HIPAA: Securing Protected Health Information
Overview/Description
Target Audience
Expected Duration
Lesson Objectives
Course Number
Overview/Description
Congress designed the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification Rules to make it easier for healthcare providers, insurance companies, and information clearinghouses to provide adequate care for patients. By using a single set of standards for exchanging electronic data, healthcare organizations can send and receive health information more quickly and at a lower cost. However, standardizing the electronic "language" of healthcare data creates a threat to a patient's privacy rights. The law includes specific safeguards for patients' health information. The law that establishes these rules does not place any specific requirements on employers. However, many employers sponsor healthcare insurance plans for employees and share protected health information about employees with organizations covered by the new rules. Employers must protect themselves against liability under the new rules by ensuring the confidentiality, integrity, and availability of electronic protected health information it holds about employees. Companies must protect against reasonably anticipated threats to the security or integrity of health information and guard against uses or disclosures of protected information that are not allowed under the law. This course describes precautions employers should take when complying with HIPAA Administrative Simplification rules. The course explores specific standards set within HIPAA rules and legally-mandated implementation standards as well as areas where the law allows flexibility in adopting the new rules.
Target Audience
The courses in this series cover a variety of subject areas that affect all employees, with an emphasis on management and human resource personnel who need to understand and implement compliance policies.
Expected Duration (hours)
2.0
Lesson Objectives
Administrative Safeguards for Data Security
recognize the value of complying with the Security Standards prescribed by HIPAA Administrative Simplification Rules.
match organizational safeguards for data security under the Administrative Safeguards section of the HIPAA Security Standards with examples.
select examples of implementations of workforce standards for data security required under the Administrative Safeguards section of the HIPAA Security Standards.
identify business associate contract provisions that address security requirements of HIPAA's Administrative Safeguards.
Protecting Data
recognize the benefits of providing physical and technical safeguards for protected health information.
match standards for providing physical safeguards for protected health information to examples.
recommend actions to improve implementation of physical safeguard standards for protecting PHI in a hypothetical company.
match technical safeguard standards required under the HIPAA security rules for protected health information with examples.
Course Number:HR0194