HIPAA Basics
What does HIPAA stand for?
Health Insurance Portability and Accountability Act (1996)
What is the difference between privacy and security?
Privacy= who can access the information
Security= How information is protected
What is risk management?
Identifying, assessing, and reducing risks that could harm patients or the organization.
Why is documentation important in care management?
It supports continuity of care and compliance.
What should you do if you see a compliance violation?
Report it immediately through the proper channels.
Privacy Officer: Barrett.Hunter@okstate.edu
What is PHI?
Protected Health Information
[Name, DOB, SSN, medical record numbers, diagnosis, treatment history, billing information, etc.]
Give one way to protect ePHI?
Use secure passwords, lock screens, or encrypt data [Technical safeguards].
Name one type of risk in care management?
Incomplete documentation- missing or inaccurate records that impact care quality.
What type of risk can result from improper handling of patient data?
Privacy breaches or unauthorized disclosure of PHI.
Why are annual trainings required?
To keep staff updated on laws and best practices.
Who must comply with HIPAA?
All healthcare workers, organizations, and their business associates.
What should you do if you accidentally email PHI to the wrong person?
Report it immediately to your privacy or compliance officer.
OSU Privacy Officer: Barrett.Hunter@okstate.edu
HIPAA Analyst: Sarah.Maxey@okstate.edu
What is the purpose of incident reporting?
To document and help prevent future issues.
How does compliance affect patient trust?
It ensures confidentiality and professional integrity.
What's one way to promote a culture of compliance?
Encouraging reporting without fear of retaliation.
What's one example of a HIPAA violation?
Discussing patient information in a public or leaving records visible.
What is the "minimum necessary use"?
Only accessing or sharing the information you need to do your job.
Who is responsible for reporting risks?
Every staff member!
What's the role of a care manager in compliance?
Protecting patient privacy and confidentiality, accurate and timely documentation, adhering to organizational policies and procedures, promoting ethical and legal practice, continuous education and awareness!
Who enforces HIPAA and healthcare compliance laws?
The Office for Civil Rights (OCR) and HHS.
What are specific reasons that allow the use and disclosure of Protected Health Information (PHI) without requiring patient authorization?
Treatment, Payment, and Healthcare Operations
1. 45 CFR 164.506
2. Uses and Disclosure of PHI- General Rules PRV-05.01 [OSU's Internal policy]
What's a physical safeguard example?
Locking file cabinets, server rooms, using ID badges, or securing workstations to prevent unauthorized access.
What's one benefit of proactive risk management?
Preventing harm, improving quality, and reducing liability.
What's an example of non-compliance in care management?
What's the best way to avoid compliance risks?
Stay informed, follow policies, and ask when unsure.
https://ostatemailokstate.sharepoint.com/sites/OSU-CHS/compliance/SitePages/Home.aspx