Submitted by: Abhishek Bansal

Health Insurance Portability and Assignment: Week 6

Accountability Act Submitted to: Prof. Kevin C Moffitt

11/13/2023 1
 Agenda
Agenda
• Introduction
• What is HIPAA?
• Why is HIPAA important?
• Introduction
• Who needs to comply with HIPAA?
• What is HIPAA?
• HIPAA Safeguards
• Why is HIPAA important?
• Administrative safeguards
• Who needs to comply with HIPAA?
• Physical safeguards
• HIPAA
• Safeguards
Technical safeguards
• Administrative safeguards
• HIPAA Privacy Rule
• Physical safeguards
• Patients' rights under the Privacy Rule
• Technical safeguards
• How healthcare organizations can protect patient privacy
• HIPAA Privacy Rule
• HIPAA Security Rule
• Patients'
• How rights under
healthcare the Privacy
organizations canRule
protect patient data
• How healthcare
• What to do inorganizations canbreach
the event of a data protect patient privacy

• HIPAA Security Rule

• Conclusion
• How healthcare organizations can protect patient data
• What to do in the event of a data breach

• Conclusion
Marietta Area Health
Care Lawsuit

Lawsuit for $1.75 Million.

Protected Health Information

of more than 215,000
patients had been exposed.

Marietta Area Health Care

proposed a settlement to
resolve all claims.
HIPAA Violation Related
Trends

Roughly 95% of the US population had

their medical information disclosed between
2009 and 2021.1

95% of all identity theft incidents come

from stolen healthcare records.2 Such
information is worth about 50 times more
than credit card information.3

1. https://www.hipaajournal.com/healthcare-data-breach-statistics/
2. https://www.globenewswire.com/en/news-release/2022/03/31/2413675/0/en/Largest-Healthc
are-Data-Breaches-Reported-in-February-2022-Confirms-Need-for-Network-Security-Based-
on-Zero-Trust-Microsegmentation.html
.
3. https://www.dmagazine.com/healthcare-business/2019/10/why-medical-data-is-50-times-mor
e-valuable-than-a-credit-card/
 What, Why and Who?
• What?
• The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient
health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA
Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

• Why?
• HIPAA Establishes Safeguards for Protecting Personal Health Information. Personal health information contains all sorts of sensitive health information, including
credit cards, social security numbers, and medical information. This valuable data has the potential to be stolen.

• Who?
• We call them entities that must follow the HIPAA regulations "covered entities.“ Covered entities include health insurance companies, HMOs, company health plans,
and certain government programs that pay for health care, such as Medicare and Medicaid, doctors, clinics, hospitals, psychologists, chiropractors, nursing homes,
pharmacies, and dentists.
HIPAA Safeguards

• HIPAA requires covered entities to implement safeguards to protect the confidentiality, integrity, and
availability of PHI. These safeguards are divided into three categories: administrative, physical, and
technical safeguards. HIPAA Safeguards
• Administrative safeguards include policies and procedures that cover the handling of PHI. For example,
•
covered HIPAA requires covered entities to implement safeguards to protect the confidentiality, integrity, and availability of PHI.
entities must have a policy in place that requires employees to sign confidentiality agreements.
These safeguards are divided into three categories: administrative, physical, and technical safeguards.
• Physical safeguards safeguards
• Administrative include measures to protect
include policies PHI that
and procedures from unauthorized
cover the handling ofaccess,
PHI. For use, or disclosure.
example, covered entitiesFor
example, covered entities must
must have haveinlocks
a policy onrequires
place that doors employees
and cabinets
to signwhere PHI isagreements.
confidentiality stored.
• Physical safeguards include measures to protect PHI from unauthorized access, use, or disclosure. For example, covered
• Technical safeguards include measures to protect PHI from unauthorized access, use, or disclosure when
entities must have locks on doors and cabinets where PHI is stored.
it is transmitted electronically. For example, covered entities must use encryption to protect PHI that is
• Technical safeguards include measures to protect PHI from unauthorized access, use, or disclosure when it is transmitted
transmitted over the internet.
electronically. For example, covered entities must use encryption to protect PHI that is transmitted over the internet.
HIPAA Privacy
Rule
• The HIPAA Privacy Rule gives patients the right to access and
control their PHI. Patients have the right to know what
information is being collected about them, who is collecting it,
and how it is being used. Patients also have the right to request a
copy of their PHI and to have their PHI corrected if it is
inaccurate.

• Covered entities must provide patients with a Notice of Privacy

Practices (NPP) that explains their privacy rights and practices.
The NPP must be provided to patients when they first receive care
from a covered entity and whenever the covered entity's privacy
practices change. The HIPAA Privacy Rule gives patients the right
to access and control their PHI. Patients have the right to know
what information is being collected about them, who is collecting
it, and how it is being used. Patients also have the right to request
a copy of their PHI and to have their PHI corrected if it is
inaccurate.

• Covered entities must provide patients with a Notice of Privacy

Practices (NPP) that explains their privacy rights and practices.
The NPP must be provided to patients when they first receive care
from a covered entity and whenever the covered entity's privacy
practices change.
HIPAA Security
Rule

•https://www.youtube.com/watch?v=VdfzSj1kP_s
Conclusion
• Thus, HIPAA is an active legislation framed
by federal law ensuring the protection of the
privacy of people’s health information. It
applies to a wide range of entities, including
healthcare providers, health insurance
companies, and other businesses that handle
our health information.
 Victim of
Violation?
Contact:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html