Cybrary.it HIPAA training
HIPAA – Is the Federal Health Insurance Portability
Act of 1996. HIPAA helps protect the privacy of patients and it helps healthcare industry companies control administrative costs. HIPAA sets guidelines that organizations must follow in regards to the security of data. Personally identifiable information is collected widely in the healthcare industry, and it is this information that HIPAA regulations seek to protect. An organization that incurs a breach or data loss, and was not HIPAA compliant, faces severe penalties.
About the Online HIPAA Training Course
This HIPAA online training course is designed to instill understanding of the principles involved in data system security procedures which ensure that all processes ad applications are up to HIPAA regulation standards. Subject Matter Expert, Kelly Handerhan, walks the student through a logical path that begins with understanding and develops competence.
Cyrbary’s HIPAA training course is essential for healthcare professionals, HR staff, third party administrators as well as many other fields in order to have the information necessary to be in compliance. Key topics covered in a HIPAA training course include:
- HIPAA Overview
- Protected Health Information (PHI)
- HIPAA Privacy
- Notice of Privacy Practices
- Reasonable Safeguards
- Using PHI for Marketing
- HIPAA Security
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Handling PHI
- Security Breach
- PHI Rights of Individuals
- Enforcement of HIPAA
Related Compliance Training for End Users
Other classes relating to end user security and compliance, for free on Cybrary, include:
1) PCI / DSS Training
2) End User Security Awareness
Other classes relating to end user security and compliance, for free on Cybrary, include:
1) PCI / DSS Training
2) End User Security Awareness
HIPAA Introduction
This lesson gives an introduction to the HIPPA course. HIPPA stands for the Health Insurance Portability and Accountability Act. The following are some of the topics this course covers:
• Why HIPPA is needed
• What is HIPPA
• Notice of Privacy Practices
• Security Rule
• Protected Health Information (PHI)
Participants will learn about the rules of HIPPA and what they are meant to protect as well as the safeguards of HIPPA; focus on which specifications are in place to make sure these safeguards are enforced and carried out properly.
• Why HIPPA is needed
• What is HIPPA
• Notice of Privacy Practices
• Security Rule
• Protected Health Information (PHI)
Participants will learn about the rules of HIPPA and what they are meant to protect as well as the safeguards of HIPPA; focus on which specifications are in place to make sure these safeguards are enforced and carried out properly.
Why do we need HIPAA?
This lesson focuses on the history of HIPAA. Before 1996, there was no legislation regarding how a patient’s personal medical information could be shared. HIPAA was introduced to protect individuals as well as society with a set of ethics, rules and best practices. Even though HIPAA was formed in 1996, it wasn’t strongly enforced until 2003. However, at the present time there was very strong audits and regulations surrounding HIPAA.
To protect the individual:
Protecting personal privacy is to protect the interests and dignity of individuals. To protect the identity of the patient!
To benefit society through furthering research ethically:
Protecting patients involved in research from harm and preserving their rights is essential to ethical research!
HIPAA Part 2 – What is HIPAA Privacy Rule
This lesson covers the HIPPA Privacy Rule. The HIPPA Privacy Rule is one of the two main elements of HIPPA, the other being the Security Rule. The Privacy Rule mainly focuses on Protected Health Information (PHI) which includes demographic information and relates to person’s physical/and or mental health and also includes the financial information that is necessary to collect payment and includes 18 elements that must be protected. Privacy practices must be stated in plain language so they can be comprehended by all so the individual clearly understands their rights.
18 elements considered PHI (Protected Health Information):
2 main elements: privacy rule and security rule!
1. Names
2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, etc.
3. All elements of dates (except year) for dates directly related to an individual, including birth dates, admission date, discharge date, date of death
4. Phone numbers
5. Fax numbers
6. Electronic mail addresses
7. Social security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers, phone numbers
13. Device identifiers and serial numbers
14. Web universal resource locators (URLs)
15. Internet Protocol (IP) address numbers
16. Biometric identifiers, including finger comparable images
17. Full face photographic images and any comparable images
18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data).
The Privacy Rule
Also known as Standards for Privacy of Individually Identifiable Health Information!
Issued by the Department of Health and Human Service (HHS) as a set of national standards for the protection of certain health information!
Provides assurance that individuals’ health information is properly protected
Must also consider the necessary flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.
The HIPAA Privacy Rule gives individuals a fundamental right to be informed of the privacy practices of their health plans their health care providers, as well as to be informed of their privacy rights with respect to their personal health information.
