HIPAA Basics
This federal law protects patient health information and sets national standards for privacy and security.
What is HIPAA?
You should avoid discussing patient information in these places where people might overhear.
What are elevators, hallways, cafeterias…. PUBLIC SPACES?
This HIPAA principle says staff should only access the information needed to do their job.
What is the Minimum Necessary Rule?
This happens when PHI is accessed, shared, or exposed without authorization.
What is a data breach?
This simple habit prevents unauthorized people from accessing client information when you leave your workstation
What is locking or logging out of your computer?
This type of information includes anything that identifies a patient and relates to their health or treatment.
What is Protected Health Information (PHI)?
Before sharing PHI with a patient’s family member, you usually need this from the patient.
What is patient authorization or consent?
A receptionist should generally access appointment information, but not this detailed clinical information.
What are treatment notes or medical history?
If a breach occurs, patients must usually be notified under this rule.
What is the Breach Notification Rule?
This type of email tries to trick you into clicking a malicious link or revealing login credentials.
What is a phishing email?
This 10-digit number uniquely identifies healthcare providers nationwide.
What is an NPI (National Provider Identifier)?
Under HIPAA, patients have the right to request this from their provider.
What are copies of their medical records?
Sharing an entire patient file when only the diagnosis is needed violates this rule.
What is the Minimum Necessary Rule?
A cyberattack that locks hospital systems until money is paid is called this.
What is ransomware?
This security practice requires users to provide two forms of verification before accessing systems.
What is multi-factor authentication (MFA)?
HIPAA was passed in this decade.
What is the 1990s? (1996)
This rule requires healthcare workers to limit discussions about patients to private settings.
What is the Privacy Rule?
Even among coworkers, PHI should only be shared if they have this.
What is a legitimate work-related need to know?
In some large breaches, organizations must notify this federal department.
What is the Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS)?
Using the same password for multiple systems increases the risk of this type of security problem.
What is account compromise or unauthorized access?
This rule expanded HIPAA responsibilities to include vendors and contractors who handle PHI.
What is the Omnibus Rule?
Even if you know the patient personally, discussing their medical condition outside of work without permission violates this.
What is HIPAA privacy protection?
Looking up a friend’s medical record out of curiosity violates this HIPAA principle.
What is the Minimum Necessary Rule?
HIPAA violations can result in investigations and penalties under this rule.
What is the Enforcement Rule?
If you receive a suspicious email asking you to click a link or provide your login credentials, the best action is to do this.
What is report the email to IT/security and do not click the link?