HIPAA Flashcards
Review of Health Information Portability & Accountability Act (HIPAA) Administrative Simplification
What does the HIPAA Privacy Rule Do?
How does the School of Dentistry do this?
Patient Notification of HIPAA Privacy Policy
•Right to request privacy protection
•Access of individual to their own protected health information (PHI)
•Right to request amendment of PHI
•Accounting of disclosures of PHI
•Right to Restriction
•
The School’s Accountability
Minimum Necessary Rule
- PHI should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function
- The SOD should take reasonable steps to limit disclosures
Limit Disclosure
Electronic Communication
The Privacy Rule permits the SOD to use and disclose protected health information
- Treatment
- Payment
Security
Security Rule:
•Builds on effort to comply with Privacy Rule
Privacy Rule:
•Covers:
•PHI in oral, written, & electronic form
Security Rule:
•Covers PHI in ELECTRONIC Form only
•EPR & MIPACS
State & Federal Regulations
•HIPAA is
the minimum standard for privacy
- Patient privacy compliance requires knowledge of both State and Federal laws
- The provision that provides the greatest privacy protection will prevail
Health Information Technology for Economic and Clinical Health Act (HITECH)
& State Attorney Gen
State AG
Authorized to bring civil action on behalf of state residents for HIPAA violations
Obtain damages
HIPAA
violators accountable with civil and criminal penalties
HITECH Breach Notification Rule
HITECH, Cont.
•Definition of Breach
Impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information
•Results in a significant risk of
Financial
Reputational
Other harm to the affected individual
•
PHI & Technology
•USB Memory Stick & Portable Devices
•
•De-identify patient PHI or Encrypt before saving
•
•Lok-IT secure flash drive
•
•
•
PHI & Technology, Cont.
SOD and a legally defensible EHR
