Domain II: Information Protection: Access, Use, Disclosure, Privacy, and Security
Introduction - Learning Objectives
While there are many career avenues open for a Health Information Professional, Custodian of Records is the primary responsibility. A Health Information Professional is responsible for protecting a patient’s PHI, assuring access, release, use and disclosure is appropriate and authorized, and maintaining the patient’s right to privacy.
Responsible for this and security while in the same breath, assuring the medial record is available to providers for clinical use and leadership for operational uses such as Risk management, Quality Improvement, Legal Action and a number of other uses.
Some uses require authorization while others are “HIPAA Exceptions” and no authorization is required. Information related to treatment, payment and operations does not require the patient’s approval for release. There are also public health concerns, legal issues and matters pertaining to law enforcement that are considered exempt.
Domain II Competencies:
Responsible for this and security while in the same breath, assuring the medial record is available to providers for clinical use and leadership for operational uses such as Risk management, Quality Improvement, Legal Action and a number of other uses.
Some uses require authorization while others are “HIPAA Exceptions” and no authorization is required. Information related to treatment, payment and operations does not require the patient’s approval for release. There are also public health concerns, legal issues and matters pertaining to law enforcement that are considered exempt.
Domain II Competencies:
- II.1. Apply privacy strategies to health information
- 11.2. Apply security strategies to health information
- II.3. Identify compliance requirements throughout the health information life cycle
Before we take a detailed look at the laws that govern Privacy and Security, let’s see how sharp a detective you are. Open the HIPAA activity by clicking anywhere on the image and move the circle around the hospital unit. How many potential HIPAA violations can you see? Think about where you would start if implementing corrective action for these issues.
Resources
When developing policies and procedures, it is best to use a “Primary Source of Law.” The primary source is the original law. A secondary source could be a journal article, a law review or an opinion. These are useful to locate other resources but always cite the primary law.
HIPAA can be found in two Federal documents:
The Code of Federal Regulations – A U.S. Department such DHHS develops and publishes the federal special healthcare regulations to clarify and explain the United States Code. A regulation must be consistent with the United States Code and has the same force of law.
The regulations (Administrative Law) are published in the Code of Federal Regulations.
United States Codes: - Congress first publishes a law as an “Act” in the Statutes, then organizes laws by subject in the United States Code (U.S.C.)
The most pertinent laws for HIPAA are linked in the document images. Please explore these documents. Reading the original law often clarifies what is written in a textbook.
HIPAA can be found in two Federal documents:
The Code of Federal Regulations – A U.S. Department such DHHS develops and publishes the federal special healthcare regulations to clarify and explain the United States Code. A regulation must be consistent with the United States Code and has the same force of law.
The regulations (Administrative Law) are published in the Code of Federal Regulations.
United States Codes: - Congress first publishes a law as an “Act” in the Statutes, then organizes laws by subject in the United States Code (U.S.C.)
The most pertinent laws for HIPAA are linked in the document images. Please explore these documents. Reading the original law often clarifies what is written in a textbook.