HIPAA

 

Learning Objectives

After completion of the course you’ll be able to:

Privacy Rule: General Topics

  1. List 5 things that the HIPAA Privacy Rule requires the average provider or health plan to do.

  2. Describe how the HIPAA Privacy Rule protects individuals’ medical records and other personal health information.

Covered Entities
  1. Explain which entities are covered by the Privacy Rule by following decision trees.

Business Associate
  1. Define business associate, provide several examples of business associates, and frame a business associate contract.

Permitted Uses and Disclosures
  1. Discuss six permitted uses and disclosures of protected health information.

Minimum Necessary
  1. Define the HIPAA Privacy Rule’s minimum necessary standard and its application in the use and disclosure of protected health information.

Right to Access Medical Records
  1. Explain the right of access to the protected health information afforded to patients under the HIPAA Privacy Rule.

Right to Amend Medical Records
  1. Explain the right to amend the protected health information afforded to patients under the HIPAA Privacy Rule.

Right to Accounting Disclosures
  1. Explain the right to an accounting of disclosures of protected health information afforded to patients under the HIPAA Privacy Rule.

Incidental Uses and Disclosures

  1. Discuss various situations where incidental uses and disclosures of protected health information are permitted under the Privacy Rule.

  2. Provide examples of reasonable safeguards a covered entity must implement to limit incidental, and avoid prohibited, uses and disclosures of protected health information.

Public Health Uses and Disclosures
  1. Explain how a covered entity can disclose protected health information to a public health authority and comply with the requirement to provide individuals with an accounting for disclosures.

Marketing Uses and Disclosures

  1. Define marketing and distinguish between what is marketing and what is not marketing under the HIPAA Privacy Rule.

  2. Discuss situations when an authorization is required from the patient before a provider or health plan can engage in marketing to that individual.

  3. Distinguish between activities for treatment or health care operations versus marketing activities.

  4. Identify two circumstances when a patient’s prior authorization is required for the use and disclosure of protected health information for marketing.

Workers’ Compensation
  1. Discuss how the Privacy Rule works with respect to disclosures for workers’ compensation.

Limited Data Set

  1. Discuss the requirement of limited data set.

  2. Discuss the use and disclosure of limited data set to a business associate under the HIPAA Privacy Rule.

Notice of Privacy Practices

  1. Discuss the right provided by the Privacy Rule to individuals to receive a notice of privacy practices for protected health information, and specify the content of the notice.

  2. Identify three entities who are not required to develop a notice of privacy practices.

Personal Rep/Parents and Minors
  1. Identify individuals and circumstances under which these individuals can have access to protected health information of minors or other individuals.

Research Uses and Disclosures
  1. Explain the application of HIPAA Privacy Rule in research uses and disclosures of protected health information.

Administrative Simplification
  1. Discuss the implementation of administrative simplification requirements by HHS.