Professional Documents
Culture Documents
Health Insurance Portability and Accountability Act of 1996 The Security Rule
Health Insurance Portability and Accountability Act of 1996 The Security Rule
Portability and
Accountability Act of 1996
11/02/2021 1
CONSTITUTIONAL PRIVACY
RIGHTS
Individual privacy rights, in
general, are not specifically
mentioned in the U.S.
Constitution. They are more
or less implied from the First,
Third, Fourth, Fifth and Ninth
Amendments
11/02/2021 2
PRIVACY RIGHTS VIA STATE
LEGISLATION
On the State level, individual privacy rights are
specifically expressed within the constitutions of
individual States. For example, Article 1, Section 1
of the current California state constitution adopted
in 1879 reads as follow:
11/02/2021 3
PRIVACY & TORT LAW
Torts are defined as “the wrongful conduct of
one party that causes injury to another party”.
11/02/2021 4
The Health Insurance Portability
and Accountability Act of 1996
(HIPAA) was passed by Congress
as a means to established a
standardized set of general
requirements and security
guidelines to protect the privacy
of patients
11/02/2021 5
HIPAA created guidelines to
promote consistency in the
procedures utilized by health
care providers, health plan
administrators, and health care
clearinghouses to protect patient
related information from
unauthorized access as well as
ensure its’ integrity.
11/02/2021 6
The American Health Information
Management Association
(AHIMA) has observed that,
an average of 150 people
"from nursing staff to x-ray
technicians, to billing clerks"
have access to a patient's
medical records during the
course of a typical
hospitalization
11/02/2021 7
PATIENT DATA FLOWCHART
11/02/2021 8
THE SECURITY RULE
The Security Rule outlines
specific implementation
guidelines for the protection and
transmission of individually
identifiable health information in
an electronic format or media
also known as “electronic
protected health information”.
11/02/2021 9
HIPAA SECURITY
STANDARDS
The HIPAA security rule component
consists of three major categories of
specified operational standards that
have to be fully implemented to
process and transmit EPHI. They are
listed as follows:
1) Administrative Safeguards
2) Physical Safeguards
3) Technical Safeguards
11/02/2021 10
ADMINISTRATIVE
SAFEGUARDS
Administrative safeguards
involve the supervision and
assignment of system security
responsibility to individuals
within the organization in
addition to developing and
deploying security procedures
and training.
11/02/2021 11
PHYSICAL SAFEGUARDS
Physical safeguards are
mechanisms required to
protect electronic systems,
equipment and the data
they hold, from threats,
environmental hazards and
unauthorized intrusion.
11/02/2021 12
TECHNICAL SAFEGUARDS
Technical safeguards are defined
as the automated processes used
to protect data and control
access to data.
11/02/2021 13
PENALTIES FOR
INDIVIDUAL VIOLATORS
Featured Health Business Daily Story June 23, 2008
UCLA Health System Facilities Are Cited by State for Patient
Privacy Breaches; Former Employee Is Charged Under HIPAA
11/02/2021 14
PENALTIES FOR HEALTHCARE
PROVIDERS VIOLATORS
Kaiser fined for patient-privacy breach
Rebecca Vesely, STAFF WRITER - Oakland Tribune – 06/21/05
11/02/2021 16
SUMMARY OF NEW CALIFORNIA
PRIVACY BREACH LEGISLATION
Jones’ Assembly Bill 211 would authorize the newly-created Office
of Health Information Integrity in the Department of Public Health
to fine individuals involved in medical data breaches depending on
the severity of the breach. The maximum amount of a fine from
the new office would be $250,000. The bill also would forward
relevant breach information to the relevant licensing authority
(California Medical Board, etc.) for possible further action.
11/02/2021 17