This is a sample from the lesson
You can take this lesson in its entirety by creating an account. You pay for your lessons/exams either before or after taking them. Your state CEUs and/or NCRA PDCs will only be valid after you pay for the lesson.
HIPAA 1: Privacy Overview
HIPAA Rules and Regulations Privacy Overview
The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Secretary of HHS to publish national standards for the security of electronic protected health information (e-PHI), electronic exchange, and the privacy and security of health information.
To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule.
The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form.
The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called âcovered entitiesâ must put in place to secure individualsâ âelectronic protected health informationâ (e-PHI).
Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.
Included in this lesson is a description of the three categories of organizations that HIPAA laws and rules apply to, Covered Entities and their Workforce, Business Associates, and Sub-Contractors and Agents. It also includes the support staff of Business Associates.
This lesson is divided into four parts:
The HIPAA Privacy Rule Summary
HIPAA Privacy Standards and The Sample Business Associate Contract
HIPAA Privacy Rule Frequently Asked Questions
The HIPAA Security Rule and Security FAQ
Who do HIPAA rules apply to?
Covered Entities are required to follow HIPAA laws and regulations. An example of a covered entity is an insurance company or hospital. A more detailed description of covered entities is provided later in the lesson.
Attorneys fall into the category of Business Associates for the purposes of HIPAA regulations. A business associate is someone who is required to have a Business Associate Contract with a Covered Entity.
While court reporters are not generally considered to be a Business Associate of a Covered Entity, the attorneys they work for are required to have a Business Associate Contract. This is because the court reporter is an agent or sub-contractor of the Attorney Business Associate.
The Attorney Business Associate is required [to sign?] HIPAAâs recommended Business Associate Contract with the Covered Entity to ensure the Court Reporter is in compliance with HIPAA regulations.
If the court reporter has a contract directly with a Covered Entity, they may be considered a Business Associate.
HIPAA Privacy Rules Summary
This information is from the following website:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
Your Health Information Is Protected By Federal Law
Most of us believe that our medical and other health information is private and should be protected, and we want to know who has this information. The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals' protected health information, whether electronic, written, or oral. The Security Rule, a Federal law that protects health information in electronic form, requires entities covered by HIPAA to ensure that electronic protected health information is secure.
Who Must Follow These Laws
We call the entities that must follow the HIPAA regulations âcovered entities.â
Covered entities include:
Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
Most Health Care Providersâthose that conduct certain business electronically, such as electronically billing your health insuranceâincluding most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
Health Care Clearinghousesâentities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.
Who Is Not Required to Follow These Laws
Many organizations that have health information about you do not have to follow these laws.
Examples of organizations that do not have to follow the Privacy and Security Rules include:
life insurers,
employers,
workers compensation carriers,
many schools and school districts,
many state agencies like child protective service agencies,
many law enforcement agencies,
many municipal offices.
What Information Is Protected
Information your doctors, nurses, and other health care providers put in your medical record
Conversations your doctor has about your care or treatment with nurses and others
Information about you in your health insurerâs computer system
Billing information about you at your clinic.