What is HIPAA

The question often asked is, What is HIPAA or What does HIPAA stand for?  How do I learn about HIPAA?

We provide HIPAA training free on the HIPAA regulation and answer these questions on this HIPAA Resource page and on the links below. HIPAA relates to The HIPAA Privacy Rule (Health Insurance Portability and Accountability Act of 1996) which established national standards to protect individuals’ medical records and other individually identifiable health information (collectively defined as “protected health information”).

This is applicable to covered entities such as health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. In addition this is also applied to business associates who handle protected health information on behalf of covered entities.

HIPAA Privacy Rule

The Rule requires appropriate safeguards to protect the privacy of protected health information (PHI) and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization.

The Rule also gives individuals rights over their protected health information, including rights to examine and obtain a copy of their health records, to direct a covered entity to transmit to a third party an electronic copy of their protected health information in an electronic health record, and to request corrections.

It is important for all covered entities and business associate to fully understand the HIPAA Privacy Rule and how it affects their organization. Additionally, it is important for business associates to understand the Omnibus Rule and how it affects them in the face of any security incident.

For more information please follow our links below. HIPAA Associates is happy to make our HIPAA Resources available for your benefit. If you are unable to find the answer to your questions, please feel free to Contact Us or visit our main page.

Our professionals know HIPAA

HIPAA Resources

Our HIPAA Resource section is geared to provide HIPAA training free to all providers interested in learning about the HIPAA Privacy Rule.  Our material is updated regularly, and new sections are added continuously to cover all important topics.

HIPAA Associates is pleased to offer our clients free HIPAA resources.

Please follow the links below for valuable HIPAA resources. These are ideal for Covered Entities and Business Associates.

Our introduction to HIPAA will give you the important background information you need to understand the key concepts of the HIPAA Privacy Rule.

What does HIPAA Stand For?

What is the HIPAA law?

  • What does HIPAA stand for?
  • HIPAA Privacy Rule
  • HIPAA Security Rule
  • HITECH Act – Breach Notification Rule
  • HIPAA Terminology
  • Who must comply with HIPAA Rules?
  • Enforcement
  • Right of Access to PHI
  • What is HIPAA Compliance?
  • HIPAA Compliance is a multi-step process
What is HIPAA

All covered entities and business associates must know, “What is HIPAA Certification.”

What is HIPAA Certification?

  • The Office for Civil Rights and HIPAA Certification
  • HIPAA Requirements
  • Train for Compliance
  • Becoming HIPAA Compliant
HIPAA certification

This HIPAA Compliance Checklist will give you the information you need to prepare for HIPAA Compliance in your organization.

HIPAA Compliance Checklist 2022

Review our HIPAA Compliance Checklist to get started with your HIPAA Compliance Plan

  • The Seven Steps
  • Implementing written policies
  • Designating a compliance officer
  • Conducting effective training
  • Develop effective lines of communication
  • Conduct internal monitoring and auditing
  • Responding to detected offenses
  • Enforcing standards of conduct
  • Responding promptly to detected offenses
  • Understanding HIPAA Compliance
HIPAA Compliance Checklist

All organizations who handle PHI must perform a Risk Analysis to determine the risks to Protected Health Information.

HIPAA Security Risk Analysis

  • Office for Civil Rights Requirement
  • Name a Privacy/Security Officer
  • The Requirements under the Security Rule
  • Implementation Specifications
  • Important Definitions
  • Elements of a Risk Analysis
  • Electronic Protected Health Information
  • Collect & Analyze the Data
  • Periodic Review and Updates to the Risk Assessment
  • In Summary
HIPAA Risk Analysis

It is important for all Covered Entities and Business Associates to understand how to safely use and disclose PHI.

