Confidentiality
The primary U.S. federal law that governs the confidentiality and security of patient health information
HIPAA
Primary disclosure requirements for a healthcare provider under the HIPAA Privacy Rule
Covered Entity
Establish a set of national standards for protecting individuals' Electronic Protected Health Information (ePHI)
HIPAA Security Rule
Data is readable and understandable throughout its lifecycle.
Legible
Crucial for patient safety, as clinicians must be able to access current medical records, test results, and allergies at the point of care, regardless of system outages, disasters, or hardware failure.
Availability
Healthcare provider typically disclose a patient's protected health information (PHI) without the patient's explicit authorization
Treatment, Payment, and Healthcare Operations (TPO)
Rights regarding their Protected Health Information (PHI)
Privacy Rule
Policies and procedures to manage security measures, such as Security Risk Assessments and employee training.
Administrative Safeguards
Inaccurate dosage, a missing allergy entry, or an incomplete list of current medications can lead to adverse drug reactions or a fatal overdose.
Medication and Treatment Errors
Set of policies and procedures that enables a Covered Entity to respond to an emergency or other occurrence that damages systems containing ePHI, ensuring that critical business processes and patient care continue.
Contingency Plan
Requires covered entities (like hospitals and clinics) to make reasonable efforts to limit the amount of PHI used, disclosed, and requested to the minimum necessary to accomplish the intended purpose
Minimum Necessary Rule
Responsible for enforcing the HIPAA Privacy and Security Rules
U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR)
Converts ePHI into an unreadable format, making it unusable to unauthorized parties.
Encryption
Tracking who accessed, when they accessed it, and what they changed.
Accountability
Procedures for creating and maintaining retrievable exact copies of ePHI.
Data Backup Plan
The ethical principle in healthcare that requires providers to keep patient information private and not disclose it without consent
Confidentiality
This rule should be reviewed for quick discussion between providers in a semi-private area
HIPAA Privacy Rule
Methods like unique user IDs, strong passwords, automatic logoffs, and role-based access.
Access Controls
Copying an error from a previous note into a new note.
Propagation of Errors
Surgeries, diagnostic tests, and critical procedures may be postponed or canceled.
Delayed or Interrupted Treatment
A patient expresses a serious, immediate threat of harm to themselves or an identifiable third party (often required by state law)
Danger to Self or Others
Detailed notes recorded by a mental health professional during a private counseling session.
Excludes patient's right to access their PHI
Healthcare organization do if it discovers a breach of unsecured PHI
Notify affected individuals
Allowing administrators to immediately spot unauthorized or suspicious activities investigating breaches or mistakes.
Detection
Lack of immediate access to crucial information like patient allergies, chronic conditions, or blood type in an emergency can be life-threatening
Compromised Emergency Care