CHITSP101: An Overview of HIPAA

Wendy Whitmore
A free video tutorial from Wendy Whitmore
CHSP, CHSA
4.4 instructor rating • 4 courses • 9,402 students

Lecture description

This lecture provides an overview of the Health Insurance Portability and Accountability Act (HIPAA). It defines key terms, including Protected Health Information (PHI), Covered Entities, and Business Associates. It also describes HIPAA penalties and enforcement.

Learn more from the full course

Health IT Security Proficiency

The course is designed to train HIPAA Compliance Officers, both for Business Associates and Healthcare Providers

02:21:11 of on-demand video • Updated February 2017

  • Describe the requirements of the HIPAA Privacy Rule and Security Rule, the HITECH Act and the Omnibus Final Rule
  • Explain the many changes that have occurred in both federal privacy regulations and the Health IT market since 2009
  • Demonstrate understanding of the regulations and special challenges that face Business Associates
  • Create a compliance program based on three fundamentals: the Security Risk Analysis, updated policies and procedures, and training
  • Secure a medical organization or Business Associate from data breaches
  • Prepare for a government audit or breach investigation by understanding the requirements and protocols of each
  • Implement new policies and procedures and other documentation, with an understanding of new federal requirements for documentation
  • Create a HIPAA awareness and training program
  • Demonstrate knowledge of regulatory complexity, including other federal laws and state privacy laws
  • Show a pragmatic understanding of how to protect data, whether as an IT specialist, practice manager, or compliance officer
  • Implement encryption to protect against data breaches
  • Demonstrate knowledge of PCI DSS, the industry requirement for protecting credit card data
  • Implement best practices for IT security for all members of the workforce
English [Auto] My name is Brian Johnson certified health I.T. Security administrator and senior director of online education for formit approved I'll be the narrator an instructor for this professional video burning series The Health Insurance Portability and Accountability Act or PIPA was passed by Congress in 1996. Today is important mainly because it protects the health information of patients. Any individual or organization that has access to a patient's health information must comply with applies to a country doctor who has a single receptionist but it also applies to billion dollar corporations with thousands of employees is sometimes criticized for being vague and subject to interpretation. But it was designed to be flexible enough to apply to organizations of all sizes and types Hippo's flexible but also strength and failure to comply and result in large fines lawsuits and damage to reputation. Also enacted important insurance reforms the portability and helpa refers to a time when insurance companies deny coverage to employees that had a preexisting condition. Even if the employees were previously covered by another employer uncertainty about insurance coverage made employees reluctant to change jobs until they knew that their new employer's health insurance plan would accept and require insurance companies to extend coverage to employees with preexisting conditions but also require standardization of billing formats and codes used to file claims prior to each insurance company created its own codes which cause unnecessary complexity and administrative overhead for providers the same treatment was billed under a different code depending on the payer even basic information such as patient name and treatment. It was formatted differently by each payer because insurance coding was so complex. There were many errors as a result. Insurance companies rejected many claims and delayed payments to providers and required insurance companies to standardize electronic data form in the same diagnostic and treatment. These reforms streamlined billing lower the costs of administration and accelerated payments to healthcare providers. Many of the insurance reforms and goodbye head have faded from view partly because they were successful today when people speak of Heaven they usually are referring to the privacy and security requirements the laws that show compliance with his privacy and security requirements is an important part of modern health care in the United States. Terminology refers to terminology and legal classifications that will be referenced throughout this course before it's boring hiper requirements and depth. It is valuable to review some basic terminology protected health information for PH hiper classifies patient health information as protected health information or VHI health information is protected regardless of its form with a written electronic or verbal health information includes anything related to health care treatment diagnosis condition or pain however to be classified as a child the health information must also be identifiable. This means that the health information can be tied to a particular patient. There are 18 identified in inclusion of any one of them requires protection of the health information identifiers in the patients name phone number address e-mail birthday and Social Security health care professionals can share ph to provide treatment and care to their patients. However accessing or using a child for purposes that do not directly relate to care requires written patient authorization with very few exceptions electronic protected health information or EPA electronic Chye or EPA is any identifiable patient data that is either stored or transmitted in electronic form the covered entity establishes two broad categories of organizations and individuals that must comply. These categories are known as covered entities and business associates covered entities are generally providers such as doctors and nurses however hipping classifies many different types of providers as covered entities health