Episode 7: HIPAA Myths Part 1

Help Me With HIPAA

Jun 26, 2015•23 min•Ep. 7

--:--

Listen in podcast apps:

Apple Podcasts

Spotify

Download

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

we discuss some common myths (or points of confusion) surrounding HIPAA compliance requirements.

Glossary Myth is a widely held but false belief or idea.

Links

HealthIT.gov Top 10 Myths of Security Risk Analysis HealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis

Notes

Providers are not allowed to share information about a patient with others unless authorized by the patient to do so. False. Providers can share:

With anyone the patient identifies as a caregiver

When the information is directly relevant to the involvement of spouse, family member, friends, or caregivers. (Ebola for example)

When necessary to notify a caregiver about a change in condition or location of a patient (as long as the patient doesn't object)

When in the best interest of the patient regardless of their ability to object or not
The security risk analysis is optional for small providers and business associates. False. Everyone is required to abide by the Security Rule which specifically requires a security risk analysis.
A checklist will suffice for the risk analysis requirement. False.Checklists are tools for doing the analysis and gathering your data but they aren't enough to meet the risk analysis requirement. A Security Risk Analysis must include three main elements (according to OCR guidance):

A. Identification of all PHI sourcesB. Human, electronic and environmental threats to the PHIC. Review of current security measures to protect the PHI from those

For the best experience, listen in Metacast app for iOS or Android