Presented by

Arya Rajeev
CONTENTS
❖ Introduction
❖ Definition
❖ Objectives of HIPAA
❖ Titles of HIPAA
❖ Elements of HIPAA
❖ Protected Health Information(PHI)
❖ Importance of HIPAA
❖ HIPAA Compliance
❖ HIPAA Compliant
❖ Reference
Introduction
The healthcare information of every patient is sensitive. A patient’s health
details often contain their family medical history and financial information,
making it all the more crucial to secure and safeguard it. This is why the Health
Insurance Portability and Accountability Act (HIPAA) was introduced.
The first part is “Health Insurance Portability part of the Act”.
• To ensure that individuals would be able to maintain their health insurance
between jobs.
The second part of the Act is the “Accountability” portion.
• To ensure the security and confidentiality of patient information/data and
mandates uniform standards for electronic data transmission of
administrative and financial data relating to patient health information.
Definition
• The Health Insurance Portability and Accountability Act (HIPAA) is a U.S.
federal law passed by the Department of Health & Human Services in 1996
August 21. It is aimed at protecting the personal data of patients from public
access. The mandatory compliance of HIPAA helps in preventing the misuse
of this information.
Objectives Of HIPAA
The critical goals and objectives around which HIPAA revolves are as follows:
Privacy of health information
Security of electronic records
Administrative simplification
Insurance portability
To make law easier for people to keep health insurance
Help healthcare industry to control administrative cost
 Titles of HIPAA
HIPAA is divided into following five titles:
❖ Title I: HIPAA Health Insurance Reform
Protects health insurance coverage for workers and their families when they
change or lose their jobs. It also regulates the electronic exchange of health
care information.

❖ Title II: HIPAA Administrative Simplification

Also known as the Administrative Simplification (AS) provisions, this title
regulates the use and disclosure of protected health information (PHI). It also
outlines security standards for protecting PHI.
❖ Title III: HIPAA Tax-Related Health Provisions
Provides guidelines for standardizing pre-tax medical expenditure accounts. It
also updates insurance regulations and applies to small medical businesses
and self-employed individuals.

❖ Title IV: Application and Enforcement of Group Health Plan

Requirements
Defines healthcare reform in further detail, including provisions for people with
pre-existing diseases and those who want to keep their current coverage.

❖ Title V: Revenue Offsets

Covers things like company-owned life insurance and how people who lose
their US citizenship are taxed.
Elements of HIPAA
PRIVACY RULE
• This rule protects the privacy of the personal health information of an
individual.
• It sets limits and conditions on the further uses and disclosures of such
information without the patient’s authorization.
SECURITY RULE
• According to this, appropriate administrative, physical and technical
measures should be adopted to ensure the confidentiality, integrity, and
security of the patient’s health information.
• Policies and procedures to ensure the health organization’s compliance with
HIPAA.
Protected Health Information (PHI)
Protected health information (PHI) is any individually identifiable health
information that is created, used, or disclosed in the course of providing health
care services. The Health Insurance Portability and Accountability Act of 1996
(HIPAA) Privacy Rule protects PHI and gives patients rights over their health
information.
Things to know about PHI
What it includes
PHI includes any information in a medical record or designated record set that
can be used to identify an individual. This includes demographic data,
information about an individual's past, present, or future physical or mental
health, and information about the provision of health care to the individual.
How it can be used
PHI can be used or disclosed in any form, including electronically, on paper, or
orally.

Who it applies to
The HIPAA Privacy Rule applies to health plans, health care clearinghouses,
and health care providers that conduct certain health care transactions
electronically.

What rights patients have

Patients have rights over their PHI, including the right to examine and obtain a
copy of their health records, and the right to request corrections.
Who is responsible for protecting PHI
All members of the healthcare team, including clinicians, nurses, pharmacists,
therapists, techs, office personnel, and housekeeping and nutrition staff, are
responsible for protecting PHI.
Importance of HIPAA
• Protects patient privacy
HIPAA establishes standards for the use and release of health information, and
limits who can access it.
• Gives patients more control
HIPAA gives patients more control over how their health information is used,
and requires covered entities to notify them if their data is accessed or
disclosed without permission.
• Protects against discrimination
HIPAA protects patients from exploitation and discrimination by holding
businesses accountable for protecting patient information.
• Prevents data breaches
HIPAA training helps employees understand how to be HIPAA compliant, and
how to prevent the exposure of protected health information.
• Improves patient safety
HIPAA helps to reduce errors by ensuring that patients' personal and medical
records remain private and protected.
• Protects against healthcare fraud
HIPAA was introduced to address the issue of healthcare data being a valuable
commodity on the black market.
• Addresses insurance coverage
HIPAA was introduced to address the issue of employees losing insurance
coverage between jobs.
HIPAA Compliance
HIPAA compliance is a set of federal regulations that govern the use and
disclosure of protected health information (PHI) in the United States. HIPAA
compliance is enforced by the Office for Civil Rights (OCR) and regulated by
the Department of Health and Human Services (HHS).
HIPAA compliance is a living culture that healthcare organizations must
implement within their business to protect the privacy, security and integrity of
protected health information. In addition to ensuring sensitive patient
information is protected and secured.
HIPAA compliance is critical for healthcare organizations to avoid legal and
financial penalties.
HIPAA Compliant
In general, there are two main categories of organizations that must be HIPAA
compliant:
1. Covered Entities
Covered Entities (CEs) are those directly involved in providing or administrating
healthcare services. They include:
• Medical practitioners such as physicians, dentists, pharmacists and nurses;
hospitals, clinics, nursing homes and other healthcare providers delivering or
administering medical care.
• Health plans: These organizations offer health insurance coverage, such as
HMOs (Health Maintenance Organizations), PPOs (Preferred Provider
Organisations), Medicare/Medicaid programmes, employer-sponsored
health plans and others.
• Healthcare clearinghouses: These businesses process non-standard PHI
into a standard format for electronic transmission between covered entities.
2.Business Associates
Business Associates are third-party service providers who access PHI while
performing services on behalf of covered entities.
Reference
• https://www.ncbi.nlm.nih.gov/books/NBK500019/
• https://www.slideshare.net/slideshow/health-insurance-and-portability-and-
accountability-act/80205250
• https://sprinto.com/blog/components-of-hipaa/
THANK YOU