HIPAA stands for Health Insurance Portability and Accountability Act. It is a federal law that:
Under HIPAA, a patient has a right to:
This list is not all-encompassing; for a full description visit: The Official HIPAA Site
We must protect an individual’s personal and health information that:
HIPAA defines this information as Protected Health Information (PHI)
Personal Information | Medical Information |
Name | Diagnoses |
Address | X-rays |
Date of Birth | Procedures |
Age | Prescriptions |
Phone/fax number | Lab Work |
Social Security number | Test Results |
E-mail address | Any other unique identifying numbers |
PHI, in short, is any health information that can be tied back to an individual.
It includes the past, present, or future health status of an individual in relation to the provision of healthcare and payment for healthcare.
PHI is only PHI when an individual could be identified from the information.
If all identifiers are removed, it is no longer protected health information and the HIPAA Privacy Rules restrictions on uses and disclosures no longer apply.
People consider health information their most confidential information, and we must protect it accordingly.
When using PHI, think about:
Misusing protected information can result in discipline, legal penalties and loss of trust from patient to clinic.
HB may create, use, and share Protected Health Information ONLY by HIPAA trained personnel and ONLY for:
HIPAA mandates a Minimum Necessary Rule: This means limiting the amount of information that is shared in order to perform a specific patient related task.
Share only what is needed & relevant.
Each patient must receive a copy of the Notice of Privacy Practices.
A signature is routinely obtained to show that they have been appropriately informed.
The Notice of Privacy Practices must also be found at the patient reception area or by asking any staff member.
For other uses and disclosures of PHI, HB MUST get a signed authorization
from the patient. For example:
ONLY to do your work!
At all other times, staff are expected to protect a patient’s information as if it were their own information.
Please be especially careful during casual conversations with staff or other volunteers, on site or off.
The Spoken Word
These are just a few examples of instances where these pitfalls occur. Remember, if someone besides the patient can hear the information, you probably shouldn’t be saying it!
Electronic Privacy
Monitor your Electronic Privacy vigilantly! Remember, even just a simple glance at PHI that is not by an authorized user could garner a HIPAA complaint.
Security/Paper Privacy
If a patient:
Do not give any copies to anyone without first consulting a staff member
Take action where needed:
We are committed to respecting the privacy of our patients and will actively address the concern.