Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA.

Published byLucas Claessens Modified over 6 years ago

Similar presentations

Presentation on theme: "HIPAA."— Presentation transcript:

1 HIPAA

2 What is Hipaa?  In 1996, the Health Insurance Portability and Accountability Act or the HIPAA was endorsed by the U.S. Congress. The HIPAA Privacy Rule, also called the Standards for Privacy of Individually Identifiable Health Information, provided the first nationally- recognizable regulations for the use/disclosure of an individual's health information. Essentially, the Privacy Rule defines how covered entities use individually-identifiable health information or the PHI (Personal Health Information). 'Covered entities' is a term often used in HIPAA-compliant guidelines. This definition of a covered entity is specified by [45 CFR § ] of the Privacy Rule. A covered entity can be a:

3 What is Hipaa? Cont. A covered entity can be a Health plan
Healthcare clearinghouse Healthcare provider :

4 Overview of Privacy Law
Gives patients control over the use of their health information Defines boundaries for the use/disclosure of health records by covered entities Establishes national-level standards that healthcare providers must comply with Helps to limit the use of PHI and minimizes chances of its inappropriate disclosure Strictly investigates compliance-related issues and holds violators accountable with civil or criminal penalties for violating the privacy of an individual's PHI Supports the cause of disclosing PHI without individual consent for individual healthcare needs, public benefit and national interests

5 Four Rules of HIPAA HIPAA Privacy Rule HIPAA Security Rule HIPAA Enforcement Rule HIPAA Breach Notification Rule

6 Protected Health Information (PHI)
You will hear this term non-stop when dealing with applications that can store health information. It’s typically called PHI although some parts of the law refer to digitally- stored PHI as ePHI. We’ll stick with PHI for consistency. PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment. In other words, PHI is information in your medical records, including conversations between your doctors and nurses about your treatment. PHI also includes your billing information and any medical information in your health insurance company’s computer system. Some examples of PHI: Billing information of program Members Program members Diagnosis Program members name and any information contained in program members case records.

7 Additional Stakeholders
A covered entity is anyone who provides treatment, payment and operations in healthcare. All care providers for this agency are a covered entity. Simply put, a Business Associate is a vendor or subcontractor who has access to PHI.

8 Three Parts to the HIPAA Security Rule
Administrative Safeguards Technical Safeguards Physical Safeguards

9 Administrative Safeguards
The administrative components are really important when implementing a HIPAA compliance program; you are required to: Assign a privacy officer Complete a risk assessment annually Implement employee training Review policies and procedures Execute Business Associate Agreements (BAAs) with all partners who handle protected health information (PHI)

10 Technical Safeguards Technical safeguards outline what your application must do while handling PHI. Access Control Requirements Unique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity. Emergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency. Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed. Encryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI.

11 Physical Safeguards The Physical Safeguards really have to do with who has access to PHI data and how that access is managed. Much of the Physical Safeguard requirements that developers need to worry about are handled by HIPAA compliant hosting companies (such as TrueVault, AWS, Firehost and Rackspace). Contingency Operations (addressable): Establish (and implement as needed) procedures that allow facility access in support of data restoration under the disaster recovery and emergency operations plan in the event of an emergency. Facility Security Plan (addressable): Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft. Maintenance Records (addressable): Implement policies and procedures to document repairs and modifications to thephysical components of a facility which are related to security (e.g. hardware, walls, doors, and locks).

12 Physical Safeguards Cont.
Device and Media Controls Disposal (required): Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored. Media Re-Use (required): Implement procedures for removal of ePHI from electronic media before the media are made available for re-use. Accountability (addressable): Maintain a record of the movements of hardware and electronic media and any person responsible therefore. Data Backup and Storage (addressable): Create a retrievable, exact copy of ePHI, when needed, before movement of equipment. Workstation Security (required): Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users. Workstation Use (required): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI.

13 HIPAA violation categories and their respective penalty

14 Types of breaches Unencrypted Data
While encryption is an addressable (rather than required) specification, it does not mean optional. The vast majority of data breaches are due to stolen or lost data that was unencrypted. When in doubt, you should implement the addressable implementation specifications of the Security Rule. Most of them are best practices. Employee Error Breaches can occur when employees lose unencrypted portable devices, mistakenly send PHI to vendors who post that information online, and disclose personally identifiable, sensitive information on social networks. Data Stored on Devices Almost half of all data breaches are the result of theft. When laptops, smartphones, etc. are unencrypted the risk of a breach increases considerably. Almost two-thirds of data breaches involved a business associate. Meaning that you delegated a covered function or activity to someone, and that someone messed up. So pick your partners carefully.

15 How To Access Your Privacy Officer totto o Access You Privacy Officer H
The Privacy Officer for COHF, Inc. is Erika Travinski You may contact her for an appointment at any time. Phone: ext. 677. Leaving a message in her mailbox located in the main office. How to File a Complaint All privacy complaints will be directed to Erika Travinski, Privacy Officer, for proper processing and handling. The privacy officer will review the complaint, investigate it, and report the results of the investigation to the appropriate individuals. How to Access more Information on HIPAA You may find additional HIPAA information in the Training Department office. You may also find information on the web at The Center of Hope Privacy notice are posted in all programs and through-out the agency.

16 Summary We are considered a medical facility and we must all be HIPAA compliant. You have now completed your HIPAA training. For further information contact your Human Resource or the Training Department. Please proceed to the testing portion and complete the follow-up test. Upon completion results will be sent to the training office where you will be notified of your status of Pass or Fail. Accommodations will be made for any staff who is not able to complete the online testing. Please notify your supervisor.

Download ppt "HIPAA."

Similar presentations

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

Similar presentations

Ads by Google