access to PHI.  Disclose PHI to the Secretary of HHS(US department of Health and Human Services), if compelled to do so.  Provide an accounting of disclosures.  Comply with the requirements of the HIPAA Security Rule.
HIPAA Requirements: HIPAA Security Rule Definition: The HIPAA Security Rule contains the standards that must be applied to safeguard and protect ePHI (Electronic protected health information) when it is at rest and in transit. The rules apply to anybody or any systems that have access to confidential patient data. Under HIPAA Security rule every Covered Entity and Business Associate that has access to PHI must ensure the:  Technical,  Physical and  Administrative safeguards are in place and adhered to.
HIPAA Requirements: HIPAA Security Rule: Technical Safeguards The Technical safeguards focus on the technology that protects PHI and controls access to it. It consists of 1. Access Control  Unique user identification  Emergency access procedure  Automatic log off  Encryption and Decryption 2. Audit Controls  Audit control mechanisms are implemented so as to record and examine the activity in information system that contain or use ePHI.  It helps protect against any security violation  For e.g. Audit reports generated by information system
1. 3. Integrity Integrity is defined as “the property that data or information have not been altered or destroyed in an unauthorized manner.  Checksum verification and digital signatures For protecting person or entity authentication,  Use of passwords, PIN  Require something that individual possess such as a smart card, a token or a key  Require something unique to an individual such as Biometric; Examples: Fingerprints, voice patterns, facial patterns or iris patterns 1. 4. Transmission security  Integrity  Network Communication protocols  Data message authentication codes  Encryption HIPAA Requirements: HIPAA Security Rule: Technical Safeguards
HIPAA Requirements: HIPAA Security Rule: Physical Safeguards Physical safeguards are set of rules and guidelines that focus on the physical access to PHI (Protected Health Information) It consists of 1. Facility Access Control 2. Workstation Use 3. Workstation Security 4. Device and Media Controls
Physical Safeguards: Facility Access Control This standard requires covered entities to implement policies and procedures to limit physical access to its electronic information system and the facility or facilities in which they are housed, while ensuring that authorized access is allowed It contains four implementation specification 1. Contingency operations 2. Facility Security Plan – Locked doors, signs warning of restricted areas, 3. Access control and Validation procedures – Use of guards, identification badges 4. Maintenance records – policies and procedures that specify repairs and modifications to a physical component of a facility.
Physical Safeguards: Workstation Use This standard requires covered entities to implement physical safeguards on all workstations that have access to PHI that will limit access only to authorized users.  Example:  Logging off before leaving a workstation for an extended period of time  Using continually updated antivirus software
Physical Safeguards: Workstation Security This standards states that how workstations such as laptops, desktop computers, personal digital assistant (PDAs) should be physically protected from unauthorized users Example: Completely restrict physical access to the workstation by keeping it in a secure room where only authorized personnel work
Physical Safeguards: Device and Media Controls This standard requires the covered entities to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI, into or out of the facility and the movement of these items within the facility It includes a. Disposal b. Media Re-Use c. Accountability d. Data backup and storage
HIPAA Security Rule: Administrative Safeguards Administrative Safeguards include  Administrative actions  Policies and Procedures Example:  Training the entire workforce on security and developing  Implementing security policies and procedures
HIPAA Enforcement Rule  The HIPAA Enforcement Rule spells out investigations, penalties, and procedures for hearings  The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings.  HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.
HIPAA Breach Notification Rule  The HIPAA Breach notification rule requires covered entities to notify patients when there is a breach of their ePHI (Electronic protected health information).  The Breach Notification Rule also requires entities to promptly notify the Department of Health and Human Services of such a breach of ePHI (Electronic protected health information) and issue a notice to the media if the breach affects more than five hundred patients.
Read complete article here Https://nisostech.com/hipaa

Recommended

HIPAA Compliance Checklist
HIPAA Compliance ChecklistHIPAA Compliance Checklist
HIPAA Compliance Checklist
Leigh-Ann Renz
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for Startups
Obaa, Inc.
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
9535814851
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
CMDLMS
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa pptMari Mina
 
HIPAA Compliance Checklist for Medical Practices
HIPAA Compliance Checklist for Medical PracticesHIPAA Compliance Checklist for Medical Practices
HIPAA Compliance Checklist for Medical Practices
Medical Transcription Service Company
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
Prince George
 

Recommended

HIPAA Compliance Checklist
HIPAA Compliance ChecklistHIPAA Compliance Checklist
HIPAA Compliance Checklist
Leigh-Ann Renz
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for Startups
Obaa, Inc.
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
9535814851
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
CMDLMS
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa pptMari Mina
 
HIPAA Compliance Checklist for Medical Practices
HIPAA Compliance Checklist for Medical PracticesHIPAA Compliance Checklist for Medical Practices
HIPAA Compliance Checklist for Medical Practices
Medical Transcription Service Company
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
A brief introduction to hipaa compliance
A brief introduction to hipaa complianceA brief introduction to hipaa compliance
A brief introduction to hipaa compliance
Prince George
 
Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpointkvanrandall
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
GuardEra Access Solutions, Inc.
 
