HIPAA Part 2 - What is HIPAA Privacy Rule

Video Activity

This lesson covers the HIPPA Privacy Rule. The HIPPA Privacy Rule is one of the two main elements of HIPPA, the other being the Security Rule. The Privacy Rule mainly focuses on Protected Health Information (PHI) which includes demographic information and relates to person's physical/and or mental health and also includes the financial information ...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 14 minutes
Video Description

This lesson covers the HIPPA Privacy Rule. The HIPPA Privacy Rule is one of the two main elements of HIPPA, the other being the Security Rule. The Privacy Rule mainly focuses on Protected Health Information (PHI) which includes demographic information and relates to person's physical/and or mental health and also includes the financial information that is necessary to collect payment and includes 18 elements that must be protected. Privacy practices must be stated in plain language so they can be comprehended by all so the individual clearly understands their rights.

Video Transcription
Now that we understand why hip is necessary, let's go ahead and move forward and talk about what it is.
So once again, health Insurance portability and Accountability Act as I mentioned, it came about 96 wasn't really strictly enforced till 2003 and what we have. We have the two main elements of HIPPA. The privacy rule and the security rules,
and the goal off. This act in particular,
is to provide protection for help information.
So let's start off by talking about what is P. H. I. What is protected health information does every aspect of who I am and medical conditions prescription nonprescription? This that or the other What exactly falls under P H I?
Well, per this particular act. They're actually eight
teen elements that must be protected and not just these elements, but certain combinations of these elements. They're certain requirements as well. So again, some of this falls under personally identifiable information as part of protected health information as well.
But I just want to go over this list because it's such an important aspect that we understand all the elements that are covered under hip. So, first of all names, that's easy enough patient names, you know, from that idea, just the fact that I visit. Perhaps an oncologist
might lead someone to know that I am perhaps struggling with cancer.
So just the very name of a patient who attends a doctor that needs to be protected. One of the things that you may have noticed throughout the years as you've perhaps gone to physicians or other health care organizations when you would sign in. Traditionally, your name would appear on the list. But now, if you go in,
what they generally do is they have you sign in,
and then they remove your name from the list. You'll sign in, like on a little sticky tape, and they'll remove that so that patients coming up behind you are not able to see who the previous visitors are. So that's one step, and that's come about because of hip hop,
uh, geographical subdivisions smaller than state. So demographic information,
perhaps my zip code certainly certainly city, uh, street address. Those would be protected as well. Elements of dates specifically thinking about things like birthdates, thinking about admitted and discharge dates again. How long I'm being treated
in a facility might given indications to the severity of my condition.
Discharged eight states of birth and dates of death,
phone numbers and fax numbers associated with the individual email addresses. You know, everyone wants your email address today that now becomes protected under HIPPA. Off course Social Security numbers, medical record numbers even internally, that the doctor might use to reference me
Help plan I D. Numbers. So if you've got a membership number or group number for your health insurance plan, that would be protected any sort of account numbers, certificate or license numbers. And again, you know, if I'm a professional, I might have certain licensing information or certificates associated with my name
vehicle identify IRS in serial numbers. You know, that may not seem like health care information, but perhaps if my vehicle, for instance, would be parked in a lot, they may ask for that information. And that, of course, could be used to trace back to me
any sort of identify IRS like device or serial number.
If I personally have a Web address I P addresses also covered under P. H I
big ones biometrics, eso, thumbprints, voice recognition scans, any of those elements that could be used to uniquely identify me and biometrics air. So important because if a password, for instance, were to be compromised, you could revoke my password and reissue one to me.
But if my thumb print gets count compromised, there is no re issuing
a thumbprint.
Full face, photographic images and any sort of comparable image is a lot of times that gets tied, you know, perhaps into biometrics, perhaps with facial recognition software, whatever that might be. But that has to be protected as well. And ultimately 18 kind of sums it up
any other uniquely identifying number
or characteristic or code. Anything else. It's not specifically required that's used to uniquely identify me, and that would stand out for me specifically from other patients. So we've got a wide range of material that's considered under public protected health information,
and we has helped care providers or business associates or subcontractors
are responsible under the law to protect this information. Now we're gonna go on and look at how we have to protect that information a few moments