care providers. Any healthcare professional organization such as nurses doctors hospitals or pharmacies that collects or transmits health information to provide care plan a company or group that pays for medical care including Medicare Medicaid health plans whether medical dental vision or prescription HMO and self-funded plans by groups and businesses health care clearinghouse and organizations that process certain health information such as converting diagnostic and treatment information into electronic bills the business Sosia a business that provides services to a covered and may come into contact with a child is classified as a business associate and the business associates typically come into contact with HIV as part of the services they provide. For example eyeteeth service companies typically have access to job as part of their maintenance of computer and network system. Companies that provide billing services are business associates. If they have access to documents shredding companies may come into contact with Pichai as they shred old paper records. Other business associates may access patient data to provide research or analysis covered entities are required to identify their business associates and sign contracts with them. These contracts are usually called business associate agreements. The agreement specifies that the business associate will comply with helpa and only acts as VHI under strict control. The health information technology for economic and clinical Health Act of 2009 or the high tech Act included the requirement that business associates comply with APA to the same extent as covered entities. The federal government finalized these new regulations for business associates in the omnibus final which came into effect in 2013. Among other requirements the omnibus final rule mandates new business associate agreements and updates to other kaputt documentation. Pippa rules and regulations Hibbett consists of overlapping legal requirements and regulations the most important components of helpa are the privacy rule which establishes broad protections for health information and the security rule which sets standards for safeguarding EPA Chye. In addition Hippel was modified significantly by the high tech Act which was passed in 2009. It is administered by the U.S. Department of Health and Human Services or HHS implementation and civil enforcement are overseen by the HHS office for civil rights often called OCR the hip a privacy rule all identifiable health information is protected by the privacy rule which governs the use and disclosure of pH by a core tenet of the privacy rule is that information should be shared on a minimum necessary basis. This means the information should be shared only with those who have a need to know and only certain sections of a patient record should be shared for a particular purpose. The hip of privacy rule came into effect in 2003. It had far reaching effects including the redesign of patient reception areas and pharmacy counters to protect the confidentiality of patient conversations training health care workers against talking about cases in public areas securing paper documents and requiring patients to specially authorize the release of information. The hippest security rule the security rule protects electronic health information whether it is stored or transmitted. The stated purpose of the security rule is to govern confidentiality integrity and availability of EPA confidentiality integrity and availability is often abbreviated. CIA security rule is a relatively complex set of requirements. It is made up of technical physical and administrative safeguards which specify standards for the protection of VBH on the simple security rule came into effect in 2005. The high tech act the high tech act made significant changes to happen in 2009. High tech Tuffin the civil penalties for hyp a violations and required that large breaches be publicly disclosed. It required business associates to comply with PIPA to the same extent as covered entities subjecting them to federal civil and criminal penalties. High tech also gave state attorneys general the authority to enforce Hippo's civil penalty. The high tech act also provided funding incentives to encourage the adoption and meaningful use of electronic health records system or H.R.. This program is usually called the meaningful use or incentive program meaningful use requires participating health care organizations to conduct security risk analysis and close any compliance gaps the analysis discovered. In this way meaningful use requirements are explicitly aligned with hiper required penalties and enforcement Pippa is enforced mainly through civil law. Civil penalties include fines of up to 1.5 million dollars per violation and additional fines can be applied if the violator fails to cooperate with investigators. Civil Enforcement of Himba is administered by the HHS office for civil rights for OCR criminal penalties can also apply to heap of violations in cases of the intentional misuse of health information for commercial or personal gain or for harm. Criminal penalties can include fines and imprisonment for up to 10 years. Criminal investigations are carried out by the FBI and the US Department of Justice for DOJ covered entities and business associates are compelled by law to report the loss or release of these breaches must be reported both to patients and to the government within a specified period of time. When first an active PIPA did not include funding for enforcement but the high tech aggravated significant funding for audits in breach of Nicaragua. These changes have created a stricter regulatory environment resulting in many more investigations and connoting OCR has assessed penalties for failing to conduct an adequate security risk analysis into close compliance gaps for negligence in adopting and implementing policies and procedures for failure to train the workforce unhip a compliance failure to comply with hyp as costs organizations millions of dollars in fines.