Please review the presentation below on HIPAA and then complete the accompanying quiz.
Employee Training Presentation
HIPAA
Learning Objectives
1. Define requirements of Health Insurance Portability and Accountability Act
2. Identify Protected Health Information (PHI)
3. Recognize how HIPAA impacts your role
4. How to safeguard PHI
5. Recognize what corrective actions may be taken
6. Perform your role in compliance with HIPAA
What Is HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) provides a framework for the Privacy, Security, and Electronic Data Exchange (EDI) of an individual’s health information.
HIPAA is a Federal Law passed in 1996 to safeguard individuals’ health information.
Why is Privacy and Security Training Important?
It is everyone’s responsibility to take the confidentiality of information seriously.
Anytime you come in contact with someone’s information or any PHI that is written, spoken or electronically stored, YOU become involved with some part of the privacy and security regulations.
The law requires us to train you.
To ensure your understanding of the Privacy and Security Rules as they relate to your job.
Privacy Rule
Privacy Rule is the core component of HIPAA...
• Privacy refers to protection of an individual’s health care data.
• Defines how individual’s information is used and disclosed.
• Gives individuals privacy rights and more control over their own health information.
• Outlines ways to safeguard Protected Health Information (PHI).
PHI Components
1. Medical Information
2. Personally Identifiable Information (PII):
Information that leads to the identification of an individual
Permitted Disclosure of PHI
"TPO"
TREATMENT - Direct treatment of patient
PAYMENT - Activities by health plan to pay claims
HEALTH CARE OPERATIONS - Activities directly related to treatment and payment -- such as credentialing, auditing, utilization review, quality assessment, training programs
Covered Entities & Business Associations
Covered Entity
A healthcare provider, health plan, or healthcare clearinghouse that electronically transmits Protected Healthcare Information (PHI)
Business Association
An entity or person who performs services or functions for a Covered Entity
Security Rule
Security (IT) regulations went into effect April 21, 2005.
Security means controlling:
• Confidentiality of electronic protected health information (ePHI).
• Storage of electronic protected health information (ePHI)
• Access into electronic information
HIPAA Security Rule Safeguards
There are three types of safeguards under the HIPAA Security Rule:
1. Administrative Safeguards
• Policies & procedures
2. Physical Safeguards
• Workplace security
• Workspace security
• Building access security
3. Technical Safeguards
• Password security
• Hacker security
• Email security
• Network security
Security Awareness
1. Use strong passwords
2. Pay attention to web addresses
3. Don’t use personal email for work
4. Don’t open unfamiliar emails
5. Don’t download apps from unknown sources
6. Protect mobile devices with a password
7. Use key cards to enter facility
8. Lock your computer whenever leaving
9. Don’t bite on email phishing scams
10. Follow a clean desk policy
What must a covered entity (UMI) do to be in compliance with HIPAA?
• Adopt and implement privacy procedures.
• Train employees so they understand the privacy procedures.
• Designate a Privacy Officer.
• Notify patients about their privacy rights and how their information can be used.
• Secure patient records containing Protected Health Information [PHI].
HIPAA Training QUIZ
Below is a 10 question quiz.
Complete your name and answer all 10 questions.
A score of 80% or better is required to pass