Two main rules, as I've said before, in relation to HIPPA, there's the privacy rule in the security room, so I'm just gonna hit a couple of highlights here. So, uh, these specifically our collection of standards of privacy of individually identifiable help
and this Usually it's summed up under the category of pH. I've protected health information. So this comes to us from the Department of Health and Human Service is H H F. And they over suit, see and provide the standards for the protection off this information.
So when we talk about privacy, privacy is gonna garner the use and disclosure of this protected health information. And ultimately, what it comes down to is that I is the patient controlled the dissemination of this information
at least to a degree. Because, like we said earlier, there are some exceptions to this rule.
However privacy is all about. It's my information. I get to choose the disclosure again. This applies to covered entities, and not all help care information is provided by a covered entity.
So once again, we'll talk about health care providers, business associates and subcontractors who will do that in a little bit.
I also get an assurance that all of my health care
is protected properly. Now. What that means is really gonna be provided for us by the security rule. The to do go hand in hand.
The flip side of Hippo, though, is or really the balance with HIPPA is that we want to protect. We want to control dissemination of information. We want to put that in the patient's hand. But
in today's environment, information has to flow across providers and across other entities, Right? You know, when I go to my doctor, my health care organization may take a claim. My insurance company, they have tohave diagnostic codes. They have to have codes for the office visits.
And we want our medical provider just tow, expedite the matter
to be able to direct build. So if we're not careful what we wind up having his privacy laws so restrictive that nothing works.
So, for instance, if my primary care physician refers me to a specialist, we want that primary care doctor to be able to send over the information to that specialist so that they can help treat us and that maybe, you know, a hospital springing in a specialist,
perhaps, where we're not able to give written consent there all sorts of elements that we need to think about here.
A doctor may not have the capacity within their organization to process healthcare claims and health care information to be accorded in accordance with him, so they may have to outsource that, you know. So there were many elements at first. It sounds very simple. Protect patient information, keep it private.
But what we have to do is find that balance between allowing the information flow is necessary,
but still keeping that sensitive information private. When we talk about privacy, I want to just mention the notice of privacy practices sometimes referred to as a knot. And you've probably seen this. If you've been in a physician's office in the last several years, is generally what they do is they provide you in writing
a notice of what their practices are in relation to the privacy of your health care information.
And very frequently they have you sign it that you've acknowledged and read that information, and that's enough. So ultimately, this comes under the privacy rule off HIPPA, and it gives us the fundamental right to be notified of the privacy
practices within that health care provider or health plans
or any other entity that would be considered to be a covered entity under this plan. Basically, what it means is I have the right to know. What are you doing with my information? How may it be disseminated? How are you going to protect it? And again, the degree of detail would be spelled out for the individual health care provider.
But ultimately that notice
privacy is either posted in the doctor's office or position or health care providers office. It also has to be present and has to be
easily discernible on a Web page that health care provider might provide. But ultimately what we're looking to do is make sure our patients know that they're in charge of their private information and how we're going to go about protecting or distributing that information.
And we refer to that
as a notice of privacy practices. Another important piece per HIPPA.
It must be in pain, plain language. You know this particular act. You could go through pages and pages and pages of information. Some will make sense, and some may not what we want with this notice of privacy we don't ever want to forget with the purposes. We don't want to get so trapped in legalese, if you will,
that we're not speaking plain enough for the majority for our customers to understand.
So we want to be very direct. And again I would ask you to think back of your experience in physician's offices or other health care providers. And think about the documents that you've signed that you acknowledge that you received. They're usually just a paragraph or two long. You know what the most a page that you sign off on
and they're generally pretty short, pretty sweet to the point.
Don't forget our goal. Our goal is to help educate our patients and let them know and to give them the assurance that we understand their information is personal and private to them and that we're gonna protect it. So we'll also let no exceptions in which we may share share this information, disclosed this information
and also just to kind of again reinforce that they have basic rights
and that we're obligated to protect those rights under him.
Up Next
HIPAA Training Archive

HIPAA is the federal health insurance portability act of 1996. HIPAA helps protect the privacy of patients and it helps healthcare industry companies control administrative costs.

Instructed By