2. “The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”)
establishes, for the first time, a set of national standards for the protection of certain health
information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy
Rule to implement the requirement of the Health Insurance Portability and Accountability
Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of
individuals’ health information—called “protected health information” by organizations
subject to the Privacy Rule — called “covered entities,” as well as standards for individuals'
privacy rights to understand and control how their health information is used. Within HHS,
the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the
Privacy Rule with respect to voluntary compliance activities and civil money penalties”
(hhs.gov, 2014)
✪ The primary goal of HIPAA is to assure the health
information of our patient’s is properly protected.
✪ HIPAA allows the flow of health information to
occur, allowing for high quality of care & protection
of the public’s health and well-being.
3. “Individually identifiable health information” is health information, including
identifiers or demographics, which relate to:
- individual’s past present or future physical or mental health or condition
- the provision of health care to the individual, or
- the past, present, or future payment for the provision of health care to the
individual
Name
Date of Birth Address
SSN
4. The Department of Health & Human Services, Office of Civil Rights
(OCR) is responsible for administering & enforcing the
HIPAA/Privacy Law standards.
Penalties include:
Civil Money Penalties
Criminal Penalties
5. The following is an excerpt from the organization’s Computer, Network, & Internet Usage Policy
Accessing networks, servers, drives, folders, or files to which the employee has not been granted access or
authorization from someone with the right to make such a grant;
Making unauthorized copies of Company files or other Company data;
Destroying, deleting, erasing, or concealing Company files or other Company data, or otherwise making such
files or data unavailable or inaccessible to the Company or to other authorized users of Company systems;
Violating the laws and regulations of the United States or any other nation or any state, city, province,
or other local jurisdiction in any way;
Failing to log off any secure, controlled-access computer or other form of electronic data system to which you
are assigned, if you leave such computer or system unattended;
Violation of these policies can subject you to disciplinary action, up to and including
termination of employment!
6. References:
Internet, E-mail, and Computer Use Policy. (2014). Retrieved from
http://www.twc.state.tx.us/news/efte/internetpolicy.html
Health Information Privacy. (2014). Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
Wolper, L.F. (2011). Health care administration: Managing organized delivery systems
(5th ed.). Boston: Jones and Bartlett.