Health insurance portability and accountability act
(HIPAA)
What is HIPAA?
The health insurance portability and accountability act of 1996, (HIPAA), is the first
comprehensive Federal law that provides consumers with privacy and security
protection of their health information and their right to restrict the use and disclosure of
this information. The privacy legislation was effective April 14, 2003. The security
legislation is effective April 21, 2005. All organizations involved in providing health care
services must comply with the privacy and security laws including health insurance
companies, doctor’s offices, pharmacies, hospitals, nursing homes, home care
agencies, and any other locations that provide health care services.
What are some examples of HIPAA violations ?
- A celebrity was in the medical facility and you tried to sneak a peek at the paper
or electronic record.
- You discussed patient information on an elevator, in a lobby, cafeteria, or other
public locations, or to individuals not involved in the patient’s care.
- One of your family members, neighbors, or friends is a patient and you kept
others up to date on the events of his/her case.
What can you do?
Be mindful of ways to protect patient confidentiality and patient information, such as:
- Close patient room doors when discussing treatment plans.
- Close curtains and speak very softly when in a semi-private room.
- Never discuss patients or treatment in public areas (e.g. elevators, cafeteria).
- Never leave messages regarding patient conditions or test results on answering
machines or with anyone other than the patient.
- Never call/page patients in such a way as to reveal their health issues (e.g.
“John Smith, please return to the dialysis unit”).
- Never leave health information unattended in an area where others may
inappropriately see and/or remove it.
- Never leave a computer without signing off.
- Never allow another person to use your computer after using your sign-on.
- Never share computer passwords with anyone.
- Require that a patient sign an Authorization to Release medical information form before provider copies of their health information. Requests for copies of records require a signed authorization placed in the patient record unless the record is
needed for treatment by another healthcare provider. All legal requests for
medical records (attorneys and subpoenas) should be referred to the Office of HIPAA Compliance.
Notice of privacy practices
Every patient treated must receive a written notice of privacy practices. The notice is
available in the privacy office and in every area where patients are registered to receive
care. In the notice of privacy practice, patients are advised of their rights. Some of these rights include the following.
- Receive a written notice of how Medical Facility uses their information including
treatment, payment, and healthcare operations (e.g., quality assurance and patient satisfaction).
- Receive a copy of their health information.
- Amend their health information.
- Be informed of all recipients of their health information.
- Restrict the use of their health information.
- Request how their health information is used.
- Complain about perceived violations of privacy.
HIPAA Security
What is our security goal ?
As mandated by HIPAA, our goal is to ensure confidentiality, integrity, and availability of
all Electronic Patient Health Information (ePHI) so that it is not sabotaged, attacked, lost, stolen or misused.
What is ePHI?
Electronic Patient Health Information that can be linked to a specific individual’s identity,
medical condition, treatment or status as a patient.