How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?
Lepide USA Inc
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
Manas Deep
 
HIPAA Compliance
HIPAA Compliance HIPAA Compliance
HIPAA Compliance samir_wadhwa
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
resourceone
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
454rss45
 
HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftKevin Jenkins
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
SecurityMetrics
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
Concetto Labs
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
Sachiko Hurst
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Tina Norris
 
Confidentiality Rules
Confidentiality RulesConfidentiality Rules
Confidentiality Rules
kholman1
 
HIPAA compliance report submitted to Congress by DHHS OCR
HIPAA compliance report submitted to Congress by DHHS OCRHIPAA compliance report submitted to Congress by DHHS OCR
HIPAA compliance report submitted to Congress by DHHS OCR
David Sweigert
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
CMDLearning
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
Hipaa
HipaaHipaa
HipaaJose Conchas
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordssamuelerie
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
falane
 
Health information security system
Health information security systemHealth information security system
Health information security systemDiana Fernandez
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
amartya2087
 
Mha 690 ppt hipaa for healthcare professionals
Mha 690 ppt hipaa for healthcare professionalsMha 690 ppt hipaa for healthcare professionals
Mha 690 ppt hipaa for healthcare professionals
lee5lee
 

More Related Content

What's hot

Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpointkvanrandall
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
GuardEra Access Solutions, Inc.
 
How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?
Lepide USA Inc
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
Manas Deep
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
resourceone
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
454rss45
 
HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftKevin Jenkins
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
SecurityMetrics
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
Concetto Labs
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
Sachiko Hurst
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Tina Norris
 
Confidentiality Rules
Confidentiality RulesConfidentiality Rules
Confidentiality Rules
kholman1
 
HIPAA compliance report submitted to Congress by DHHS OCR
HIPAA compliance report submitted to Congress by DHHS OCRHIPAA compliance report submitted to Congress by DHHS OCR
HIPAA compliance report submitted to Congress by DHHS OCR
David Sweigert
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
CMDLearning
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynchplynch2012
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordssamuelerie
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
falane
 

What's hot (19)

Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpoint
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
 
How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?How to avoid being caught out by HIPAA compliance?
How to avoid being caught out by HIPAA compliance?
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 
HIPAA Compliance
HIPAA Compliance HIPAA Compliance
HIPAA Compliance
 
You and HIPAA - Get the Facts
You and HIPAA - Get the FactsYou and HIPAA - Get the Facts
You and HIPAA - Get the Facts
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
HIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_DraftHIPAA-1-_FINAL_Draft
HIPAA-1-_FINAL_Draft
 
The HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your ProblemThe HIPAA Security Rule: Yes, It's Your Problem
The HIPAA Security Rule: Yes, It's Your Problem
 
Hipaa checklist for healthcare software
Hipaa checklist for healthcare softwareHipaa checklist for healthcare software
Hipaa checklist for healthcare software
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2
 
Confidentiality Rules
Confidentiality RulesConfidentiality Rules
Confidentiality Rules
 
HIPAA compliance report submitted to Congress by DHHS OCR
HIPAA compliance report submitted to Congress by DHHS OCRHIPAA compliance report submitted to Congress by DHHS OCR
HIPAA compliance report submitted to Congress by DHHS OCR
 
Security & Privacy - Lecture E
Security & Privacy - Lecture ESecurity & Privacy - Lecture E
Security & Privacy - Lecture E
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynch
 
Hipaa
HipaaHipaa
Hipaa
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health records
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
 

Similar to HIPAA Compliance For Small Practices

Health information security system
Health information security systemHealth information security system
Health information security systemDiana Fernandez
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
amartya2087
 
Mha 690 ppt hipaa for healthcare professionals
Mha 690 ppt hipaa for healthcare professionalsMha 690 ppt hipaa for healthcare professionals
Mha 690 ppt hipaa for healthcare professionals
lee5lee
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
Kartheek Kein
 
Health Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptxHealth Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptx
Hariomjaiswal14
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security PresentationRebecca Norman
 
Health Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability ActHealth Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability Act
সারন দাস
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
Jose Ivan Delgado, Ph.D.
 
