alone. Welcome to CyberRays. Intermediate Data Security Course P H I. Part two. I'll be your instructor. Dustin Perry.
In today's video, we're going to continue our discussion on Ph. I with some rules and regulations and then get into some privacy and security.
Lastly, we'll discuss what you can do if you need to file a hip a complaint, so it's going to get started.
So one of the biggest rules and regulations that kind of governs overall Peach I data is hip up
and hip is the primary law again oversees the use of access to and disclosure off PH. I in the United States.
Hip also regulates who must adhere to these rules.
Organizations cannot sell pH I unless it is for public health activities, research, treatment
services rendered or the merger or acquisition of a hip a covered entity.
HIPPA also gives you individuals the right to make written requests to amend pH. I. The A covered and see maintains
partners or business associates of health care providers that sign HIPPA. Business associate agreements are legally bound to handle patient data in a way that satisfies the HIPPA privacy and security rules.
Business associates as well as covered entities are also subject to hit the audits conducted by the U. S. Department of Health and Human Services, or HHS Office for Civil Rights, or OCR.
When hip originated, it was designed to help protect paper records.
As you can imagine, this doesn't really help with modern database and each our systems. So there were amendments to Hip in 2000 and nine, along with the high tech Act. With the passing of the high tech act, HIPPA has started governing Elektronik Lee Store Patient data.
Because providers transition PH. I from the paper to the electronic formats, there's a lot more convenient, a lot easier to manage and use.
While the hippo rules regulate paper and electronic data equally, their differences between the two formats paper and electronic
first patients who submit a request for access to their data must have that request answered by a covered entity within a 30 day time period, a time frame that was created to accommodate the transition transmission of paper records.
The disposal methods of Ph. I also very obviously between electronic and paper records,
paper files can be shredded or otherwise made unreadable
and unable to be reconstructive Elektronik pH. I should be cleared or purged from the system in which it was
previously held. Him
trying to learn more about some of the rules and regulations. You can go to HHS dot gov slash hip Up
hippo splits PH. I specifications Among its privacy and security rules, the privacy regulations governed how hospitals, care centers, long term facilities and other half court healthcare organizations use and share. PH. I've
well, the security provisions cover measures, including software. There were strict unauthorized asset
access. To be a try
covered entities must evaluate I t capabilities and the likelihood of a PH. I security risk. But like rules and regulations of protocols, the types of technology aren't specified.
Some actions to help protect data, including steps to stop or thwart hackers and malware from getting access to patient data.
In 2018 a new data privacy law in the European Union, known as the General Data Protection Regulation, or GDP, are was passed.
This really effects PH. I on a wide scale
GDP are generally applies Teoh health data, including genetics, So healthcare organizations that treat you or European Union Union patients will need to be aware of GDP ours regulations about patient consent to process pH I.
Also, in March of 2018 the Trump administration announced a new program called My Health E Data,
in which the government promotes the idea that patients should have access to their Ph I
and that such data should remain secure in private.
The underlying point of the my health E data is to encourage healthcare organizations to pursue interoperability of health data as a way of allowing patients more access to their records.
So what is HIPPA?
This is Canada. Several review question.
Yeah. HIPPA stands for the Health Insurance Portability and Accountability Act.
If you remember, it was originally written in 96 for more paper based records and has since evolved into including rules for electronic records as well, with amendments in 2009.
If you believe that a hip, a covered entity or its business associates violated you or someone else's health information privacy rights or committed another violation of the privacy, security or breach notifications, you may file a complaint with the OCR or the Office for Civil Rights.
OCR can investigate complaints against covered entities like health plan, health care clearinghouses, healthcare providers,
anybody that conducts these certain transactions electronically and also their business associates.
You can file a complaint online, which is typically the
easiest way to do it now at OCR portal dot HHS dot gov.
Or you can also file a written complaint by fax, mail or email.
Anybody is able to file a health information privacy security complaint,
but your complete must be filed in, uh, in writing by mail, fax, email or via the OCR complaint portal.
It must name the covered entity or business associates involved and described the acts or omissions you believe violated the requirements of the privacy, security or breach notification rules. So you have to tell him what went wrong.
They must be filed within 188 days of when you knew that the act or omission complained, occurred,
and OCR may extend the 180 day period if you can show good cause.
So in today's video, we wrapped up our discussion on hip and we went over some of the rules and regulations to it
privacy and security and how they break those two things apart. And we went over kind of a brief introduction on how to file a hip. A complaint
up next we've got P. I