Playlist

Health Insurance Portability and Accountability Act (HIPAA) – Health Care Law (Nursing)

by Christy Davidson

My Notes
  • Required.
Save Cancel
    Learning Material 2
    • PDF
      Slides Health Insurance Portability and Accountability Act Health Care Law.pdf
    • PDF
      Download Lecture Overview
    Report mistake
    Transcript

    00:01 Welcome back everyone.

    00:03 When patients are in our care, they become vulnerable and risks to their privacy exists.

    00:08 As patient advocates, it's our responsibility to ensure we protect them.

    00:13 One way to protect their personal information is under the Health Insurance Portability and Accountability Act.

    00:20 The Health Insurance Portability and Accountability Act or HIPAA was created primarily to modernize the flow of healthcare information, stipulate how personally identifiable information maintained by the healthcare and the healthcare insurance industry should be protected from fraud and theft and to address limitations on healthcare insurance coverage.

    00:41 As the name implies, Personally Identifiable Information of PII is any data that can identify a person.

    00:50 Certain information like full name, date of birth, address, and biometric data are always considered as PII.

    00:57 Although it doesn't explicitly address personally identifiable information, HIPAA regulate situations like this under the term, Protected Health Information (PHI).

    01:06 PHI includes anything used in the medical context that can identify patients, such as: their name, address, birthday, credit card number, driver's license or the medical record number.

    01:20 Now there are 5 HIPAA rules.

    01:22 HIPAA Privacy rule, HIPAA Security rule, the Breach Notification rule, the Omnibus rule and the Enforcement rule.

    01:33 The HIPAA Privacy Rule.

    01:35 This rule dictates how, when and under what curcumstances PHI can be used and disclosed.

    01:41 It applies to all healthcare organizations clearinghouses and entities that provide health plans.

    01:47 It sets limits regarding the use of patient information when no prior authorization has been given by the patient.

    01:54 It also mandates patients and their representatives have the right to obtain a copy of their health records and request corrections to errors.

    02:02 Now covered entities have 30 days to respond to these types of requests.

    02:07 The HIPPAA Security Rule.

    02:09 This sets the minimum standards to safeguard electronic PHI.

    02:14 Anyone who can access, create, alter or transfer electronic PHI must follow these standards.

    02:21 The HIPPAA Security rule has 3 safeguards: Techinal safeguards include encryption - if the data goes outside the company's firewall.

    02:30 It has physical safeguards which may relate to the layout of work stations, for example, screens can't be seen from the public area.

    02:38 And administrative safeguards.

    02:40 This requires a security officer and a privacy officer to conduct regular risk assessments and audits.

    02:47 Now these assessments aim to identify any ways in which the integrity of PHI is threatened and build a risk management policy off the back of this.

    02:57 The Department of Health and Human Services must be notified if a data breach has been discovered.

    03:04 So the Breach Notification Rule.

    03:05 Notification must be within 60 days of the breach's discovery for incidents involving 500 or more individuals.

    03:13 Notification must be within 60 days of the end of the calendar year in which the breach was experienced for breaches of fewer than 500 records.

    03:22 And individuals whose personal information has been compromised must also be informed within 60 days.

    03:29 If greater than 500 patients were affected in a particular jurisdiction, a media notice must be issue to a prominent news outlet servinig that area, The Omnibus Rule.

    03:41 This extends HIPAA coverage to business associates.

    03:44 It prohibits use of PHI for marketing or fund raising purposes without authorization.

    03:49 And it outlines new penalty tiers for violations of HIPAA.

    03:54 The Enforcement Rule.

    03:56 Should a breach of PHI occur, this rule lays out how any resulting investigations are carried out.

    04:02 Once the level of negligence has been determined, appropriate fines can be issued.

    04:07 HIPAA covered entities are required to implement safeguards to ensure the confidentiality, integrity and availability of electronic PHI.

    04:16 Arguablyone of the most important safeguards, is encryption.

    04:19 Especially on portable devices such as laptop computers that are frequently taken off site Also, passwords Record retention Violation reporting Common HIPAA violations include: Risk analysis features Risk management features Lack of encryption or alternative safeguards Security awareness training failures Improper disposal of PHI Impermissible disclosures to PHI Failure to adhere to to the minimum necessary standard Failure to provide patients with copies of PHI on requests Failure to issue breach notifications promptly.

    05:02 So remember, compliance with HIPAA si an ongoing exercise.

    05:07 So in thinking of everything we've covered today, I'd like you to consider this question, What are 4 security requirement for electronic PHI under HIPAA? They are encryption, passwords, record retention, and violation reporting.

    05:30 I hope you've enjoyed today's video on HIPAA Thanks so much for watching.


    About the Lecture

    The lecture Health Insurance Portability and Accountability Act (HIPAA) – Health Care Law (Nursing) by Christy Davidson is from the course Professionalism (Nursing).


    Included Quiz Questions

    1. Health Insurance Portability and Accountability Act
    2. Health Insurance Protection and Accountability Act
    3. Health Information Protection and Accountability Act
    4. Health Information Portability and Accountability Act
    1. HIPAA privacy rule
    2. HIPAA security rule
    3. Omnibus rule
    4. Enforcement rule
    1. HIPAA security rule
    2. Omnibus rule
    3. Enforcement rule
    4. HIPAA privacy rule
    1. Individuals, as well as the Department of Health, must be notified within 60 days.
    2. Individuals must be notified within 60 days of the end of the calendar year, and the Department of Health must be notified.
    3. Individuals must be notified within 60 days, but the Department of Health does not need to receive notification.
    4. Individuals must be notified within 60 days of the end of the calendar year, but the Department of Health does not need to receive notification.
    1. Omnibus rule
    2. Breach notification rule
    3. Enforcement rule
    4. HIPAA privacy rule
    1. The violation was willful and not rectified.
    2. The violation was of ignorance and was not rectified.
    3. The violation was willful but rectified.
    4. The violation was of ignorance but rectified.

    Author of lecture Health Insurance Portability and Accountability Act (HIPAA) – Health Care Law (Nursing)

     Christy Davidson

    Christy Davidson


    Customer reviews

    (1)
    5,0 of 5 stars
    5 Stars
    5
    4 Stars
    0
    3 Stars
    0
    2 Stars
    0
    1  Star
    0