The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects individuals' private health information. It applies to covered entities like health care providers, insurers, and clearinghouses that store, transmit, or use protected health information. All employees, volunteers, trainees, agents and contractors of covered entities must follow HIPAA rules. HIPAA covers identifiable health information like names, dates, diagnoses, and treatments. The Department of Health and Human Services enforces HIPAA through investigations and compliance reviews, with civil penalties up to $1.5 million and criminal penalties including imprisonment.

1. Health Insurance Portability and
Accountability Act
(1996)

2. What is it???
• The act protects the privacy of an individuals
identifiable health information
• Designed to ensure
confidentiality, integrity, and availability

3. Who must abide to it??
Covered Entities:
Those who are involved in the handling, storing, using
of, and/or the exchange of an individuals health
information.
This includes any health care provider, health care
plans, and health care clearinghouses

4. All Employees
Does everyone within the organization need to
follow HIPAA rules?
– The answer is YES!
This includes not only the staff but
volunteers, trainees, agents and contractors.

5. Questions
1. What is HIPAA?
2. What are covered entities?
3. Who within the covered entity needs to
follow HIPAA rules?

6. What Information is Covered?
Identifiable Information:
(this includes demographic data)
- An individual’s past, present, or future
physical or mental health or condition
- Provision of health care to the individual
- Past, present, or future payment for health
care

7. Common Identifiers
Name
Social
Security
Numbers Address
Birth Date

8. Who Enforces HIPAA?
The Department of Health and Human Services
Office for Civil Rights (OCR)
They administer and enforce by conducting
investigations on complaints and
conducting compliance reviews.

9. Civil Penalties
$100 up to $50,000 or
more per violation.
Yearly cap of $1,500,000

10. Criminal Penalties
Up to $50,000 and 1 year imprisonment
or
$100,000 and 5 year imprisonment involving
false pretenses
or
$250,000 and 10 year imprisonment if conduct
involves intent to sell, transfer, or use
information for commercial
advantage, personal gain, or malicious harm

11. How Can I protect information?
What can you do to protect a patient’s
information?
Shield computer screens
Close laptop lids
Frequently change passwords (monthly or bi-
monthly)
Other Ideas??

12. What not to do?
Do not share passwords
Do not discuss a patients information in front of
others
Do not blog, text, of post on social media any
information about a patient (even if no name
is given)
Do not snoop! If you are not caring for the
patient you do not need to read their
information

13. Review
What are the civil penalties for violations?
What are the criminal penalties for violations?
Who regulates HIPAA?
Identify what information is protected?

14. Review
Identify two things you can do to prevent a
HIPAA violation.
Identify two things that might constitute a
HIPAA violation.

15. Remember
Our business is health care
Privacy is a must.
Violations can result in fines and imprisonment
and termination of employment.

16. Review your HIPAA regulations regularly.
If you do not know if something is acceptable
under HIPAA regulations – ASK!
If you see a violation – Report It.

17. References
Health Information Privacy. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/under
standing/summary/index.html