HIPAA Training Session: HIPAA Privacy and Security Rules

Introduction

HIPAA:

• Health Insurance Portability and Accountability Act
• A federal law passed in 1996 (Ramli, 2021)
• deals with the privacy of patients’ data, including healthcare insurance coverage and uniform provider identity.

PII:

• Personal Identifying Information
• Health information on an individual
• created or collected by a healthcare provider
• important to the delivery of health care

PHI:

• Protected health information
• concerns a patient’s medical history and demographics
• gathered to acquire patients, quality treatment.

ePHI:

• Electronically protected health information (Ramli, 2021)
• stored, generated, received and computed electronically
• ePHI organizers need to follow HIPAA rules

HIPAA Security Rule

• The HIPAA security rules entail privacy rules
• Important for protecting data and information
• promote confidentiality, security and integrity of ePHI,
• Physical, administrative, technical safeguarding procedures implemented
• Implementation of both tech and non-tech measures (Tovino, 2020)
• April 5th 2005- effective compliance day
• The specific entities that are covered must:
• ensure integrity, and availability of ePHI that they receive, create, maintain and transmit
• Protect and identify security threats (Tovino, 2020).
• Protection against reasonably anticipated disclosure
• Ensure the workforce complies with the rules.

Safeguarding of PII, PHI, and ePHI

• Sensitive information should not emailed to personal account
• Email encryption
• Hard copies of sensitive PII protectection
• Proper use of US mail (Moore & Frye, 2019).
• Do not share passwords or logins.
• Electronic copies of sensitive information made
• Hard drives should be encrypted
• Safeguarding involves securing equipment and environment.
• Firewalls should be installed
• Train the workforce (Moore & Frye, 2019).
• Implement group policies

Disclosures of PII, PHI, and ePHI

• Disclosed to the individual to whom it pertains
• Disclosures may involve cases of identity theft
• Carelessness may lead to data abuse (Cohen & Mello, 2018)
• Written consents from patients for disclosure
• disclosure prevent or lessen
• Minimize harm to an individual or the public (Cohen & Mello, 2018).
• Law enforcement in tracking down data thieves

Conclusion

• Defining HIPAA, PII, PHI, ePHI, and ePHI
• Organizations should safeguard patients private information.
• Organization’s train staff dealing with sensitive information.
• Safeguarding practices
• Disclosing data to the right people

References

Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st century. Jama, 320(3), 231-232. Web.

Hui, Karen, Carol J. Gilmore, and Mujahed Khan. “Medical Records: More Than the Health Insurance Portability and Accountability Act.” Journal of the Academy of Nutrition and Dietetics 121, no. 4 (2021): 770-772. Web.

Iyiewuare, P. O., Coulter, I. D., Whitley, M. D., & Herman, P. M. (2018). Researching the Appropriateness of Care in the Complementary and Integrative Health Professions Part 2: What Every Researcher and Practitioner Should Know About the Health Insurance Portability and Accountability Act and Practice-based Research in the United States. Journal of manipulative and physiological therapeutics, 41(9), 807-813. Web.

Moore, W., & Frye, S. (2019). Review of HIPAA, part 1: history, protected health information, and privacy and security rules. Journal of nuclear medicine technology, 47(4), 269-272. Web.

Mahajan, U. V., Wafapoor, V., Mahajan, O. A., & Anderson, W. S. (2022). Use of Patients’ Protected Health Information to Solicit Hospital Funds: How did This Practice Come About?. Journal of Patient Experience. Web.

Ramli, K. (2021, July). HIPAA-based Analysis on the Awareness Level of Medical Personnel in Indonesia to Secure Electronic Protected Health Information (ePHI). In 2021 IEEE International Conference on Health, Instrumentation & Measurement, and Natural Sciences (InHeNce) (pp. 1- 6). IEEE. Web.

Tovino, S. A. (2020). Privacy and security issues with mobile health research applications. The Journal of Law, Medicine & Ethics, 48(1_suppl), 154-158. Web.