SlideShare a Scribd company logo

Hipaa

Download as PPTX, PDF
I
ITP370
1 of 19
InfoSec Management and HIPAA
HIPAA • Title I: protects health insurance for workers and their families when they lose or change jobs. • Title II(InfoSec relevant): creates national standards for electronically transferred health care information • Title III: health plan tax adjustments • Title IV: Group Health plans • Title V: Revenue Offsets
http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
Title II – What you should Know • HIPAA Key Terms & General Rules • When you can share patient information and when you cannot • Patient’s Rights regarding their health information
HIPAA Key Terms • Protected Health Information (PHI) – Patient health information created or given to a medical practitioner – Medical information that identifies the patient in any format ie. verbal, written, or electronic – Includes: Names, addresses, dates, phone numbers, email addresses, social security numbers, license numbers, full face photos, etc. • Anything that identifies the patient
HIPAA Key Terms • Covered Entities – Health care practitioner that contains electronic PHI – Ie. Hospitals, family physicians, Blue Cross Blue Shield, Kaiser Permanente – Covered entities and anyone they share their data with are subject to HIPAA
HIPAA Key Terms • TPO • (T)Treatment: activities for patient care • (P)Payment: monetary transaction for healthcare services • (O)Operations: regular activities of a covered entity to perform healthcare functions
HIPAA Key Terms • Business Associate – Third parties who have access to PHI • Ie. security software vendors creating a secure system for the healthcare practitioner – Business Associates must sign agreement acknowledging HIPAA compliance
HIPAA Key Terms • Minimum Necessary Rule – PHI may only be accessed on an as needed basis. – Only access enough PHI to complete the job at hand and no more.
HIPAA Key Terms • Notice of Privacy Practices (NPP): – Description of ways the healthcare practitioner may use PHI without obtaining further patient authorization – Anytime PHI is released for another reason than TPO, further patient authorization is required
HIPAA Key Terms • Use: internal use of PHI within the healthcare office • Disclosure: external distribution of PHI within a larger healthcare system
HIPAA Key Terms • Types of Disclosure 1. No authorization required • Sharing PHI with other doctors for referrals 2. No authorization required but must provide opportunity to object • Discussing PHI with family members in the room – the patient must be allowed option of privacy 3. Authorization required • Disclose PHI for research
HIPAA Key Terms • Incidental Disclosures: – Speaking to a patient in a 2bed hospital room and the second patient overhears the conversation – Visitor’s hear a patients name called in the waiting room – Health practitioners should do their best to avoid these as much as possible and applying the minimum necessary rule
How to Violate HIPAA • http://youtu.be/XyF40FZ0n5I
HIPAA Violations • Covered entities and individuals subject to violation penalties • Up to $1.5 million fine per HIPAA violation per year • Criminal Fines up to $250,000 or up to 10 years in prison • Is HIPAA enforced? – http://www.ama- assn.org/amednews/2012/04/30/bisd0502.htm
HIPAA Scenarios 1. If a doctor stores his patients initials and medical notes on his iPhone does the doctor’s iPhone contain PHI? 2. As a doctor, are you allowed to email your patients own medical information to their personal email accounts? 3. As a nurse, are you allowed to look up one of your patient’s address to mail a get well card?
HIPAA Scenario Answers 1. Yes, the iPhone now has PHI and must be treated with the same care as an entire patient medical file. 2. No, you are not allowed to send PHI to your patient’s personal email account because you cannot assure that account is secure. 3. As a nurse you must abide the minimum necessary rule and sending a card is not necessary.
Ensure HIPAA Compliance • Apply NIST Special Publication 800-66 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) – http://csrc.nist.gov/publications/nistpubs/800-66- Rev1/SP-800-66-Revision1.pdf
Assignment • Imagine you’re hired by a dentists office to help transfer their operations from paper file based, to electronic file based. – What sort of network system and security (physical and digital) would you recommend implementing? – Make sure and manage PHI correctly – Diagram the network – Write 1 single spaced page explaining why it works

Recommended

Hipaa training
Hipaa trainingHipaa training
Hipaa trainingjjgreen001
 
Hippa
HippaHippa
Hippacameonicole
 
Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2tiffhall
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
Hipaa training
Hipaa trainingHipaa training
Hipaa trainingschmoikel987
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021John Reardon
 
MHA690 confidentiality training
MHA690 confidentiality trainingMHA690 confidentiality training
MHA690 confidentiality trainingsdavis49
 

Recommended

Hipaa training
Hipaa trainingHipaa training
Hipaa trainingjjgreen001
 
Hippa
HippaHippa
Hippacameonicole
 
Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2Tiffany hall mha 690 week 1 discussion 2
Tiffany hall mha 690 week 1 discussion 2tiffhall
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basicsmlireton
 
Hipaa training
Hipaa trainingHipaa training
Hipaa trainingschmoikel987
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awarenessCharles Taft
 
