2. HIPAA DefinedHIPAA Defined
HIPAA is the acronym for Health Insurance Portability and AccountabilityHIPAA is the acronym for Health Insurance Portability and Accountability
Act (MedicineNet, 2013), which is a law designed “to provide privacyAct (MedicineNet, 2013), which is a law designed “to provide privacy
standards to protect patients’ medical records and other health informationstandards to protect patients’ medical records and other health information
provided to health plans, doctors, hospitals and other health care providers”provided to health plans, doctors, hospitals and other health care providers”
(MedicineNet, 2013, para. 1). This legislation allows patients to have easier(MedicineNet, 2013, para. 1). This legislation allows patients to have easier
access to their medical records and play a more critical role in determiningaccess to their medical records and play a more critical role in determining
who their information is released to (MedicineNet, 2013). There are nowwho their information is released to (MedicineNet, 2013). There are now
protections in place to ensure that a patient’s privacy and security remains aprotections in place to ensure that a patient’s privacy and security remains a
priority for healthcare professionals (MedicineNet, 2013).priority for healthcare professionals (MedicineNet, 2013).
3. Consequences ofConsequences of
Non-ComplianceNon-Compliance
Breach of trust occurs threatening the patient/provider relationship.Breach of trust occurs threatening the patient/provider relationship.
Disciplinary actions can result (i.e. warnings, write-ups and termination).Disciplinary actions can result (i.e. warnings, write-ups and termination).
Individuals and entities may be prosecuted civilly/criminally (to includeIndividuals and entities may be prosecuted civilly/criminally (to include
monetary penalties and imprisonment) (U.S. Department of Health andmonetary penalties and imprisonment) (U.S. Department of Health and
Human Services, 2013).Human Services, 2013).
4. Safeguarding EffortsSafeguarding Efforts
Management and personnel shall strive to ensure that the following protocolsManagement and personnel shall strive to ensure that the following protocols
are adhered to:are adhered to:
1.1. Discuss patient information only in a private location. Refrain from engagingDiscuss patient information only in a private location. Refrain from engaging
in conversations where others may potentially overhear.in conversations where others may potentially overhear.
2.2. Utilize computer screen protector devices at all times.Utilize computer screen protector devices at all times.
3.3. Destroy information that is no longer required to be retained in patient files.Destroy information that is no longer required to be retained in patient files.
4.4. Refrain from allowing unauthorized parties to view a patient’s protectedRefrain from allowing unauthorized parties to view a patient’s protected
information. Take necessary steps to ensure these data are not seen (i.e. turninformation. Take necessary steps to ensure these data are not seen (i.e. turn
information over on the desk, file paperwork away in a timely manner, andinformation over on the desk, file paperwork away in a timely manner, and
ensure that files are closed.)ensure that files are closed.)
5.5. Verify accuracy and security of email addresses and fax numbers prior toVerify accuracy and security of email addresses and fax numbers prior to
communicating with patient.communicating with patient.
6.6. Verify patient identity before releasing protected material.Verify patient identity before releasing protected material.
7.7. Employees shall log onto company computers with designated passcode.Employees shall log onto company computers with designated passcode.
5. Patient RightsPatient Rights
To view and obtain copies of his/her file (U.S. Department of Health andTo view and obtain copies of his/her file (U.S. Department of Health and
Human Services, 2013).Human Services, 2013).
To request that changes be made to the file if inaccurate information isTo request that changes be made to the file if inaccurate information is
documented (U.S. Department of Health and Human Services, 2013).documented (U.S. Department of Health and Human Services, 2013).
If not directly related to one’s care, the patient has the right to denyIf not directly related to one’s care, the patient has the right to deny
information sharing with others (U.S. Department of Health and Humaninformation sharing with others (U.S. Department of Health and Human
Services, 2013).Services, 2013).
The right to request that certain information not be released, so long as itThe right to request that certain information not be released, so long as it
does not compromise one’s care (U.S. Department of Health and Humandoes not compromise one’s care (U.S. Department of Health and Human
Services, 2013).Services, 2013).
The right to request that the individual not be contacted at certain locationsThe right to request that the individual not be contacted at certain locations
or telephone numbers (U.S. Department of Health and Human Services,or telephone numbers (U.S. Department of Health and Human Services,
2013).2013).
6. Question & Answer QuizQuestion & Answer Quiz
If a visiting patient asks a staff member questions about another patient’sIf a visiting patient asks a staff member questions about another patient’s
care, should the staff member answer his/her questions? Yes/Nocare, should the staff member answer his/her questions? Yes/No
If a caller identifies himself/herself as a family member of a patient andIf a caller identifies himself/herself as a family member of a patient and
requests that test results be mailed to a different address than what is on filerequests that test results be mailed to a different address than what is on file
for the patient, should the staff member honor the caller’s request prior tofor the patient, should the staff member honor the caller’s request prior to
verifying the information with the patient? Yes/Noverifying the information with the patient? Yes/No
Should a patient’s file be left unattended in view of other patients? Yes/NoShould a patient’s file be left unattended in view of other patients? Yes/No
Answer Key: No (to all three questions)Answer Key: No (to all three questions)
7. ReferencesReferences
MedicineNet (2013). Definition of HIPAA. Retrieved fromMedicineNet (2013). Definition of HIPAA. Retrieved from
http://www.medterms.com/script/main/art.asp?articlekey=31785http://www.medterms.com/script/main/art.asp?articlekey=31785
U.S. Department of Health and Humans Services (2013). Summary of theU.S. Department of Health and Humans Services (2013). Summary of the
HIPPA Privacy Rule. Retrieved fromHIPPA Privacy Rule. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understandinghttp://www.hhs.gov/ocr/privacy/hipaa/understanding
/summary/index.html/summary/index.html
U.S. Department of Health and Human Services (2013). Your HealthU.S. Department of Health and Human Services (2013). Your Health
Information Privacy Rights. Retrieved fromInformation Privacy Rights. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.hthttp://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.ht
mlml