Learning About the HIPAA Privacy Rule
In this chapter, we will learn about one of HIPAA's most important regulations, the Privacy Rule. In 2003, there were some important amendments to the HIPAA law. The Privacy Rule and Security Rule were put in place to provide a guideline for protecting PHI.
What does the Privacy Rule do?
The Privacy Rule protects all individually identifiable health information held or transmitted by a covered entity or its business associate. Regardless of which form the PHI comes in, whether it be electronic, paper, or oral, it is protected under the HIPAA Privacy Rule.
What Info is Protected by the HIPAA Privacy Rule?
The HIPAA Privacy Rule protects all personal health information, also known as PHI. This includes demographic information, such as age, race, and gender; physical or mental condition of the individual that relates to the past, present, or future physical or mental condition of an individual; and the payment for or provision of healthcare.
Sometimes healthcare organizations or their business associates may want to share information with each other for business purposes. In order to do so, they must de-identify their PHI. It also is important to note that certain health information maintained by a covered entity is not protected by the Privacy Rule.
Health information that is de-identified can be used and disclosed by a covered entity without the patient's authorization. Additionally, wearable devices that track patient information are considered PHI according to HIPAA law, but only if they are sponsored by a covered entity or business associate. If the third party device or app developer was not contracted by a HIPAA covered organization, then the data they collect is not considered PHI.
To de-identify data, a covered entity must remove all 18 identifiers, except for vague identifiers such as "age under 90" and "state of residence." In addition, identifiable information alone is not PHI. For example a diagnostic code by itself is not PHI. But a healthcare payment receipt with the patient’s email address is PHI.
PHI excludes health information that is de-identified according to specific standards. PHI is considered to be de-identified when information does not identify an individual or when there is “no reasonable basis to believe that the information can be used to identify an individual.”
What Information is Considered PHI
It is important that you clearly understand what information is considered PHI. Learn about the 18 identifiers that are protected under HIPAA law.
Here are some myths to look out for:
- -
Online Data
- -
Dates
- -
Identification Proof Data
- -
Addresses
- -
Names
- -
Physical Data
- -
Contact Info
- -
Unique Data
Protect Patient Information with HIPAA Privacy Rule Training
HIPAA Privacy Rule Training is a crucial step in ensuring patient information is properly protected. EasyLlama’s training helps healthcare providers, staff and other personnel working with patient information to understand their responsibilities in protecting the information. Our HIPAA course covers topics such as the use and disclosure of protected health information, individual rights, policies and procedures, and the use of appropriate safeguards. It is important for everyone to be aware of their responsibilities under the HIPAA Privacy Rule so that all patient information is kept safe and secure.
Helping over 8,000+ organizations create a safer, more inclusive company culture.
EasyLlama’s online training course helps prepare employees to navigate HIPAA. This course provides an in-depth examination of how to respond to a breach of confidential data and the best way to protect your patients. The course covers:
Get more from EasyLlama
