The document discusses the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and how it protects patients' personal health information. It defines what constitutes patient information and provides examples of HIPAA violations. The document also outlines which healthcare providers and entities must follow HIPAA regulations, including how patient information is protected, limited access, and training requirements. Enforcement of HIPAA is discussed, including assigning patient information only to their care team, encrypting records after discharge, terminating employees who violate rules, and requiring employees to sign contracts agreeing to uphold all healthcare facility regulations.
2. WHAT IS HIPPA?
Understanding HIPPA
The Health Insurance Portability and Accountability Act (HIPPA)
Privacy Rule provides federal protections for personal health
information held by covered entities and gives patients an array of rights
with respect to that information. At the same time, the Privacy Rule is
balanced so that it permits the disclosure of personal health information
needed for patient care and other important purposes.
3. What is Patient Information?
Patient Information is any information that can be
used to identify a Patient.
For example:
• Name
• Birth Date
• Social Security Number
• Medical Diagnosis
• Medical History
• Room Number
• Address
4. Examples of HIPPA violations
• Leaving a patient’s medical record open for everyone
to see
• Leaving a patient’s medical information on the
computer screen and leaving it unattended
• Discussing a patient’s medical information with
another patient
• Throwing away paper with patient information on it
• Talking about a patient with your friends and family
5. Healthcare Providers
Who Must Follow These Laws
• We call the entities that must follow the HIPAA regulations covered entities.
• Covered entities include:
• Health Plans, including health insurance companies, HMOs, company health plans,
and certain government programs that pay for health care, such as Medicare and
Medicaid.
• Most Health Care Providers—those that conduct certain business electronically, such
as electronically billing your health insurance—including most doctors, clinics,
hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
• Health Care Clearinghouses—entities that process nonstandard health information
they receive from another entity into a standard (i.e., standard electronic format or
data content), or vice versa.
6. Protection
• How Is This Information Protected
• Covered entities (healthcare facilities) must put in place safeguards to
protect the patient health information.
• Covered entities must reasonably limit uses and disclosures to the
minimum necessary to accomplish their intended purpose.
• Covered entities must have contracts in place with their contractors
(providers) and others ensuring that they use and disclose your health
information properly and safeguard it appropriately.
• Covered entities must have procedures in place to limit who can view
and access your health information as well as implement training
programs for employees about how to protect your health
information.
7. Enforcement
• All patient information is HOT information and must be handled with care.
All that are not involved in the patients direct care must not view their
information nor share it.
• Patient information will be assigned to their care team. Their information
will only be available to those with passwords assigned to the care team
• Upon discharge the information will become encrypted and only viewable to
assigned individuals and reopened only if care is being given to the patient
again
• All employees are responsible for up holding HIPPA/Security Act. Those
employees that are found in violation will be terminated.
• It is against the law to violate the patient’s rights by sharing their healthcare
information.
• Contracts are signed by each employee agreeing to up hold all rules and
regulation of the healthcare facility. A binding contract.