II. HIPAA COMPLIANCE

IA. HIPAA AWARENESS• What is HIPAA?-HIPAA stands for Health Insurance Portability Accountability Act.- HIPAA consists of exact rules for retrieving information and making sure it is in a protected surrounding. This is a simple understanding of what the HIPAA rule is about.

• Examples of HIPAA being enacted:

- Receptionist asking the patient for their social security number instead of asking to write it down on a paper. -Looking into an employee’s chart to identify his/hers date of birth.

IIA. HIPAA AWARENESS• Thieves are using the information that is kept in a medical

record for different motives of prohibited actions. Medical records are the target for thieves because of all of the information kept in the patients chart such as: patients name and address, social security number, and credit card numbers. Due to this, insurance companies are billed and pay a lot of money for fraudulent claims. This is a reason why we pay more for health care.

IB. Protected Health Information (PHI)

• Protected Health Information is also known as the health information of an individual. HIPAA gives nineteen ways where patients information is combined with not only health information, but individual information as well. This includes: Patient’s name, address, social security number, insurance information, payment information, credit card numbers, information on health status and treatments. They also include id-photos and license plate numbers. This information can be kept in computer records, conversation between two people, and handwritten paper records.

II B. Protected Health Information (PHI)

• Health Care Organizations that handle Protected Health Information (PHI) are known as covered entities. They transmit health information electronically.

• Who are counted as covered entities? - Hospitals

- Physician offices- Ambulatory care centers- Health plans- Pharmacies- Public health authorities- Healthcare billing services also known as clearing

houses.

III B. HIPAA PROTECTS FROM?• HIPAA protects many individuals from insurances denying

life or disability coverage.• HIPAA guards insurers using and or revealing inherited

material for underwriting determinations.• HIPAA keeps from employers creating employment or

dismissal decisions. • HIPAA keeps from Insurers increasing rates based upon

genetic information. • HIPAA protects from family, friends, or reporters using

health information for brutal purposes.

IC. ELECTRONIC SECURITY• The Electronic Security rule controls access to electronic

health care information. It is used to protect individuals from changes, loss, and deliberated or unplanned admission to illegal individuals.

• What does this mean? - If you work in an office setting, and you leave your

computer on to go for a lunch break, you must log off the computer and have a password on therefore no one can have access to others healthcare information.

II C. ELECTRONIC SECURITY

What does electronic security cover?

• What does the electronic security rule include?

- The electronic security rule includes all of the electronic media such as: desktops, laptops, smartphones, tablets, flash drives, text messages, and all handheld computers.

What does electronic security not cover?

• The electronic security does not cover phone conversations, paper-to-paper faxes, voice messages, or video chats.

III C. ELECTRONIC SECURITY

• Electronic security is grouped into three different categories.

-Administrative Safeguards-Physical Safeguards-Technical Safeguards

• The rule requires a reliable person who understands these three diverse types.

I D. HIPAA ENFORCEMENT RULE• The Enforcement Rule gives the Secretary of the

Department of Health and Human Services to enforce a money penalty on any individual who will go against the HIPAA act. The violations range from $100 to $50,000 per violation. The amount that is fined depends on the violation that was made.

II D. HIPAA VIOLATIONS?Violation Category Fine Limit on all violations

of identical provision in a calendar year

Individual didn’t know of violation

$100-$50,000 per violation

$1,500,000

Violation due to reasonable cause and not willful neglect

$1,000-50,000 per violation

$1,500,000

Violations due to willful neglect that was not intended

$10,000-50,000 per violation

$1,500,000

Violations due to willful neglect that aren’t intended.

$50,000 per violation $1,500,000

I E. STIMULUS ACT AND HIPAA• The American Recovery and Reinvestment Act (ARRA) of

2009 is known as the Stimulus Act. • Health Information Technology for Economic and Clinical

Health Act which is also known as HITECH is part of the Stimulus Act. HITECH requires HIPAA covered individuals to inform individuals who may be affected, when there is a breach.

• A breach is when there is unauthorized access to an other persons health information which takes away their privacy. Failure to inform this information can be subjected to penalties.

II E. STIMULUS ACT AND HIPAA

• EXAMPLES OF BREACHES?• Protected Health Information is faxed to the

wrong person or fax number. • Health Information was sent to the wrong

address.• A flash drive containing health information is

lost or stolen.• Electronic equipment is disclosed inaccurately.

HIPAA PRIVACY RULE UPDATE• There are three main purposes of the privacy rule.

• Establishing patient rights • Outlining appropriate uses and disclosures.• Defining and creating safeguards for protected health information.