HIPAA
HIPAAHIPAA
HIPAA
Alanoud Alqoufi
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
Winston & Strawn LLP
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentiality
jessie66
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentation
MarcEtienne6
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
MBMeHealthCareSolutions
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docx
VistaInfosec
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcherEmed32
 
Confidentiality 9.26.13
Confidentiality 9.26.13Confidentiality 9.26.13
Confidentiality 9.26.13pneville0629
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
WilheminaRossi174
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingvrgill22
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
FarhatParveen10
 

Similar to HIPAA Compliance For Small Practices (20)

Health information security system
Health information security systemHealth information security system
Health information security system
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
Mha 690 ppt hipaa for healthcare professionals
Mha 690 ppt hipaa for healthcare professionalsMha 690 ppt hipaa for healthcare professionals
Mha 690 ppt hipaa for healthcare professionals
 
The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act 
The Health Insurance Portability and Accountability Act 
 
Health Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptxHealth Insurance Portability & Accountability Act (HIPAA).pptx
Health Insurance Portability & Accountability Act (HIPAA).pptx
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security Presentation
 
Health Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability ActHealth Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability Act
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA
HIPAAHIPAA
HIPAA
 
HIPAA and How it Applies to You
HIPAA and How it Applies to YouHIPAA and How it Applies to You
HIPAA and How it Applies to You
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentiality
 
Marc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentationMarc etienne week1 discussion2 presentation
Marc etienne week1 discussion2 presentation
 
Mbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk AssessmentMbm Hipaa Hitech Ss Compliance Risk Assessment
Mbm Hipaa Hitech Ss Compliance Risk Assessment
 
Explaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docxExplaining the HIPAA Privacy[.docx
Explaining the HIPAA Privacy[.docx
 
Mha690 wk 1 fletcher
Mha690 wk 1 fletcherMha690 wk 1 fletcher
Mha690 wk 1 fletcher
 
Confidentiality 9.26.13
Confidentiality 9.26.13Confidentiality 9.26.13
Confidentiality 9.26.13
 
Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
 
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUndeChapter 5HIPAA and HITECHLearning ObjectivesUnde
Chapter 5HIPAA and HITECHLearning ObjectivesUnde
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy training
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
 

Recently uploaded

Empowering ACOs: Leveraging Quality Management Tools for MIPS and Beyond
Empowering ACOs: Leveraging Quality Management Tools for MIPS and BeyondEmpowering ACOs: Leveraging Quality Management Tools for MIPS and Beyond
Empowering ACOs: Leveraging Quality Management Tools for MIPS and Beyond
Health Catalyst
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptx
priyabhojwani1200
 
Essential Metrics for Palliative Care Management
Essential Metrics for Palliative Care ManagementEssential Metrics for Palliative Care Management
Essential Metrics for Palliative Care Management
Care Coordinations
 
Neuro Saphirex Cranial Brochure
Neuro Saphirex Cranial BrochureNeuro Saphirex Cranial Brochure
Neuro Saphirex Cranial Brochure
RXOOM Healthcare Pvt. Ltd. ​
 
CONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docxCONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docx
PGIMS Rohtak
 
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfCHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
Sachin Sharma
 
How many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdfHow many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdf
pubrica101
 
Dimensions of Healthcare Quality
Dimensions of Healthcare QualityDimensions of Healthcare Quality
Dimensions of Healthcare Quality
Naeemshahzad51
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
rajkumar669520
 
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfCHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
Sachin Sharma
 
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptxBOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
AnushriSrivastav
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular Therapy
Iris Thiele Isip-Tan
 
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptxR3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cell
 
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
preciousstephanie75
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
The Harvest Clinic
 
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
ranishasharma67
 
CANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCERCANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCER
KRISTELLEGAMBOA2
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........
TheDocs
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
Ameena Kadar
 
Yemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .pptYemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .ppt
Esam43
 

Recently uploaded (20)

Empowering ACOs: Leveraging Quality Management Tools for MIPS and Beyond
Empowering ACOs: Leveraging Quality Management Tools for MIPS and BeyondEmpowering ACOs: Leveraging Quality Management Tools for MIPS and Beyond
Empowering ACOs: Leveraging Quality Management Tools for MIPS and Beyond
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptx
 
Essential Metrics for Palliative Care Management
Essential Metrics for Palliative Care ManagementEssential Metrics for Palliative Care Management
Essential Metrics for Palliative Care Management
 
Neuro Saphirex Cranial Brochure
Neuro Saphirex Cranial BrochureNeuro Saphirex Cranial Brochure
Neuro Saphirex Cranial Brochure
 
CONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docxCONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docx
 
