Suggested Training for Privacy and Security

2. Federal Regulation
• Health Insurance Portability and Accountability Act of 1996
(HIPPA)
– National standard for protected health information (PHI)
– Privacy Rule- governs who has access to PHI
– Health Information Technology for Economic and Clinical
Health- promote adoption and meaningful use of health
information technology
– American Recovery and Reinvestment Act- establish
secure electronic health records
– Breach Notification Rule- requires reporting of breach in
PHI security

3. Protected Health
Information
Information, in any medium that:
– Permits identification of an individual
– Relates to past, present or future physical or mental
health or condition or provision of, or payment for
health care
– Generated by a health care provider, health plan, public
health authority, employer, life insurer, state agency

4. Patient Rights
• Access own records
• Ask for restrictions on disclosures and use
• Receive an accounting of who has accessed PHI
• Ask to amend records
• Receive a Breach Notification
• File a Compliant

5. PHI Breach
• Compromises the security or privacy of protected
health information (PHI) and
• Unauthorized acquisition, access, use, or disclosure
of PHI is considered a breach of PHI
• Poses a significant risk of financial, reputational, or
other harm to the individual

6. Unauthorized Use
• Accessing information outside scope of functional category
• Checking health records upon their request without authority
• Removing PHI from designated facility
• Repeating health information outside of job responsibilities
• Open discussion of PHI in public place

7. Access Control
Employees may not access or disclose PHI unless:
• Patient has given written permission
• Required or permitted by a specific HIPPA
exclusion
• It is within the scope of employee’s defined
job duties

8. Common Identifiers
• Name
• Social security number
• Telephone number
• Medical record number
• Account number
• Vehicle identifiers
• Biometric
• Photographic images

9. Employee
Responsibilities
• Do not transmit PHI electronically without encryption feature
• Keep PHI in a secure location out of contact from patients or other non-
essential members of care
• No patient identifiers in subject line of email
• Facsimiles containing PHI must have appropriate cover sheet
• Report HIPPA violations immediately
• Lock work station when away from work area
• Shred all PHI- Do not discard in trash
• Limit visits to secure areas
• Make information security a priority
• Do not create or store PHI on a electronics
• Oral: Limit use of names, speak softly
• No PHI disclosure on Social Media