HIPAA

Course Outline

Learning Objectives

After completion of the course, you will be able to:

List 5 things that the HIPAA Privacy Rule requires the average provider or health plan to do.
Describe how the HIPAA Privacy Rule protects individuals’ medical records and other personal health information.
Explain which entities are covered by the Privacy Rule by following decision trees.
Define business associate, provide several examples of business associates, and frame a business associate contract.
Discuss six permitted uses and disclosures of protected health information.
Define the HIPAA Privacy Rule’s minimum necessary standard and its application in the use and disclosure of protected health information. Right to Access Medical Records
Explain the right of access to the protected health information afforded to patients under the HIPAA Privacy Rule.
Explain the right to amend the protected health information afforded to patients under the HIPAA Privacy Rule.
Explain the right to an accounting of disclosures of protected health information afforded to patients under the HIPAA Privacy Rule.
Discuss various situations where incidental uses and disclosures of protected health information are permitted under the Privacy Rule.
Provide examples of reasonable safeguards a covered entity must implement to limit incidental, and avoid prohibited, uses and disclosures of protected health information.
Explain how a covered entity can disclose protected health information to a public health authority and comply with the requirement to provide individuals with an accounting for disclosures.
Define marketing and distinguish between what is marketing and what is not marketing under the HIPAA Privacy Rule.
Discuss situations when an authorization is required from the patient before a provider or health plan can engage in marketing to that individual.
Distinguish between activities for treatment or health care operations versus marketing activities.
Identify two circumstances when a patient’s prior authorization is required for the use and disclosure of protected health information for marketing.
Discuss how the Privacy Rule works with respect to disclosures for workers’ compensation.
Discuss the requirement of limited data set.
Discuss the use and disclosure of limited data set to a business associate under the HIPAA Privacy Rule.
Discuss the right provided by the Privacy Rule to individuals to receive a notice of privacy practices for protected health information, and specify the content of the notice.
Identify three entities who are not required to develop a notice of privacy practices.
Identify individuals and circumstances under which these individuals can have access to protected health information of minors or other individuals.
Explain the application of HIPAA Privacy Rule in research uses and disclosures of protected health information.
Discuss the implementation of administrative simplification requirements by HHS.

Course Outline

1. Protecting the Privacy of Patient’s Health Information

Overview

Patient Protections

Health Plans and Providers

Outreach and Enforcement

2. Summary of the HIPAA Privacy Rule

Introduction

Statutory & Regulatory Background

Who Is Covered by The Privacy Rule

Definitions

Business Associates

What Information Is Protected

General Principle for Uses and Disclosures

Permitted Uses and Disclosures

Authorized Uses and Disclosures

Limiting Uses and Disclosures to the Minimum Necessary

Notice and Other Individual Rights

Administrative Requirements

Organizational Options

Other Provisions: Personal Representatives and Minors’ Personal Representatives

State Law

Enforcement and Penalties for Noncompliance

Compliance Dates

Copies of the Rule & Related Materials

Incidental Uses and Disclosures

Minimum Necessary

Personal Representatives

Business Associates

Uses and Disclosures for Treatment, Payment, and Health Care Operations

Marketing

Disclosures For Public Health Activities

Research

Disclosures For Workers’ Compensation Purposes

Notice of Privacy Practice For Protected Health Information

Restrictions on Government Access to Health Information

3. Implementation of Administrative Simplification Requirements by HHS

Overview

Implementation Plan

Standards Adoption Process

Public and Private Sector Input into the Standards Development Process

Implementation Schedule

Understanding CMS’s Compliance Policy

What Is a Contingency Plan?

Steps For Contingency Planning

Health Plan Responsibilities

Review Your Good Faith Efforts to Comply

4. Security Standard

General Approach

Specific Requirements

Guidance on Compliance with HIPAA Transactions and Code Sets After the October 16, 2003 Implementation Deadline

Enforcement Approach

Working Toward Compliance

HIPAA Administrative Simplification Compliance Act (ASCA)

Electronic Transaction Standards

Code Set Standards

What Is a Code Set

What Code Sets Have Been Adopted as HIPAA Standards?

5. FAQ About HIPAA

HIPAA: In General

Privacy Rule: General Topics

Protected Health Information

Preemption of State Law

Covered Entities

Compliance Dates

Minimum Necessary

Business Associates

Treatment/Payment/Health Care Operations

Right to Access Medical Records

Complaints

Right to an Accounting of Disclosures

Incidental Uses and Disclosures

Public Health Uses and Disclosures

Facility Directories

Disclosure to Family and Friends

Disclosures Required by Law

Disclosures for Rule Enforcement

Disclosures for Law Enforcement Purposes

Authorizations

Marketing Uses and Disclosures

Workers’ Compensation Disclosures

Notice of Privacy Practices

Personal Reps/Parents and Minors

Limited Data Set

Research Uses and Disclosures

Transition Provision

Appendix A: Notice of Privacy Practices

Appendix B: Sample Business Associate Contract

Appendix C: How to File a Health Information Privacy Complaint With the Office For Civil Rights

Back To The Top