HIPAA Basics
HIPAA stands for...
Health Insurance Portability and Accountability Act.
Define PHI
Protected Health Information
What does the Privacy Rule require for marketing (brochures, website, social media, etc.)?
Written authorization.
What does the Security Rule protect?
Electronic PHI.
You find a client file or document left on a table, what do you do?
Secure it immediately and report to your supervisor.
What year was HIPAA was enacted into law?
1996
Give two examples of PHI
Name, address, medical record number, social security number, birthdate, etc.
What is the "Minimum Necessary" standard?
Share only what is needed.
Name one safeguard for electronic PHI
Use strong passwords
What is the maximum fine for a HIPAA violation?
$50,000
Who must comply with HIPAA?
All staff handling client health information.
True or False: a diagnosis is PHI
True
Where should you avoid discussing client health?
Any public area.
What should you do when stepping away from the computer?
Lock or log off the computer.
True or False: Criminal charges are possible for violations?
True
Does HIPAA apply to verbal information?
HIPAA applies to written and verbal communication
Is a phone number considered PHI?
Yes
What should you do if a family member asks for information without consent?
Politely decline, explain the HIPAA rules and refer to your supervisor.
Can you email PHI?
Only if you use encryption.
Who should you report breaches to?
The main purpose of HIPAA is to...
Protect the privacy and security of individuals' health information
What is a rule of thumb for identifying PHI?
If you can identify the person and it relates to health or payment, it's PHI.
Can you post client photos on social media with their verbal permission?
No! Written authorization is required.
A staff member accesses a client's record out of curiosity. What is this called?
Snooping and it is a HIPAA violation.
What is a good rule of thumb for HIPAA compliance?
When in doubt, don't share, ask your supervisor, report breaches immediately.