Need some help with HIPAA compliance, but don’t know where you stand?
Our HIPAA Quiz is the place to start.
When it comes to HIPAA compliance, understanding exactly how to address the regulation in comparison to what you’re already doing
The Compliancy Group HIPAA Quiz will give you a solid baseline of understanding for exactly where your compliance stands.
But first, let’s get a baseline of some HIPAA terminology. This is the foundational first step that every health care professional can use to understand the regulation and find out where you stand.
HIPAA regulation can basically be broken down into a series of national standards on the security and privacy of protected health information (PHI). PHI is any demographic information that can be used to identify a patient. Common examples of PHI include name, date of birth, address, phone number, medical records, insurance ID number, financial information, email address, Social Security Number, and full facial photo, to name a few.
HIPAA regulation identifies two different types of entities that are beholden to the law. These include:
- Covered Entities (CEs): A covered entity is any health care provider, health care clearinghouse, or health insurance plan that creates or transmits PHI.
- Business Associates (BAs): A business associate is any vendor hired to perform a function who will necessarily encounter PHI in any way. There are many different kinds of BAs, but some common examples include IT providers, lawyers, billing/coding firms, cloud storage providers, physical storage providers, faxing services, shredding services, and many more.
Under HIPAA regulation, there are several component rules that HIPAA beholden entities must be aware of. The HIPAA Rules set specific standards for exactly how to maintain the confidentiality, integrity, and availability of PHI. The HIPAA Rules include:
- HIPAA Privacy Rule: The Privacy Rule sets standards for patient use and access to PHI. Patient authorizations and Notices of Privacy Practices are all included in this HIPAA Rule. Only covered entities must be compliant with HIPAA Privacy Rule standards.
- HIPAA Security Rule: The Security Rule outlines a series of safeguards that all HIPAA-beholden entities must have in place to maintain the security of PHI. These safeguards are broken down into Administrative, Technical, and Physical standards–all of which must be addressed in order to comply with the regulation.
- HIPAA Breach Notification Rule: The Breach Notification Rule sets specific standards for exactly how data breaches must be investigated, how patients must be notified, and how these breaches must be reported to HHS.
- HIPAA Omnibus Rule: The Omnibus Rule went into effect in 2013 and states that all business associates must be HIPAA compliant.
Now that you have a basic understanding of your HIPAA requirements, you’re ready to utilize our training materials and take our HIPAA Quiz!