VOOZH about

URL: https://pubmed.ncbi.nlm.nih.gov/29763195/

⇱ Health Insurance Portability and Accountability Act (HIPAA) Compliance - PubMed

Clipboard, Search History, and several other advanced features are temporarily unavailable.
Skip to main page content
👁 Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

👁 Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation

Add to Collections

Add to My Bibliography

Your saved search

Create a file for external citation management software

Your RSS Feed

Excerpt

Protected health information (PHI) breaches have affected over 176 million patients in the United States. Most of these breaches resulted from employees' negligence and noncompliance with HIPAA regulations rather than external hacking.

The US Health Insurance Portability and Accountability Act of 1996 (HIPAA), also known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act, comprises 5 Titles, as mentioned below.

  1. Title I: Protects health insurance coverage for workers and their families during job changes or losses. This Title restricts new healthcare plans from denying coverage based on preexisting conditions.

  1. Title II: Addresses healthcare fraud and abuse, implements medical liability reform, and promotes administrative simplification by establishing national standards for electronic healthcare transactions and national identifiers for providers, employers, and health insurance plans.

  1. Title III: Provides guidelines for pre-tax medical spending accounts and introduces changes to health insurance laws and deductions for medical insurance.

  1. Title IV: Offers guidelines for group healthcare plans, including modifications to health coverage provisions.

  1. Title V: Regulates company-owned life insurance policies, provides provisions for treating individuals without US citizenship, and repeals financial institution rules related to interest allocation.

Questions to Consider

Why was HIPAA established?

  1. The statute aims to establish confidentiality systems within healthcare facilities and beyond.

  2. The primary goal of HIPAA is to protect the privacy of PHI.

Whom does HIPAA cover?

  1. All individuals working in healthcare facilities or private offices

  2. Students

  3. Non-patient care employees

  4. Healthcare plans (eg, insurance companies)

  5. Billing companies

  6. Electronic medical record companies

What are the primary goals of HIPAA?

  1. To limit the use of PHI to individuals with a "need to know."

  2. To impose penalties on those who fail to comply with confidentiality regulations.

What healthcare information is protected?

  1. Any healthcare information that contains an identifier linking it to a specific patient (eg, name, social security number, telephone number, email address, street address, and other personal identifiers)

What is the difference between HIPAA privacy rules, use, and disclosure of information?

  1. Privacy rules: Require patients to give signed consent for the use or disclosure of their personal information

  2. Use: Refers to how information is utilized within a healthcare facility

  3. Disclosure: Refers to how information is shared outside a healthcare facility

What are the legal exceptions when healthcare professionals can breach confidentiality without permission?

  1. Gunshot wounds

  2. Stab wounds

  3. Injuries sustained during a criminal act

  4. Abuse of children or older adults

  5. Infectious, communicable, or reportable diseases

What types of data are protected by HIPAA?

  1. Written, paper, spoken, or electronic data

  2. Transmission of data within and outside a healthcare facility

  3. Any individual or institution involved with healthcare-related data

  4. Data size is irrelevant.

(Please see StatPearls' companion resource, "," for more information.)

What types of electronic devices must facility security systems protect?

  1. Both hardware and software

  2. Unauthorized access to healthcare data or devices, including user attempts to change passwords at defined intervals

What are the qualifications and responsibilities of a HIPAA security officer?

  1. An information technology (IT) background

  2. Document and maintain security policies and procedures

  3. Audit systems

  4. Conduct risk assessments and ensure compliance with policies and procedures

What does a security risk assessment entail?

  1. It should be conducted at all healthcare facilities.

  2. It involves assessing the risks of virus infections and hacking attempts.

  3. It includes developing safeguards to mitigate identified risks.

What are physical safeguards?

  1. They secure printers, fax machines, and computers.

  2. They help install locks on computer rooms and record storage areas.

  3. They destroy sensitive information when it is no longer needed.

What type of employee training for HIPAA is necessary?

  1. Training should ideally be conducted under the supervision of the security officer.

  2. The level of training and access should correspond to the employee's responsibilities.

  3. Annual HIPAA training, including updates, is mandatory for all employees.

What type of reminder policies should be in place?

  1. Email alerts and posters

  2. Log-on and log-off computer notices

How should a sanctions policy for HIPAA violations be written?

  1. The policy should be clear, unambiguous, and written in plain English.

  2. It should apply equally to all employees and contractors.

  3. The sale of information should result in termination.

  4. Repeated offenses should lead to progressively harsher penalties.

What discussions regarding patient information may be conducted in public locations?

  1. None

  2. All conversational information is protected by confidentiality and HIPAA.

  3. Patient information or PHI should not be discussed in public locations.

How do you protect electronic information?

  1. Computer screens should be pointed away from public view.

  2. Privacy sliding doors should be used at the reception desk.

  3. PHI should never be left unattended.

  4. Workstations should be logged off when leaving the area.

How do you ensure password protection?

  1. By not sharing passwords

  2. By not writing down passwords

  3. By not verbalizing passwords

  4. By not emailing passwords to others

How do you select a safe password?

  1. One should avoid selecting consecutive digits.

  2. One should not choose information that can be easily guessed.

  3. One should select something memorable but not easily guessed.

PubMed Disclaimer

Conflict of interest statement

Peter Edemekong declares no relevant financial relationships with ineligible companies.

Pavan Annamaraju declares no relevant financial relationships with ineligible companies.

Muriam Afzal declares no relevant financial relationships with ineligible companies.

Micelle Haydel declares no relevant financial relationships with ineligible companies.

References

    1. Kessler SR, Pindek S, Kleinman G, Andel SA, Spector PE. Information security climate and the assessment of information security risk among healthcare employees. Health Informatics J. 2020 Mar;26(1):461-473. - PubMed
    1. Mermelstein HT, Wallack JJ. Confidentiality in the age of HIPAA: a challenge for psychosomatic medicine. Psychosomatics. 2008 Mar-Apr;49(2):97-103. - PubMed
    1. Iyiewuare PO, Coulter ID, Whitley MD, Herman PM. Researching the Appropriateness of Care in the Complementary and Integrative Health Professions Part 2: What Every Researcher and Practitioner Should Know About the Health Insurance Portability and Accountability Act and Practice-based Research in the United States. J Manipulative Physiol Ther. 2018 Nov-Dec;41(9):807-813. - PMC - PubMed
    1. Liu X, Sutton PR, McKenna R, Sinanan MN, Fellner BJ, Leu MG, Ewell C. Evaluation of Secure Messaging Applications for a Health Care System: A Case Study. Appl Clin Inform. 2019 Jan;10(1):140-150. - PMC - PubMed
    1. Berry MD, Thomson Reuters Accelus. Healthcare Reform. Enforcement and Compliance. Issue Brief Health Policy Track Serv. 2018 Dec 24;2018:1-38. - PubMed

Publication types

LinkOut - more resources

Full text links
👁 book cover photo
StatPearls [Internet]
NCBI Bookshelf
Cite
Send To

NCBI Literature Resources

MeSH PMC Bookshelf Disclaimer

The PubMed wordmark and PubMed logo are registered trademarks of the U.S. Department of Health and Human Services (HHS). Unauthorized use of these marks is strictly prohibited.