HIPAA FAQ

HIPAA requires that all shredding be witnessed by your practice. If you have a document shredding service, you should always follow your privacy protected health care documents to the truck and watch the shredding take place, this is required by law. Don’t let your shredding service take the documents away with out seeing them destroyed. I’ve seen Iron Mountain wheel documents from a health care facility and put the cart into a box truck and drive off. If this happens to your practice, ask your shredding service for a video showing YOUR documents being destroy…better yet, just find a shredding service like Shred Bull and watch your HIPAA protected documents and hard drives shredded right there at your location.

Questions To Consider

Why was the Health Insurance Portability and Accountability Act (HIPAA) established?

The focus of the statute is to create confidentiality systems within and beyond healthcare facilities.
The goal of keeping protected health information private.

Whom does HIPAA cover?

All persons working in a healthcare facility or private office
Students
Non-patient care employees
Health plans (e.g., insurance companies)
Billing companies
Electronic medical record companies

What are basic HIPAA goals?

To limit the use of protected health information to those with a “need to know.”
To penalize those who do not comply with confidentiality regulations.

What health information is protected?

Any health care information with an identifier that links a specific patient to healthcare information (name, social security number, telephone number, email address, street address, among others)

Differentiate between HIPAA privacy rules, use and disclosure of information?

Use: How information is used within a healthcare facility
Disclosure: How information is shared outside a health care facility
Privacy rules: Patients must give signed consent for the use of their personal information or disclosure

What are the legal exceptions when health care professionals can breach confidentiality without permission?

Gunshot wound
Stab wound
Injuries sustained in a crime
Child/Elderly abuse
Infectious, communicable or reportable diseases

What types of data does HIPAA protect?

Written, paper, spoken, or electronic data
Transmission of data within and outside a health care facility
Applies to anyone or any institution involved with the use of healthcare-related data
Data size does not matter

What types of electronic devices must facility security systems protect?

Both hardware and software
Unauthorized access to health care data or devices such as a user attempting to change passwords at defined intervals

What is the job of a HIPAA security officer?

IT background
Document and maintain security policies and procedures
Audit the systems
Risk assessments and compliance with policies/procedures

What does a security risk assessment entail?

Should be undertaken at all healthcare facilities
Assess risk of virus infection and hackers
Create safeguards against risks

What are physical safeguards?

Secure printers, fax machines, and computers
Locks on computer and record rooms
Destroy sensitive information

What type of employee training for HIPAA is necessary?

Ideally under the supervision of the security officer
Level of access increases with responsibility
Annual HIPAA training with updates mandatory for all employees

What type of reminder policies should be in place?

E-mail alert, posters
Log-on, log-off computer notices

How should a sanctions policy for HIPAA violations be written?

Clear, non-ambiguous plain English policy
Apply equally to all employees and contractors
Sale of information results in termination
Repeat offense increases the punishment

What discussions regarding patient information may be conducted in public locations?

None
Conversational information is covered by confidentiality/HIPAA
Do not talk about patients or protected health information in public locations

How do you protect electronic information?

Point computer screens away from public
Use privacy sliding doors at the reception desk
Never leave protected health information unattended
Log off workstations when leaving an area

How do you ensure password protection?

Do not share the password
Do not write down the password
Do not verbalize password
Do not email your password

How do you select a safe password?

Do not select consecutive digits
Do not select information that can be easily guessed
Choose something that can be remembered but not guessed

ADDITIONAL HIPAA RESOURCES

Do you have any old hard drives or cell phones you’d like to get rid of? Now, you can watch us shred your HARD DRIVES & iPhones. Just take the HD out of your computer, and we’ll shred it during our paper shredding appointment, just $10 each HD or phone!

Our Hard Drive shredding and document shredding complies with all privacy law including HIPAA. To verify HIPAA information on proper disposal of electronic PHI, see the HHS HIPAA Security Series 3: Security Standards – Physical Safeguards – PDF.

HIPAA FAQ

Share this: