The HIPAA Privacy
Rule
Submitted by Paula
Howard, CHUC, of
OBJECTIVE: Learn
facts about the HIPAA Privacy Rule and safeguarding protected health
information (PHI) in the HUC workplace
HIPAA is the abbreviation for The Health Insurance
Portability and Accountability Act of 1996, also known as the
Kennedy-Kassenbaum Act. The U.S.
Department of Health and Human Services provides federal protection that affects
both health care providers and health care consumers. HIPAA has several parts:
The Office for Civil Rights enforces the HIPAA Privacy Rule.
The Privacy Rule is a response to public concern over potential abuses of the
privacy of health information. It provides
the first national standards for protecting the privacy of individually identifiable
health information and the right of a patient regarding this personal
information. Health care providers are
required to make reasonable efforts to limit use, disclosure of and requests
for PHI to the minimum necessary to accomplish their purpose. At the same time, this rule is balanced so
that it permits the disclosure of personal health information needed for patient
care and protecting public health, through outbreak investigations, public
health surveillance and terrorism preparedness.
The Privacy Rule recognizes that the research community has
legitimate needs to use, access, and disclose individually identifiable health
information to carry out a wide range of health research protocols and
projects. The Privacy Rule not only
protects the privacy of such information when held by a covered entity (an
organization that routinely handles PHI in any capacity), but also
provides ways in which researchers can access and use the information for
research, subject to various conditions.
Emergency preparedness and recovery planners may request
protected health information to ensure that in an emergency, individuals can
receive the assistance or care they need.
In addition, during a severe disaster, those involved in disaster relief
efforts may seek PHI to provide persons displaced and in need of health care
ready access to services, and the means of contacting family and caregivers.
The Privacy Rule:
Some examples of individually identifiable health
information include:
The Privacy Rule paves the way for full-scale use of
electronic commerce by standardizing electronic transactions and easing the
transfer of information between health plans, providers, payers, and the
government. It also provides rigorous
safeguards to protect the confidentiality of patient information maintained on
electronic devices.
Some of the safeguards to control physical access to protected data are:
It is crucial to be aware of our surroundings while
completing routine tasks, too. Even the
method used to handle trash can be a HIPAA Privacy Rule violation waiting to
happen.
As health unit coordinators, we already know many of the Privacy
Rule basics—from not discussing patient information in elevators and cafeterias
to making sure that computer passwords are kept confidential. Generally, people
should only have access to information required to do their jobs.
For the HUC, simply using common sense can make us more
conscious of confidentiality by supporting policies and procedures with
practice.
REFERENCES:
-United States Department of
Health and Human Services. Office for Civil Rights—HIPAA. Medical privacy: national standards to protect the privacy of
personal health information [Web site].
Available from: www.hhs.gov/ocr/hipaa.
-
-http://www.privacyrights.org/fs/fs8a-hipaa.htm#13
e-Learning
QUIZ
ID # Web-09-01-10
VALUE: 2 NAHUC CONTACT HOURS
Fee: $5 (U.S. Dollars) for NAHUC
members, $10 (U.S. Dollars) for non-members
Do not send cash. Make check payable to:
NAHUC.
If overpayment is made, refunds will be issued in the form of NAHUC Buck
certificates.
Directions:
Print, choose the most
correct answer based on the article and mail the completed quiz, self-addressed
self-stamped return envelope along with appropriate fee to:
Linda Winslow
Only
quizzes with at least 70% answered correctly will be awarded contact hours.
Please
allow up to 6-8 weeks for quizzes to be returned.
DEADLINE
FOR SUBMISSION OF THIS QUESTIONNAIRE IS AUGUST 31, 2011.
Member #: ________ Name:_______________________________________________
Phone number: ___________ Email address:
________________________________
Instructions: After
reading the article, circle the best answer to the following questions:
1. Which of the following is not a part of the HIPAA
Privacy Rule?
a. Patients have the right to obtain a copy of their own
health record.
b. Patients have the right to make informed choices as to
what company may provide their insurance.
c. Patients have the right to decide how individual health
information may be used.
d. Patients have the right to request corrections of their
personal health information.
2. What does the acronym PHI stand for, as used in the
Privacy Rule?
a. Private health intervention
b. Personal hygiene instruction
c. Patient health initiative
d. Protected health information
3. A HUC can safeguard access to PHI by doing all of the
following except:
a. Keeping names, addresses and phone numbers of
clients/patients confidential
b. Not discussing patient information in public places
c. Using our knowledge of The Privacy Rule and exercising
common sense in the workplace
d. Contacting the U.S. Department of Health and Human
Services to report HIPAA violations
|
|
4. HIPAA is also known as:
a. The Practice of
Associated Health Standards
b. Health Insurance Probability and Accountability Act of
1996
c. The Kennedy-Kassenbaum Act
d. Health Information Protection Act of 1996
5. The Privacy Rule is balanced so that it permits
disclosure of personal health information for public safety through all of the following, except:
a. Terrorism preparedness
b. Media attention
c. Outbreak investigations
d. Public health surveillance
6. The health unit coordinator can safeguard physical access
to PHI by doing all of the following except:
a. Controlling and monitoring access to equipment that
contains protected data
b. Governing the removal of hardware and software of
electronic devices on the within their department
c. Limiting access to equipment that contains protected data
to properly authorized individuals
d. Supervise the removal of paper waste in all patient rooms
and within their department
7. The HIPAA Privacy Rule is enforced by what government
entity:
a. The Drug Enforcement Agency
b. The Center for Disease Control
c. The Office for Civil Rights
d. The Office of Insurance and Coverage
8. In a severe disaster, relief workers may seek PHI to
provide all of the following except:
a. Needed health care
b. Ready access to services
c. The means of contacting family and caregivers
d. Flood and fire insurance
9. Referring to the article, which of the following
statements is not true:
a. Individuals who violate patients’ rights may face
criminal penalties
b. The disclosure of personal health information needed to
protect public health is allowed
c. Patients must pay their deductible in order to find out
how their health information has been used
d. Health care providers are required to make reasonable
efforts to limit requests for PHI to the minimum
10. A covered entity could be which of the following:
a. A health plan
b. A health care clearinghouse (an entity that standardizes
health information, e.g. a medical billing service)
c. A health care provider
d. A, B, and C