This document discusses the Health Insurance Portability and Accountability Act (HIPAA) and its requirements for protecting patient privacy and health information. It defines protected health information as including a patient's name, address, birth date, and any other information that can identify a patient. HIPAA requires that only the minimum necessary health information be accessed for treatment, payment and healthcare operations and that information be kept private and secure. Individuals must report any breaches or improper access of protected health information to comply with HIPAA.

1. HIPAA and Confidentiality
December 19, 2013

2. Purpose
The purpose of this presentation is to
review the Health Insurance
Portability and Accountability Act and
its application to our organization.

3. Objectives

To understand the patient privacy laws

Understand your role in protecting and maintaining patient privacy

Protect patient health information (PHI)

Understand what information must be protected

Understand when it is necessary to access PHI

4. HIPAA Privacy Rule
The HIPAA Privacy Rule protects
health information held or
transmitted by a covered entity or its
business associate, whether
electronic, on paper, or oral.

5. Protected health information includes:
 Name
 Address
 Birth date
 Social security number
 Any information that can be
associated with a patient’s identity
including demographic information.

6. Protected Health Information Identifiers as
defined by HIPAA include:

Name
Geographic information

Address
Telephone number
Fax number
Certificate/license number
Vehicle identifiers and serial numbers
Device identifiers and serial numbers
Email address
Social security number
Account numbers
Finger and voice prints
Full-face photographs
Internet Protocol (IP) addresses
License number
Medical record number
Health plan beneficiary
Zip code
Dates directly related to an individualincluding birth date, admission,
discharge, death date










7. 
1.
2.
3.
Protected health information (PHI) is
information which relates to:
an individual’s past, present, or
future physical or mental health or
condition.
healthcare provided to an individual
past, present, or future payment for
the provision of healthcare for the
individual.

8. A medical record, a laboratory report,
or hospital bill is considered PHI
because it contains patient
information or other associated
information that can identify the
patient.

9. When to access PHI
Patients’ health information can be accessed if
needed:
 To provide continuity of patient care
 To provide information to further evaluate
patient care
 For charting or documentation purposes
HIPAA requires users to access the least
amount of information necessary to
perform their duties.

10. Ways to Protect PHI




Dispose of documents properly in shred
bins
Never discuss patient information where
it can be heard by others who do not
have a need to know the information
Speak to patients privately about health
issues or concerns
Ensure patient information cannot be
seen by others

11. The Final Rule and HITECH
The HIPAA Final Rule and Health
Information Technology for Economic
and Clinical Health (HITECH) protects
patient information from business
associates, contractors and
subcontractors that receive PHI. It
also protects when using social
medial or email.

12. Breach of HIPAA
There are penalties and fines associated
with HIPAA breach.
Any unlawful access, use, or disclosure
of a patient’s medical information
must be reported.

13. It is everyone’s responsibility to protect
PHI. Report any known or suspected
improper disclosures of Protected
Health Information.

14. References
Cascardo, D. (2013). The final rule: the final
omnibus HIPAA rules. The Journal of
Medical Practice Management: MPM. 28(6),
359-62. Retrieved from
http://search.proquest.com/docview/141284809
Health Information Privacy. Retrieved
December 18, 2013 from
www.hhs.gov/ocr/privacy/hipaa