Permitted Uses & Disclosures of PHI

  • Uses & Disclosures
  • Authorizations
  • Psychotherapy Uses & Disclosures
  • Opportunities to Agree or Object
  • Public Interest and Benefit Activities
Permitted Uses & Disclosures of PHI

Reasonable Safeguards will help protect PHI from inappropriate disclosure

Reasonable Safeguards for PHI

  • Incidental Uses & Disclosures
  • Reasonable Safeguards
  • Verbal PHI
  • Paper PHI
  • Electronic PHI
  • Minimum Necessary Policies
  • Reasonable Safeguards Prevent Violations
  • Home Office
  • BYOD
  • Creating Safe Networks
  • Meeting Apps
  • External Drives
  • Conclusion
Reasonable Safeguards

Using Technical Safeguards is important to comply with the HIPAA Rule

HIPAA Technical Safeguards Protect PHI

  • The Security Rule
  • Comply with Technical Safeguards
  • Implementing “The Security Rule”
  • Technical Standards
  • Standard: Access Controls
  • Standard: Audit Controls
  • Standard: Integrity
  • Standard: Person or Entity Authentication
  • Standard: Transmission Security
  • Cybersecurity & Technical Safeguards
  • Texting Protected Health Information
  • Texting Patient Orders
HIPAA Technical Safeguards

Use Appropriate Safeguards on Mobile Devices

Mobile Devices and Technical Safeguards

  • Password and Authentication
  • Security Software Must be Up to Date
  • Encryption is Key
  • Firewalls
  • Remote Wiping and/or remote disabling
  • Antivirus Software
  • Control Your Device
  • File Sharing Applications
  • Mobile Applications
  • Discarding or Reusing Mobile Devices
  • Public Wi-Fi and a VPN
Cell phone technical safeguards

Use appropriate Cybersecurity to protect PHI

Using Cybersecurity to Protect PHI

  • Cyberthreats From Outside Sources
  • What You Can Do
  • Prepare for Cyberattacks
  • Texting Protected Health Information
  • Recent Clarification from OCR
  • Patient Orders
Using cybersecurity to protect PHI

Texting Protected Health Information requires special safeguards

Texting Protected Health Information

  • Emailing Patients
  • Text Messaging Patients
  • Communicating with the Healthcare Team
  • Computerized Provider Order Entry
Texting Protected Health Information

The Right to Access PHI is a very important topic today which your organization should understand and address.

The Right to Access PHI

  • Patient Rights
  • Designated Record Sets
  • Excluded Information
  • Important Exclusions
  • Personal Representatives
  • Requesting Access
  • Verification
  • Unreasonable Measures
  • Providing Access
  • Summary of PHI
  • Delivering Records
  • Timeliness of Access
  • Permissible Records
  • Denial of Access
  • Notification of Denial
  • Review of the Denial
  • State Laws
  • Information Blocking
  • Exceptions to Information Blocking
Access to PHI

Information Blocking must be understood to prevent Right to Access violations.

Information Blocking

  • Definition
  • HIPAA Considerations
  • Analysis of Information Blocking
  • Examples of Information Blocking
  • Exceptions
  • Potential Penalties
Information Blocking

Breaches of Protected Health Information must be addressed quickly

Breaches of Protected Health Information

  • Definition of a Breach
  • Paper Breaches
  • Electronic Breaches
  • Verbal Breaches
  • Three Exceptions to Definition of Breach
  • Unsecured Protected Health Information
  • Encryption of PHI
  • Destruction of PHI
  • Procedures for Making a HIPAA Complaint
  • Privacy Officer
  • No Retaliation
  • Breach Notification Requirements
  • Notification of Individuals
  • Public Notice
  • Notification Process
  • Media Notice
  • Notice to the Secretary
  • Notification by a Business Associate
  • Administrative Requirements and burden of Proof
  • Direction from HHS on Penalties
  • Social Media & PHI
Breaches of Protected Health Information

HIPAA Violations are a significant concern for all covered entities

What is a HIPAA Violation

  • The HIPAA Rule
  • Type of Violations
  • Reporting of Violations
  • Investigating Violations
  • Civil Penalties
  • Criminal Penalties
  • Preventing HIPAA Violations
  • Conclusion
HIPAA Violation

HIPAA requires special considerations when applied to COVID 

HIPAA, COVID and Your Organization

  • Telehealth Remote Communications
  • First Responders, PHI & COVID
  • Civil Rights Laws and HIPAA
  • Uses and Disclosures of PHI by Business Associates
  • Community-Based Testing Sites
  • Media Access to Protected Health Information
  • Contacting Patient About Blood & Plasma Donations
  • Use of Online or Web-Based Scheduling Applications for Scheduling Vaccination Appointments
  • Health Information Exchanges
  • Conclusion
HIPAA, COVID and Your Organization