HIPPA: Security and Privacy Fundamentals

Introduction
Module 1: Introduction to HIPAA
1.1 Introduction to HIPAA
5 Topics
1.1.1 HIPAA’s Role in Healthcare
1.1.2 History of HIPAA
1.1.3 Important HIPAA Terminology
1.1.4 HIPAA Violations
1.1.5 HIPAA Privacy Rule
1.2 When Is Patient Consent Not Necessary for Disclosure?
1 Quiz
1.2.1 Module 1: Test
Module 2: Fundamentals of PHI
2.1 What Is PHI?
1 Topic
2.1.1 PHI Identifiers
2.2 HIPPA Guidelines
3 Topics
2.2.1 For Recordings
2.2.2 For Telephone Communication
2.2.3 For Email Communication
2.3 PHI Rights of Individuals
2.4 Computer Workstation Guidelines to Protect PHI
2.5 How to Dispose of PHI?
1 Quiz
2.5.1 Module 2: Test
Module 3: The Privacy Rule – Uses, Disclosures, and Compliance
3.1 The HIPAA Privacy Rule
3.2 HIPAA Compliance
3.3 Who Is Covered by the Privacy Rule?
3.4 Statutory and Regulatory Background
3.5 Information Protected Under the Privacy Rule
2 Topics
3.5.1 Protected Health Information
3.5.2 De-Identified Information
3.6 Permitted Uses and Disclosures
3.7 Authorized Uses and Disclosures
3.8 Notice and Other Individual Rights
7 Topics
3.8.1 Privacy Practice Notice
3.8.2 Access
3.8.3 Amendment
3.8.4 Disclosure Accounting
3.8.5 Confidential Communications Requirements
3.8.6 Restriction Request
3.8.7 Administrative Requirements of the Privacy Rule
3.9 Guidelines and Practices for Privacy
3.10 Penalties for Noncompliance with the Privacy Rule
1 Quiz
3.10.1 Module 3: Test
Module 4: The Security Rule – Uses, Disclosures, and Compliance
4.1 The HIPAA Security Rule
4.2 History of the HIPAA Security Rule
3 Topics
4.2.1 Administrative Safeguards
4.2.2 Physical Safeguards
4.2.3 Technical Security Zone
1 of 3
Previous Topic
Next Topic

1.1.3 Important HIPAA Terminology

HIPPA: Security and Privacy Fundamentals 1.1 Introduction to HIPAA 1.1.3 Important HIPAA Terminology

We will go through some basic definitions to help you understand important HIPAA terminology.

  • HIPAA Authorization – It is a particular kind of consent obtained by the person to use and/or disclose their protected health information. The HIPAA regulations outline what constitutes a valid authorization.
  • Business Associate – It is an organization or individual that works on behalf of a covered entity to carry out a task involving the disclosure or use of protected health information (PHI). In other words, a third-party organization is a business associate if it has the potential to access certain PHI while doing the tasks that have been allocated to them.

When cooperating with covered entities, the following companies would be regarded as business associates:

  • Software providers with PHI access
  • Businesses that process or collect claims
  • Independent administrators
  • Call services
  • Pharmacists
  • Groups for patient safety or accreditation
  • Healthcare transcription businesses
  • Cloud service providers.

 

  • Covered Entity – It is an entity subject to HIPAA, such as health plan providers, healthcare providers, and healthcare clearinghouses. Health plan providers include health insurance companies, health maintenance organizations, government programs that pay for healthcare, and military and veterans’ health programs.
  • HITECH – It stands for Health Information Technology for Economic and Clinical Health Act of 2009. The HITECH Act pushed healthcare organizations to use electronic health records and enhance security and privacy safeguards for patient information. This was accomplished through monetary rewards for using electronic health records (EHRs) and stiffer penalties for breaking the HIPAA Privacy and Security Rules.
  • PHI – It is protected health information, and it deals with patients’ personal information.
  • Individual – It is the subject of PHI.
  • ePHI – It is electronically protected health information, such as faxes, emails, data backups, etc.
  • Risk Analysis – It is a set of government-mandated questions to help identify gaps in risk to your business and a covered entity. Risk analysis involves the details of what requires protection, what it should be protected from, and how to protect it.

Business Associate Agreement (BBA)

A HIPAA business associate agreement is an agreement between a covered entity and a company or individual that works for or offers services to the covered entity, as well as access to protected health information (PHI) as part of the function, operation, or service.

In a BAA contract, a business associate guarantees they will secure the PHI of the company’s patients. They must follow specific procedures and limit how they can use or disclose PHI.

A BBA’s goal is to specify your business associate’s obligations regarding the confidentiality and security of your patient’s PHI.

Previous Topic
Back to Lesson
Next Topic
Subscribe
Notify of
guest
0 Discussions
Inline Feedbacks
View all comments
Post a comment

Leave a Comment

Your email address will not be published. Required fields are marked *

0
Would love your thoughts, please comment.x
()
x