ensure that individuals would be able to maintain their health insurance between jobs. 

HIPAA applies to health plans, healthcare clearinghouses, and to healthcare providers that electronically transmit health information in connection with standard transactions.

This information is any individually identified health information including demographic information that relates to the individual's past, present, or future physical or mental health condition or any other identifying information that can be used to identify the individual.

PHI is part of everything you do.  It exists in verbal and written communication, interactions with technology (i.e. faxing, dictation) and activities related to the privacy rules.

Under the Privacy Rule, we may use and disclose PHI without patient written authorization for the purposes of treatment, payment, and health care operations. 

Under the HIPAA Privacy Rule, organizations must obtain the patient's signature (authorization) for any use or disclosure outside of treatment, payment, and health care operations

The PHI you need to do your job is called "minimum necessary."  It is information you "need to know" to do your job. 

The Privacy Rule requires healthcare facilities to provide patients with a notice advising them of their rights and telling them how their PHI may be used or disclosed.

Criminal penalties for a person who knowingly violates HIPAA are as follows: $50,000 and a one year prison term $100,000 and up to 5 years in prison for wrongful conduct involving false pretenses $250,000 and up to 10 years in prison for wrongful conduct with intent to sell, transfer, or use individually identified health information for personal gain or malicious harm.

The HIPAA Security Rule became effective on April 20, 2005.

Security Rule became effective on April 20, 2005.   The Security Rule standards define how we are to ensure the integrity, confidentiality, and availability of our patients' electronic protected health information (ePHI). 

Administrative Safeguards

Physical Safeguards:

Technical Safeguards: 

Patient Privacy/Security and Technology

Our patients entrust us with their health information; therefore we must protect it against deliberate or inadvertent misuse or disclosure.