CDAP Midterm 1 - HIPAA and HITECH

What is HIPAA

Establishes national standards for the protection of the protected health information and electronic protected health information

HIPAA Privacy act

National standards for the protection of medical records and other personal health information

Purpose of HIPAA privacy act

strike a balance between the need to share information for the provision of quality healthcare and the need to protect patient privacy

Covered entities

Health plan, healthcare clearing houses, and health care providers who transmit health information electronically

Protected health information (PHI)

Encompasses all identifiable health information held or covered by a covered entity

What must the HIPAA privacy act do

Implement reasonable safeguards to protect the privacy of PHI

What are patient’s rights

They have the right to access their PHI, request corrections, and obtain disclosures of info

HIPAA security rule

Designed to protect electronic protected health information

Administrative safeguard

Policies and procedures to protect electronic PHI and ensure compliance with HIPAA regulations.

What are the three safeguards for the HIPAA security act

Administrative, physical, and technical

Physical safeguard

measures to protect electronic PHI by controlling physical access to facilities and equipment.

technical safeguard

Allow only authorized individuals to access PHI

Risk control

Allow an organization to recognize and minimize vulnerabilities and threats to EPHI

ePHI standards

Identify where your oganization comes into contact with PHI and develop clear step by step orcedures that comply with HIPAA

Implementation

bringing these policies and procedures to life using training or monitoring

What does every member of an organization need to understand?

policies and procedures and potential consequences of violations

Sanctions

Enforcing compliance when violations to HIPAA occur and for deterring future violations

HITECH Act

Enhances the existing regulations and sanctions with increased penalties for non-compliance. Also covers HIPAA to more health care providers

Tiered penalty system

Based on the level of willfulness of violation. Penalties increase with level of negligence

Breach notification rule

Requires covered entities and business associates to notify individuals and the government of any breach of unsecured protected health information.

Purpose of breach notification rule?

To promote transparency and accountability in case of a breach of phi

What is the purpose of risk analysis and risk assessment

To identify and mitigate potential risks to PHI and ePHI, ensuring compliance with HIPAA regulations.

Risk analysis

process of identifying potential threats and vulnerabilities that could negatively impact the integrity, availability, and confidentiality of PHI and ePHI

Risk assessment

Evaluates the likelihood and impact of potential risks, helping you prioritize your resources and efforts in safeguarding data

Steps in risk assessment

Gather and document all data, identify potential threats, assess potential vulnerabiliites, determine the likelhihood, prioritize them, develop a risk management plan

Why is it important to monitor and report

It’s important to look out for vulnerabilities and potential threats as technology advances

Compliance monitoring

Process of routinely reviewing and checking to ensure that the standards and procedures of the compliance program are being followed

Purpose of compliance monitoring

Ensures ongoing adherence to regulations and identify areas of improvement

Compliance reporting

documenting and communicating results of compliance monitoring activities

Purpose of compliance reporting

maintains transparency and provides a record of efforts, helps organizations understand effectiveness

PHI

protected health information

ePHI

electronic protected health information