Hippa 2021
Hippa 2021Hippa 2021
Hippa 2021John Reardon
 
MHA690 confidentiality training
MHA690 confidentiality trainingMHA690 confidentiality training
MHA690 confidentiality trainingsdavis49
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Understanding hipaa
Understanding hipaaUnderstanding hipaa
Understanding hipaaSharon Nemecek
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2martykoepke
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017Ashley Valenzuela
 
Abc hospital
Abc hospitalAbc hospital
Abc hospitalluivan7894
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA ComplainceFarhatParveen10
 
Dustin HIPAA
Dustin HIPAADustin HIPAA
Dustin HIPAADustin Kinzinger
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshowheronimus92
 
Hot materials hippa
Hot materials hippaHot materials hippa
Hot materials hippaWork Aholic
 
Welcome to the hippa, privacy and security
Welcome to the hippa, privacy and securityWelcome to the hippa, privacy and security
Welcome to the hippa, privacy and securityveve1728
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialitychwiso8418
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaadigitalpractice
 
Hippa presentation2
Hippa presentation2Hippa presentation2
Hippa presentation2Katherine Smith , MHA
 
HIPAA Summary for Training
HIPAA Summary for Training HIPAA Summary for Training
HIPAA Summary for Training MDManagement
 
Healthcare IT: Security Risks & Regulations
Healthcare IT: Security Risks & RegulationsHealthcare IT: Security Risks & Regulations
Healthcare IT: Security Risks & RegulationsCHIPS Technology Group
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Lance King
 
Hippa and Confidentiality
Hippa and ConfidentialityHippa and Confidentiality
Hippa and Confidentialityramonapage
 
Health Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability ActHealth Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability Actসারন দাস
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12O2 TESTING SERVICES
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power pointchwiso8418
 

More Related Content

What's hot

Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2martykoepke
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for DevelopersTrueVault
 
Hot materials hippa
Hot materials hippaHot materials hippa
Hot materials hippaWork Aholic
 
Welcome to the hippa, privacy and security
Welcome to the hippa, privacy and securityWelcome to the hippa, privacy and security
Welcome to the hippa, privacy and securityveve1728
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentialitychwiso8418
 
HIPAA Summary for Training
HIPAA Summary for Training HIPAA Summary for Training
HIPAA Summary for Training MDManagement
 
Healthcare IT: Security Risks & Regulations
Healthcare IT: Security Risks & RegulationsHealthcare IT: Security Risks & Regulations
Healthcare IT: Security Risks & RegulationsCHIPS Technology Group
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Lance King
 
Hippa and Confidentiality
Hippa and ConfidentialityHippa and Confidentiality
Hippa and Confidentialityramonapage
 

What's hot (18)

Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
Understanding hipaa
Understanding hipaaUnderstanding hipaa
Understanding hipaa
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017
 
Abc hospital
Abc hospitalAbc hospital
Abc hospital
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
 
Dustin HIPAA
Dustin HIPAADustin HIPAA
Dustin HIPAA
 
HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshow
 
Hot materials hippa
Hot materials hippaHot materials hippa
Hot materials hippa
 
Welcome to the hippa, privacy and security
Welcome to the hippa, privacy and securityWelcome to the hippa, privacy and security
Welcome to the hippa, privacy and security
 
Patient confidentiality
Patient confidentialityPatient confidentiality
Patient confidentiality
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaa
 
Hippa presentation2
Hippa presentation2Hippa presentation2
Hippa presentation2
 
HIPAA Summary for Training
HIPAA Summary for Training HIPAA Summary for Training
HIPAA Summary for Training
 
Healthcare IT: Security Risks & Regulations
Healthcare IT: Security Risks & RegulationsHealthcare IT: Security Risks & Regulations
Healthcare IT: Security Risks & Regulations
 
Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016Leading your HIPAA Compliance Culture in 2016
Leading your HIPAA Compliance Culture in 2016
 
Hippa and Confidentiality
Hippa and ConfidentialityHippa and Confidentiality
Hippa and Confidentiality
 

Similar to Hipaa

Health Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability ActHealth Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability Actসারন দাস
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesNisos Health
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power pointchwiso8418
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power pointchwiso8418
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationfalane
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law TestSachiko Hurst
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 Meg Oser
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?TriageLogic
 
Patient confidentiality.ppt
Patient confidentiality.pptPatient confidentiality.ppt
Patient confidentiality.pptchwiso8418
 
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYPROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYDenise Masella
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2bkoenig2010
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2martykoepke
 

Similar to Hipaa (20)

Health Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability ActHealth Insurance and Portability and Accountability Act
Health Insurance and Portability and Accountability Act
 
HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12HIPAA HITECH training 7-9-12
HIPAA HITECH training 7-9-12
 
HIPAA Compliance For Small Practices
HIPAA Compliance For Small PracticesHIPAA Compliance For Small Practices
HIPAA Compliance For Small Practices
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power point
 
Patient confidentiality power point
Patient confidentiality power pointPatient confidentiality power point
Patient confidentiality power point
 
UNA HIPAA Training 8-13
UNA HIPAA Training 8-13UNA HIPAA Training 8-13
UNA HIPAA Training 8-13
 
Hipaa and social media using new
Hipaa and social media using newHipaa and social media using new
Hipaa and social media using new
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
 
HIPAA Part I the Law Test
HIPAA Part I the Law TestHIPAA Part I the Law Test
HIPAA Part I the Law Test
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017
 
Are You HIPAA Safe?
Are You HIPAA Safe?Are You HIPAA Safe?
Are You HIPAA Safe?
 