The NOPP must be provided to patients who request this information and post prominently on its website.
Notice of Privacy Practices, must be in plain language:
· Provide adequate notice of how a covered entity may use and disclose PHI
· Indicate his/her rights and the covered entity’s obligations in relation to that information
What is HIPAA Security Rule
This lesson covers the HIPPA Security Rule. This rule protects the privacy of an individual’s health information while allowing enough flexibility to adapt to new and changing technology. The HIPPA Security Rule requires appropriate measures to allow the security of electronic protected information. The HIPPA Security Rule has four basic requirements. Participants also learn about privacy versus security.
· Protect the privacy of individuals’ health information
· Allow enough flexibility to allow for growth and new technologies
· Requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic protected health information, and also availability!
· CIA – confidentiality, integrity and availability!
Four Basic Requirements:
1. Ensure the confidentiality, integrity and availability of all e-PHI they create, receive, maintain or transmit;
2. Identify and protect against reasonably anticipated threats to the security or integrity of the information;
3. Protect against reasonably anticipated, impermissible uses or disclosures; and
4. Ensure compliance by their workforce.
Privacy vs. Security – what’s the difference?
The Privacy rule focuses on the right of an individual to control the USE of his or her personal information. Protected health information (PHI) should not be divulged or used by others against their wishes.
· The Privacy rule covers the confidentiality of PHI in all formats including electronic, paper and oral
· Confidentiality is an assurance that the information will be protected from unauthorized disclosure. The physical security of PHI in ALL FORMATS is an element of the Privacy rule.
The Security rule focuses on administrative, technical and physical SAFEGUARDSspecifically as they related to ELECTRONIC. Protection of ePHI data from unauthorized access, whether external or internal, stored or in transit, in all part of the security rule. Typically ePHI is stored in:
· Computer hard drives
· Magnetic tapes, disks, memory cards
· Any kind of removable/transportable digital memory media
· All transmission media used to exchange information such as the Internet, leased lines, dial-up, intranets and private networks.
How: Security Rule
This lesson covers the HIPPA Security Rule and how it is enforced. The HIPPA Security Rule requires the following three layers of protection to guard PHI:
1. Physical
2. Administrative
3. Technical
All of these rules come together to form rules which relate to everything from access to a health facility, to who handles information and how to the security of workstations; to name only a few.
2. Administrative
3. Technical
All of these rules come together to form rules which relate to everything from access to a health facility, to who handles information and how to the security of workstations; to name only a few.
Physical Safeguards:
Facility Access and Control: a covered entity must limit physical access to its facilities while ensuring that authorized access is allowed.
Workstation and Device Security: a covered entity must implement policies and procedures to specify proper use of an access workstation and electronic media. A covered entity also must have in place policies and procedures regarding the transfer, removal, disposal and re-use of electronic media, to ensure appropriate protection of electronic protected health information (e-PHI).
How: Technical Safeguards and Consent
This lesson covers how private patient information is protected via technical means. Technical methods of protecting information range from encryption, to authentication and authorization. Covered entities must also implement policies pertaining to:
• Access Control
• Audit controls
• Integrity Controls
• Transmission Security
• Access Control
• Audit controls
• Integrity Controls
• Transmission Security
IF YOU DON’T NEED IT, DON’T STORE IT; IF YOU DO NEED IT, PROTECT IT!
Ignorance of the law is not an excuse!
To Whom does HIPAA Apply
This lesson covers who HIPPA applies too! It’s important to realize many organizations collect important health information; however, they may not be covered entities and have to comply with The Privacy Rule.
Covered entities include:
• Health Plans
• Health Care clearing houses
• Health Care providers
• Business associates
• Subcontractors
• Health Plans
• Health Care clearing houses
• Health Care providers
• Business associates
• Subcontractors
Can You Share PHI
This lesson covers the exceptions in what can be shared without a patient’s consent under the Privacy Rule. A covered entity can share the following limited information without the patient’s consent:
• To the individual patient
• Treatment
• Payment
• Health care operations activities
The Policy Rule informs of the limitations pertaining to exactly what and how information can be shared.
• To the individual patient
• Treatment
• Payment
• Health care operations activities
The Policy Rule informs of the limitations pertaining to exactly what and how information can be shared.
The individual patient:
Besides required disclosure, Covered Entities also may disclose PHI to their patients/health plan enrollees.
Examples:
· Health plans can contact their enrollees
· Providers can talk to their patients
0 comments:
Post a Comment