Privacy Rule
What is the HIPAA Privacy Rule?
It ensures that healthcare providers are correctly implementing the requirements of the HIPPA Act: the protection of patents' medical records and other personal information in all forms of media.
https://hipaatrek.com/10-common-questions-hipaa-privacy-rule/
What is the HIPAA Security Rule?
It requires that covered entities have security measures and requirements in place to protect patient information.
https://healthitsecurity.com/features/what-is-the-hipaa-security-rule
What is the HIPAA Breach Notification Rule?
The part of HIPAA that requires covered entities to report any breaches of patients' protected health information.
https://www.hipaajournal.com/hipaa-breach-notification-requirements/
What is a HIPAA violation?
When an organization runs against the HIPAA standards set into place.
Who has to comply with the Privacy Rule?
Health Insurers, Health Care Providers, business associates, and clearinghouses
https://hipaatrek.com/10-common-questions-hipaa-privacy-rule/
What are the three safeguards required by the Security Rule?
Administrative, Physical, Technical
https://healthitsecurity.com/features/what-is-the-hipaa-security-rule
Who must a covered entity notify if a breach occurs?
The individuals impacted, the Secretary of HHS and the OCR, and the media.
https://www.hipaajournal.com/hipaa-breach-notification-requirements/
How are violations discovered and reported?
They are discovered by employees or through audits and then reported to the HHS/OCR.
What information of a patient is protected under the rule?
All personal identification information (name, address, DOB, phone number, …) and personal health records and numbers.
https://hipaatrek.com/10-common-questions-hipaa-privacy-rule/
What does the Security Rule require covered entities to consider?
The size and capabilities of its systems, as well as the costs of upkeep and security.
What is the leading cause in the U.S. for a breach?
Theft of personal items such as laptops.
https://hipaatrek.com/10-common-questions-hipaa-privacy-rule/
What are two examples of the leading causes for violations?
What is a PHI and who has access to it?
Protected health information. Patient's own information upon request, the patient's healthcare provider, and any individual representative as stated by the patient.
What is a business associate and are they required to adhere to HIPAA?
A business associate is an entity that performs tasks that will involve the use of protected health information. They are required under law to adhere to HIPAA all the same as the covered entities.
What is required for a covered entity to have in place in case of a breach?
Written policies and procedures as an action plan in case of a breach.
https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
What is the penalty for willful violations of HIPAA?
$50,000 to $250,000 fines and jail time up to 10 years.
What are steps to take to adhere to the Privacy Rule?
Conducting a risk analysis to locate any system or workflow vulnerabilities.
https://hipaatrek.com/10-common-questions-hipaa-privacy-rule/
What are the risk analysis requirements?
Outline the potential risks of your physical and technological systems of workflow.
What should a covered entity's breach notification policy entail?
A breach notification to the secretary outlining how the breach occurred and what is going to be done to patch the leak.
https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
What is suggested for covered entities to avoid violations?
Performing risk analysis and training employees.