HIPAA: Privacy
The portion of HIPAA that provides federal protections for all individually identifiable health information.
What is the Privacy Rule of the Health Information Portability and Accountability Act (HIPAA)?
Includes all individually identifiable health information. Including demographic data, medical histories, test results, insurance and other information used to identify a patient or provide healthcare services or healthcare coverage.
What is Protected Health Information (PHI)?
Each person within the Practice who handles PHI.
Who is required to have HIPAA compliance training?
Unauthorized access or disclosure of PHI for any reason other than treatment, payment, or healthcare operations.
What is a BREACH of HIPAA?
Sharing your secure computer login and password or not locking your workstation before you leave.
What are violations of Sanova’s security measures to protect patient PHI?
A health plan, a healthcare provider and a health clearing house.
What is a HIPAA covered entity?
Each covered entity, with certain exceptions, must provide this type of notice to all patients.
What is Sanova Dermatology’s Notice of Privacy Practices?
Upon hire, then annually, and as needed.
What is how often is HIPAA compliance training conducted?
(1) To the Individual (unless required for access or accounting of disclosures); (2) for Treatment, Payment, and Health Care Operations; (3) Given the Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities
What are legitimate reasons to ACCESS patient PHI without express written consent?
Specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information.
What is the Security Rule of the Health Information Portability Accessibility and Accountability Act (HIPAA)?
The U.S. Department of Health and Human Services through the Office for Civil Rights.
What are the government agencies who enforce the HIPAA Privacy Rules?
Dan Kopfensteiner
Who is Sanova’s Privacy Officer?
Trained and alert employees who can recognize and identify information security threats, understand and avoid the risks, and make better data protection decisions.
What is Sanova’s FIRST line of defense in the protection of Protected Health Information?
Unintentional, intentional, and intentional with intent.
What are the types of HIPAA BREACHES?
Name the Rule: PHI should only be disclosed to the extent needed to support the intended purpose of the disclosure of the information for treatment.
What is the Minimum Necessary rule?
PHI that excludes specific, readily identifiable information about individual patients, BUT may include geographic area (zip code) and dates of service.
What is a Limited Data Set?
Information relating to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual” that is transmitted or maintained by a covered entity.
What is PHI?
Obligations and regulations imposed by the HIPAA Privacy and Security statute, the HITECH Act, the HIPAA Privacy, Security, and Enforcement Rules as well as the Breach Notification Rule.
What are the requirements for HIPAA compliance training?
A celebrity patient has an excision for skin cancer and calls the following day to inquire about a prescription. You didn’t not initially see the patient. You access the medical records of the celebrity patient to confirm the prescription was sent.
What is a legitimate ACCESS of PHI (for treatment)?
Fines ranging from $100 to $1.5 million. Healthcare providers can also be at risk for sanctions or loss of license.
What are the penalties for HIPAA violations?
Name this type of disclosure: A busy emergency room uses bays to treat patients. HIPAA signs are posted in each bay and a written HIPAA disclosure is given to each patient upon admission. A patient hears about the neighboring patient’s condition.
What is incidental disclosure?
Sanova Dermatology’s Privacy Officer.
Who is Dan Kopfensteiner?
Sleeping, not participating and not paying attention.
What is How you will earn having to re-take the HIPAA compliance training and receive disciplinary action?
A friend came into Sanova for a procedure. You publicly post a message to them on social media asking them if their rash has cleared up?
What is an example of a BREACH of the Privacy Rule?
Changing passwords often, required password length, individual logins, disabling accounts at termination.
What are examples of Security Procedures?