HIPAA Compliance is brought to you by Lorman
Gain an understanding of HIPAA, what it means, who it applies to, and who it doesn’t apply to.
Individually identifiable health information is one of the most sensitive types of personal information, and its creation, use, and sharing have been growing substantially over recent years, as have the risks to the confidentiality, integrity, and availability of that information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes federal protections for health information and defines how such information may be used or disclosed by the entities holding it, and what rights individuals have about their information. Misconceptions abound about HIPAA, its applicability, and its requirements, especially given the expansion of the amount of health information being created and used by an expanding array of entities. Noncompliance with HIPAA can lead to significant penalties, so it is important for entities to understand how they fit into the rules and what the rules require. This topic will provide information about why we have HIPAA, what it means, who it applies to, and who it doesn’t apply to. The privacy, security, and breach notification rules will be explained and the significant issues of compliance with each will be identified. Topics to be discussed include the access and release of information, and the proper use of the HIPAA Notice of Privacy Practices. Information security issues to be discussed include the required HIPAA security risk analysis, as well as specifics about how to deal with email and texting, and requirements for auditing and monitoring systems and their use so that issues can be discovered before damage is done to the privacy or security of information. The basics for compliance will be detailed, including the need to understand your own operations and how you use HIPAA-protected health information, how to address the issues you discover, and what policies and procedures may need implementation. Following through with training and documentation of compliance activities will be shown to provide the information necessary to deal with complaints or compliance reviews.