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdfCHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
CHAPTER 1 SEMESTER V - ROLE OF PEADIATRIC NURSE.pdf
 
How many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdfHow many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdf
 
Dimensions of Healthcare Quality
Dimensions of Healthcare QualityDimensions of Healthcare Quality
Dimensions of Healthcare Quality
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
 
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfCHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdf
 
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptxBOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular Therapy
 
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptxR3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
R3 Stem Cells and Kidney Repair A New Horizon in Nephrology.pptx
 
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
Surgery-Mini-OSCE-All-Past-Years-Questions-Modified.
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
 
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
 
CANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCERCANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCER
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
 
Yemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .pptYemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .ppt
 

HIPAA Compliance For Small Practices

  • 2. What we want to accomplish  Why need HIPAA  Understand what is HIPAA and its rules?  Understand who it applies to?  Understand why we need to know about HIPAA in NISOS?  Know about PHI and ePHI?
  • 3. History of HIPAA  Long back, a patient medical record was recorded and maintained primarily on paper and stored in offices of physicians, hospitals, and other healthcare professionals  These records are kept in locked cabinets or closets  With the advent of computers and other technology, we are now able to maintain electronic files that allow us more flexibility in communicating information between offices, and clinics, as well as cutting down on the space requirements storage.
  • 4. History of HIPAA …  According to the American Health Information Management System (AHIMA), an average of 150 people from nursing staff to x-ray technicians, to billing clerks, have access to patient’s medical records during the course of typical hospitalization.  There are however concerns that the increase in electronic information may result in a loss of privacy and confidentiality  Out of so many people , we must make sure that only those people must have access to the medical information who NEED it
  • 5. Top Healthcare Data Breaches are due to:  Sharing/ Unauthorized access or disclosure  Hacking  Theft  Loss  Inadequate Disposal
  • 6. Biggest Healthcare Data Breaches of 2018  Ransomware attack against California provider breaches data of 85000 patients  (Where hackers hit the IT vendor of three center for Orthopedic Specialists locations in February, which locked out users and encrypted patient data)  134512, records breached in malware attack. St Peter’s surgery and Endoscopy Center, in New York, was hit with the second largest healthcare data breach of 2018  Data of 43000 patients breached after theft of unencrypted laptop
  • 7. HIPAA Law  The Federal government passed a law in 1996 that creates national standards to protect patient’s medical records as well as other personal health information  The Federal legislation is called the “Health Insurance Portability and Accountability Act “
  • 8. What is HIPAA  Health Insurance Portability and Accountability Act of 1996  HIPAA is the federal statutory basis for the establishment of national standards for the privacy and security of protected health information (ePHI)  HIPAA is about mitigating the risk of a potential health information.  It is steps taken to control or prevent a health hazard from causing harm and to reduce risk to a tolerable or acceptable level
  • 9. Why need HIPAA  Increased number of data breaches  This law is defined to protect patient privacy as well as the integrity of the medical practice  To promote personal and societal values : Individuality, Respect, Dignity  To promote more transparent healthcare  It is not an option
  • 10. What is PHI PHI (Protected Health Information) PHI is any information in a medical record that can be used to identify an individual and that was created, used or disclosed in the course of providing a healthcare service Includes  Medical Records  Billing Information  Health Information  Any individually identifiable information
  • 11. What is ePHI  ePHI – Electronic Protected Health Information  Refers to any protected health information (ePHI) that is covered under HIPAA security regulations and is produced, saved, transferred, or received in an electronic format.
  • 12. PHI and EPHI Identifiers  There are 18 specific identifiers of electronic protected health information  1. Names  2. All geographic sub-divisions smaller than State ( Including street address, city, country, zipcode and other equivalent geocodes)  3. Dates related to an individual (Birthdate, Admission date, discharge date)  4. Telephone Numbers  5. Fax Numbers  6. Email Address  7. Social Security Number
  • 13. Who needs to be HIPAA Compliant Federal regulations identified two categories of individuals , organizations, agencies and businesses, that must comply with HIPAA requirements  Covered Entity  Business Associates
  • 14. Covered Entity A covered entity is anyone who provides treatment, payment and operations in healthcare. Covered Entities Include:  Healthcare Providers  Health Plans  Health Clearinghouses
