This document provides an overview of HIPAA privacy laws and regulations for medical professionals. It discusses the significance of the Hippocratic Oath in establishing ethical principles of patient privacy and confidentiality. It then reviews key aspects of HIPAA, including how protected health information can be shared, patient rights regarding privacy violations, and consequences for non-compliance. Medical facilities must adhere to HIPAA's Privacy and Security Rules regarding paper and electronic protected health information to avoid penalties like fines or employee termination.
Rachael Javidan's Presentation on HIPAA Privacy and Security Rules
1. Presentation By Rachael Javidan
ORIENTATION
WHY HIPPA?
Significance of Hippocratic Oath
Equal Ethical Principals
The Hippocratic Oath is normally taken by physicians and healthcare professionals.
These professionals swear to practice their profession in the most honest manner and in
the best interest of the patient, and to guard the patient’s privacy. It is the responsibility of
the medical profession to respect the confidentiality of the medical-patient relationship.
Federal Health Insurance Portability and Accountability Act of 1996 (HIPPA)
Review Title II – Defines what the policies, procedures, and guidelines for maintaining
the privacy and security of individual identity health information. Also outlines the
offenses relating to health care and sets civil and criminal penalties for violations. Also
outlines definition of fraud and abuse within the health care system.
The Department of Health and Human Services (HHS) is responsible for drafting rules
related to the standards to use for the dissemination of health care information.
This article tells us that there are specific privacy laws we, as medical professionals must
adhere to:
Privacy Rule:
Who Can Have Protected Health Information
1. If patient signs release for family member, family member may have information.
2. By regulation the Department of Law Enforcement may have information if it pertains
to a law enforcement purpose.
3. A covered entity may disclose PHI (Protected Health Information) to facilitate
treatment, payment, or health care operations without a patient’s express written
authorization. Any other disclosures of PHI (Protected Health Information) require the
covered entity to obtain written authorization from the individual for the disclosure.
However, when a covered entity discloses any PHI, it must make a reasonable effort to
disclose only the minimum necessary information required to achieve its purpose.
What Can A Patient Do If Believes His/Her privacy-confidentiality has been abused?
The person can file a complaint with the Department of Health and Human Services
Office for Civil Rights (OCR).
2. Consequences and Significance of NOT FOLLOWING THE RULE:
Example: UCLA – JULY 2011 agreed to pay $865,500 in settlement regarding HIPPA
violations when hospital employees repeated and without legitimate reason looked at the
electronic protected health information of numerous celebrities and patients of the
hospital.
2013 Final Security Rule
Within the Privacy Rule
Privacy Rule – pertains to all Protected Health Information (PHI) including paper and
electronic.
Security Rule – deals with Electronic Protected Health Information (EPHI). And lays out
three types of security safeguards required for compliance:
1. Administrative
2. Physical
3. Technical
OPEN DISCUSSION
TEST
REPEAT HIPPA ORIENTATION EVERY SIX MONTHS
VIOLATIONS
1. WARNING
2. WRITE UP IN EMPLOYEE FILE
3. IMMEDIATE TERMINATION OF EMPLOYMENT
PASS CODES
COMPANY PASS CODES MAY NOT BE SHARED.