The following video reviews HIPAA Guidelines. Please read each slide carefully. Each slide will remain on the screen for 15 seconds. You may pause and play as needed to continue reading if you need more time. It is recommended to watch this training in full screen. The text has been provided below in the event you prefer that format.
What is HIPAA?
- HIPAA stands for the: Health Insurance Portability and Accountability Act
- HIPAA Regulations in 1995 were initially intended to:
- Ensure patients could transfer health records (the portability in HIPAA) when they switched jobs
- Decrease the cost of medical records by converting to electronic records
- Standardize terminology to avoid confusion and create uniformity
- Today, most health professionals think of HIPAA in terms of privacy and transmission of information.
HIPAA – The Privacy Rule
- In 2001 the federal government amended HIPAA by adding the Privacy Rule and in 2003 the Security Rule was added to HIPAA.
- The HIPAA Privacy Rule is concerned with the following issues:
- Notifying patients about their privacy rights and how their information can be used.
- Adopting and implementing privacy procedures.
- Training employees to understand the privacy procedures.
- Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
- Securing patient records with identifiable health information.
- Addressing breaches in access to and/or use of protected health information.
- Although all parts of HIPAA affect health clinician practice, the HIPAA Privacy Rule is the section of HIPAA that most directly impacts clinicians in their day-to-day practice.
- The Privacy Rule has many aspects but the essential definition of the Privacy Rule is that a patient’s protected health information is private and confidential and must be protected.
HIPAA – Protected Information
- HIPAA defines protected health information as health information, associated with other forms of information that could be used to identify a patient because it contains one or more identifiers such as:
- Social Security Number
- Telephone number, address, photographs, etc.
- Protected health information can be electronic, verbal, or in written form.
- Health information is any information about a patient’s current, past, or future medical or psychiatric health or healthcare, including genetic information, and information about financial aspects of a patient’s care.
- In essence, the HIPAA Privacy Rule requires health clinicians to ensure that a patient’s health information - any information about medical or psychiatric health, treatment, etc., which can be identified with a specific patient, is protected.
HIPAA – Protected Information
Points to Remember
- Protected health information is identifiable patient information that also contains:
- Any information that concerns the health status of an individual,
- Any information about medical/psychiatric care that has been, is being, or will be delivered,
- Any information about the financial aspect of, or payment for that medical coverage
- Any information about genetic tests, genetic information about the patient or the patient’s family members, request for or receipt of genetic services, participation in clinical research that includes genetic services, or manifestation of a genetic disease in the patient or the patient’s family members.
- Protected health information must be shared or transmitted in ways that are safe, secure, and confidential.
- The patient is the final arbiter of what information is shared and/or transmitted, except in certain well-defined circumstances.
HIPAA – Covered Entities
- HIPAA regulations apply to all covered entities. A covered entity is defined as a person, business, or agency such as:
- a healthcare provider such as a clinic, hospital, physician’s office,
- a healthcare plan, healthcare insurer,
- a healthcare clearinghouse that processes information for a healthcare plan, or
- a business associate of a covered entity.
- CareCar is considered a covered entity and therefore must comply with HIPAA Regulations
HIPAA – The Privacy Rule and Emergencies
- Protected health information can only be shared with or transmitted to someone who has a legitimate and reasonable interest in providing treatment to a patient such as ensuring patient safety, or facilitating payment for medical care. Protected health information may also be shared with or transmitted to a spouse, family members, or friends, if it is reasonable to assume that the patient would not object and it is in the patient’s best interests.
- HIPAA requires clinicians to make a reasonable effort to identify the person or the covered entity to whomever the clinician will be transmitting or sharing protected health information. Reasonable implies consideration of the clinical circumstances and the use of clinical professional judgment.
- Example: There is a serious car accident. The paramedic is asking for the patient’s name and the type of doctor’s appointment the patient just came from. Would it appropriate to release that information to the paramedic?
- Yes. This information may be vital to the medical care of the patient and the paramedic has a legitimate interest pertaining to the patient’s safety. It is reasonable to assume the patient would not object to this information being shared given the circumstance.
HIPAA – The Security Rule
- The HIPAA Security Rule is the second part of HIPAA that can affect clinical practice. The HIPAA Privacy Rule provides a general outline of what a health clinician must do to safeguard protected health information.
- “The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.”
- This pertains to physical safeguards of information
- Doing so involves
- Information transmission,
- Computer workstation or smartphone security
- Disposal of protected health information
- The Security Rule pertains to CareCar Drivers related to the information for the patient appointment in your app
- The information should never be discussed outside of with the patient only, copied or shared in any way
HIPAA – What to do if a Breach Occurs
- Immediately notify CareCar via email at firstname.lastname@example.org
- Include all information pertaining to the breech including but not limited to:
- The patient’s name
- How the Breach occurred
- What information was disclosed
- What mode (electronic, verbal, etc.) the information was transmitted
- When the breach occurred
- Any other related information
HIPAA - More Information
- For more information about HIPAA you can visit the HHS website, mail or call at:
HHS Headquarters Mailing Address and Telephone Number
The U.S. Department of Health & Human Services
Hubert H. Humphrey Building
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775
Thank you! Please Proceed to your exam.