The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to protect patients' confidentiality and regulate access to personal health information. HIPAA covers identifiable protected health information, such as names, birthdates, medical records, and social security numbers. The act gives patients rights to access and correct their medical records. Healthcare providers are responsible for securely protecting patients' personal health information and instituting privacy policies according to HIPAA guidelines. Non-compliance with HIPAA privacy rules can result in civil and criminal penalties including fines and prison sentences depending on the offense.

1. Protecting Patients ConfidentialityThe Health Insurance Portability and Accountability Act of 1996 (HIPAA)

2. What is HIPAA?A government mandated rule to protect access to and use of patient personal health informationGives patient certain individual rights

3. What Type of Information Do HIPAA Cover? Identifiable Protected Health Information (PHI)Information that Identifies a Patient or Individual

4. Privacy InformationWhat are Identifiable Information?

5. AnswerPicturesNamesBirthdatesPhone NumbersSSN (social security number)Medical Record Information

6. Patient’s RightsMay review medical recordRequest correction of any noticeable errorsFile grievance with provider

7. Responsibility to PatientProtect and secure PHI (personal health information)Institute policies and procedures for managing PHI

8. Principles of the Privacy RuleCustomer ControlSet BoundariesAnswerabilityCivic AccountabilitySafety

9. Protected Health Information PoliciesGuide access to and use of personal health information

10. Assess to Personal Health InformationIs based on who needs to know and minimum necessary informationBy health care providersBy payment activity

11. Use of Protected Health InformationWhen Providing Patient Health Care Treatment or Services Such as:Verification of insuranceMedical treatments

12. How to Protect PrivacyDo not share PHI with non clinical staffUtilize the minimum necessary standard with protected health informationAvoid public discussion of patient informationAvoid public viewing and access of patient information

13. When is it allowed to reveal PHI?In court processes (subpoena)Law enforcement processes (criminal investigation)

14. When is Patient Authorization Required?Receiving Medical TreatmentConducting Medical-Related Tests (AIDS, Drug)

15. What to Do When Requests are Made for an Individual’s Personal InformationVerify who is requesting the informationVerify photo (if available)Document the information being given

16. What Technological System Make It Easy to Access, Copy, and Distribute PHIComputerized Medical Records

17. Organizations that Enforce HIPAA’S RegulationsFBI (federal bureau of investigation)Office for Civil RightsJoint Commission on Accreditation of Healthcare Organization

18. For Non-Compliance to HIPAA Security of Privacy rulesCivil-Enforced by Office of Civil RightsCriminal-Enforced by Department of JusticeIntentionally exposing PHI-1yr sentence & $50,000 fineFalsely accessing PHI-5yr sentence & $100,000 fineGiving PHI to someone with criminal intent-10yr sentence & $250,000 fine

19. ReferencesMir, S.S. (2011, March). HIPAA Privacy Rule: Maintaining the confidentiality of medical records, Part I. Journal of Health Care Compliance, 13(2), 5-14. Retrieved August 17, 2011, from ABI/INFORM Global Protecting patients privacy. (n. d.). Retrieved August 17, 2011 from http://cnhs.fiu.edu/ot/pdf/HIPAA_Regulations.ppt Protecting patient privacy. (n. d.). Retrieved August 17, 2011 from http://www.westernu.edu/bin/nursing/hipaa.ppsWolper, L.F. (2011). Health care administration: Managing organized delivery systems (5th ed.). Boston: Jones and Bartlett.