Patient confidentiality.ppt
Patient confidentiality.pptPatient confidentiality.ppt
Patient confidentiality.ppt
 
Phi masella
Phi masellaPhi masella
Phi masella
 
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYPROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2Mha690 brittany koenig week 1 assignment2
Mha690 brittany koenig week 1 assignment2
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
 

Hipaa

  • 2. HIPAA • Title I: protects health insurance for workers and their families when they lose or change jobs. • Title II(InfoSec relevant): creates national standards for electronically transferred health care information • Title III: health plan tax adjustments • Title IV: Group Health plans • Title V: Revenue Offsets
  • 4. Title II – What you should Know • HIPAA Key Terms & General Rules • When you can share patient information and when you cannot • Patient’s Rights regarding their health information
  • 5. HIPAA Key Terms • Protected Health Information (PHI) – Patient health information created or given to a medical practitioner – Medical information that identifies the patient in any format ie. verbal, written, or electronic – Includes: Names, addresses, dates, phone numbers, email addresses, social security numbers, license numbers, full face photos, etc. • Anything that identifies the patient
  • 6. HIPAA Key Terms • Covered Entities – Health care practitioner that contains electronic PHI – Ie. Hospitals, family physicians, Blue Cross Blue Shield, Kaiser Permanente – Covered entities and anyone they share their data with are subject to HIPAA
  • 7. HIPAA Key Terms • TPO • (T)Treatment: activities for patient care • (P)Payment: monetary transaction for healthcare services • (O)Operations: regular activities of a covered entity to perform healthcare functions
  • 8. HIPAA Key Terms • Business Associate – Third parties who have access to PHI • Ie. security software vendors creating a secure system for the healthcare practitioner – Business Associates must sign agreement acknowledging HIPAA compliance
  • 9. HIPAA Key Terms • Minimum Necessary Rule – PHI may only be accessed on an as needed basis. – Only access enough PHI to complete the job at hand and no more.
  • 10. HIPAA Key Terms • Notice of Privacy Practices (NPP): – Description of ways the healthcare practitioner may use PHI without obtaining further patient authorization – Anytime PHI is released for another reason than TPO, further patient authorization is required
  • 11. HIPAA Key Terms • Use: internal use of PHI within the healthcare office • Disclosure: external distribution of PHI within a larger healthcare system
  • 12. HIPAA Key Terms • Types of Disclosure 1. No authorization required • Sharing PHI with other doctors for referrals 2. No authorization required but must provide opportunity to object • Discussing PHI with family members in the room – the patient must be allowed option of privacy 3. Authorization required • Disclose PHI for research
  • 13. HIPAA Key Terms • Incidental Disclosures: – Speaking to a patient in a 2bed hospital room and the second patient overhears the conversation – Visitor’s hear a patients name called in the waiting room – Health practitioners should do their best to avoid these as much as possible and applying the minimum necessary rule
  • 14. How to Violate HIPAA • http://youtu.be/XyF40FZ0n5I
  • 15. HIPAA Violations • Covered entities and individuals subject to violation penalties • Up to $1.5 million fine per HIPAA violation per year • Criminal Fines up to $250,000 or up to 10 years in prison • Is HIPAA enforced? – http://www.ama- assn.org/amednews/2012/04/30/bisd0502.htm
  • 16. HIPAA Scenarios 1. If a doctor stores his patients initials and medical notes on his iPhone does the doctor’s iPhone contain PHI? 2. As a doctor, are you allowed to email your patients own medical information to their personal email accounts? 3. As a nurse, are you allowed to look up one of your patient’s address to mail a get well card?
  • 17. HIPAA Scenario Answers 1. Yes, the iPhone now has PHI and must be treated with the same care as an entire patient medical file. 2. No, you are not allowed to send PHI to your patient’s personal email account because you cannot assure that account is secure. 3. As a nurse you must abide the minimum necessary rule and sending a card is not necessary.
  • 18. Ensure HIPAA Compliance • Apply NIST Special Publication 800-66 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) – http://csrc.nist.gov/publications/nistpubs/800-66- Rev1/SP-800-66-Revision1.pdf
  • 19. Assignment • Imagine you’re hired by a dentists office to help transfer their operations from paper file based, to electronic file based. – What sort of network system and security (physical and digital) would you recommend implementing? – Make sure and manage PHI correctly – Diagram the network – Write 1 single spaced page explaining why it works