  • 15. Business Associates Business Associate is any entity that uses or discloses PHI on behalf of a Covered Entity. Here are some examples of potential Business Associates:  Third-party administrator that assists a health plan with claims processing  Consultant that performs utilization reviews for a hospital  Health care clearinghouse that translates a claim from a crude format into a standard transaction on behalf of a doctor, and forwards the processed transaction to a payer  Independent medical transcriptionist that provides transcription services to a physician Also, a covered health care provider, health plan, or health care clearinghouse can be a business associate of another covered entity.
  • 16. HIPAA Requirements  HIPAA Privacy Rule  HIPAA Security Rule  HIPAA Enforcement Rule  HIPAA Breach notification Rule
  • 17. HIPAA Requirements: HIPAA Privacy Rule Definition: The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
  • 18. HIPAA Requirements: HIPAA Privacy Rule Requirements:  Do not allow any impermissible uses or disclosures of PHI.  Provide breach notification to the Covered Entity.  Provide either the individual or the Covered Entity access to PHI.  Disclose PHI to the Secretary of HHS(US department of Health and Human Services), if compelled to do so.  Provide an accounting of disclosures.  Comply with the requirements of the HIPAA Security Rule.
  • 19. HIPAA Requirements: HIPAA Security Rule Definition: The HIPAA Security Rule contains the standards that must be applied to safeguard and protect ePHI (Electronic protected health information) when it is at rest and in transit. The rules apply to anybody or any systems that have access to confidential patient data. Under HIPAA Security rule every Covered Entity and Business Associate that has access to PHI must ensure the:  Technical,  Physical and  Administrative safeguards are in place and adhered to.
  • 20. HIPAA Requirements: HIPAA Security Rule: Technical Safeguards The Technical safeguards focus on the technology that protects PHI and controls access to it. It consists of 1. Access Control  Unique user identification  Emergency access procedure  Automatic log off  Encryption and Decryption 2. Audit Controls  Audit control mechanisms are implemented so as to record and examine the activity in information system that contain or use ePHI.  It helps protect against any security violation  For e.g. Audit reports generated by information system
  • 21. 1. 3. Integrity Integrity is defined as “the property that data or information have not been altered or destroyed in an unauthorized manner.  Checksum verification and digital signatures For protecting person or entity authentication,  Use of passwords, PIN  Require something that individual possess such as a smart card, a token or a key  Require something unique to an individual such as Biometric; Examples: Fingerprints, voice patterns, facial patterns or iris patterns 1. 4. Transmission security  Integrity  Network Communication protocols  Data message authentication codes  Encryption HIPAA Requirements: HIPAA Security Rule: Technical Safeguards
  • 22. HIPAA Requirements: HIPAA Security Rule: Physical Safeguards Physical safeguards are set of rules and guidelines that focus on the physical access to PHI (Protected Health Information) It consists of 1. Facility Access Control 2. Workstation Use 3. Workstation Security 4. Device and Media Controls
  • 23. Physical Safeguards: Facility Access Control This standard requires covered entities to implement policies and procedures to limit physical access to its electronic information system and the facility or facilities in which they are housed, while ensuring that authorized access is allowed It contains four implementation specification 1. Contingency operations 2. Facility Security Plan – Locked doors, signs warning of restricted areas, 3. Access control and Validation procedures – Use of guards, identification badges 4. Maintenance records – policies and procedures that specify repairs and modifications to a physical component of a facility.
  • 24. Physical Safeguards: Workstation Use This standard requires covered entities to implement physical safeguards on all workstations that have access to PHI that will limit access only to authorized users.  Example:  Logging off before leaving a workstation for an extended period of time  Using continually updated antivirus software
  • 25. Physical Safeguards: Workstation Security This standards states that how workstations such as laptops, desktop computers, personal digital assistant (PDAs) should be physically protected from unauthorized users Example: Completely restrict physical access to the workstation by keeping it in a secure room where only authorized personnel work
  • 26. Physical Safeguards: Device and Media Controls This standard requires the covered entities to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI, into or out of the facility and the movement of these items within the facility It includes a. Disposal b. Media Re-Use c. Accountability d. Data backup and storage
  • 27. HIPAA Security Rule: Administrative Safeguards Administrative Safeguards include  Administrative actions  Policies and Procedures Example:  Training the entire workforce on security and developing  Implementing security policies and procedures
  • 28. HIPAA Enforcement Rule  The HIPAA Enforcement Rule spells out investigations, penalties, and procedures for hearings  The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings.  HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for violations of an identical provision. Violations can also carry criminal charges that can result in jail time.
  • 29. HIPAA Breach Notification Rule  The HIPAA Breach notification rule requires covered entities to notify patients when there is a breach of their ePHI (Electronic protected health information).  The Breach Notification Rule also requires entities to promptly notify the Department of Health and Human Services of such a breach of ePHI (Electronic protected health information) and issue a notice to the media if the breach affects more than five hundred patients.
  • 30. Read complete article here Https://nisostech.com/hipaa