Unit 7 Seminar

According to Sanderson (2009), the problems with the current paper-based health record system have been well documented. The author indicated that one of the most serious issues is the fragmentation of health records. Patients today use several providers to meet their health care needs. The challenge facing the health care field today is protecting electronic health information exchanged over

computer networks with many access points and convincing the public to trust the electronic system, just as they have trusted their physicians with personal health information (Sanderson, 2009). With that being said let’s begin our discussion.

Question 1: Discuss the purpose of the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act (HIPAA)

Q1A: Purposes of the Administrative Simplification provisions of HIPAA:

National standards for electronic health care transactions.

National identifiers for providers, health plans and employers

Rules to protect the privacy and security of health information, known as the Privacy Rule and Security Rule.

Question 2: How does the HIPAA Privacy rule protect patient health information?

Q2A: HIPAA Privacy Rule: Provides protection for individually

health information and grants certain rights to individuals in regard to their medical records.

It protects the confidentiality, integrity, and availability of electronic health information.

Question 3: when can protected health information be released without a patient’s authorization?

Q3A: protected health information can be released without a patient’s authorization in the following situations:

Public health issues Law enforcement Research Worker’s compensation cases National security situations

Question 4: Discuss the three categories of threats to the security of electronic information.

Q4A: Threats to Security of electronic information:

The actions of individuals Environmental hazards Computer hardware, software or

network problems

Acts of Individuals: Employees who make unintentional

mistakes, such as accidentally deleting a file or entering information inaccurately

Employees who abuse their security privileges, as in the case of an employee who sees a former spouse come in for an appointment and access his or her record without a legitimate need to do so.

Acts of Individuals: Outsiders who try to damage or steal

information, otherwise known as computer hackers.

Employees who hold grudges or make threats, as in the case of someone who feels he or she was wrongfully passed over for a promotion and threatens to post portions of patient records on the Internet.

Environment hazards: Fires Floods Earthquakes Electric power outage

Computer hardware, software or network problems:

Insufficient security in the hardware or software

Programming errors Changes to existing software including

upgrades and the addition of new users to the system.

Question 5: Discuss the safeguards outlined the HIPAA security Rule.

HIPAA Security Rule Safeguards: Administrative safeguards Physical safeguards Technical safeguards

Provide examples of each safeguard listed above.

Q1. Does the nurse need Bills’ permission to answer his parent’s questions? Does it matter that he is still covered by his parent’s health insurance policy?

Q2. does the hospital need his permission to release the results of the blood alcohol test to the police?

Q3. Did the hospital take adequate measures to protect patient’s electronic health information? Why or why not?

Determine if the following statements are true or false:

1. The HIPAA Privacy Rule does not apply to de-identified information.

2. Under the HIPAA Privacy Rule, patient’s protected health information can be released to payers for payment purposes without patient authorization.

3. The HIPAA Security Rule allows organizations flexibility in determining what type of security mechanisms to implement.

4. The increased use of information technology places large amounts of protected health information at greater risk.

5. Companies that provide personal health records for their employees are considered business associates according to HIPAA.

6. the ability to access electronic health records from any location with an Internet connection presents a security challenge.

7. Laptops that contain personal health information are not allowed to be removed from the physician office.

8. All regional health information organizations (RHIOs) are covered by HIPAA privacy laws.

9. Laws that protect the privacy of personal health information vary from state to state.

10. If a state privacy law is more protective of patient’s rights than the HIPAA Privacy Rule, the state law applies.

Sanderson, S.M. (2009). Electronic health records for allied health careers. New York, NY: McGraw-Hill.