Table of Contents
What will be Included within the Presentation
- Protected health information and when it may be disclosed. This element of the presentation is fundamental in the comprehension of HIPPAA and its constituents. For example, it defines what type of information should not be disclosed or when disclosure is acceptable.
- Privacy and Security Rules of HIPPAA. These rules will further define the obligations of the laboratory staff as indicated under HIPPAA to ensure only authorized disclosure.
- The difference between identifiable and unidentifiable information. This element of the presentation will help the laboratory staff to understand the major classes of protected health information and their uses.
- Excellent quality
- 100% Turnitin-safe
- Affordable prices
Protected Health Information and When it May be Disclosed
PHI (Protected Personal Information), also called Protected Health Info relates to laboratory results and tests, medical histories and demographic information as well as data collected by healthcare professionals in the identification of a person and the determination of the most appropriate form of care for them (HIPAA, 2009). HIPPAA directs a limitation to the types of such information and data that can be collected from persons by providers of healthcare, their insurers and business associates and the subsequent sharing of the same data and info with entities or for use in marketing. Specifically HIPPAA directs that institutions and persons are not to sell PHI if not such information is supposed to be used for activities of public health, treatment, research, services rendered or an acquisition of merger of an entity covered by HIPAA.
HIPAA also requires that disclosure of PHI only be made under valid authorizations except in cases that are required and permitted by the privacy rule of HIPPAA. Under the private rule, covered entities may only disclose PHI in only two situations. The first one is to individuals or if they have personal representatives and in particular, when they request access to such information (HSS, 2008). The second situation is to the HHS during a time when it is completing a compliance investigation. There are also permitted disclosures and uses of PHI defined by the Privacy Rule of HIPPAA. For instance, covered entities may be allowed, but not required to disclose and use PHI without the authorization of the individual (HSS, 2008). In such cases, then the information is used for health care operations, payment and treatment, for accounting of disclosures of the individual, for chances to object or agree, for incident to a disclosure that is otherwise permitted, public interest as well as benefit activities, research, public healthcare and healthcare operations (HSS, 2008).
Distinction between Privacy Rule and Security in Laboratory Situations
Like described, the privacy rule concerns the disclosure of PHI to individuals and institutions and the circumstances under which such disclosures can be made. However, on the other hand, it should be noted that security rule is a requirement of HIPPAA for all institutions that deal with PHI to ensure technical, administrative and physical safeguards that will guarantee the security, confidentiality and integrity of PHI (Cucoranu et al., 2013). However, it should be noted that the two terms are interrelated. For instance, failures in terms of the security standards more often results in privacy breaches, which subsequently invokes the privacy rules (Cucoranu et al., 2013). Therefore, while laboratory staff are required not to undertake unauthorized disclosures of PHI, they are also required to ensure that security of such information as outlined. From this perspective, therefore, it follows that within a laboratory setting, individuals can breach the privacy rule if they willingly let unauthorized parties access PHI. On the other hand, the unconscious and accidental disclosure of such PHI to unauthorized persons could result in security breach.
The differences between Identifiable and Unidentifiable Information and their Uses
PII (Personal Identifiable Information) refers to information, which could be used in the identification, contacting or location of a person when either used singly or in combination with other sources that are easily accessible (University of Miami, 2017). Such information may include the names of individuals, biometric data, fingerprints, email addresses, social security numbers, telephone among others (University of Miami, 2017). On the contrary, unidentifiable information is one that cannot be used for such purposes as the identification, contacting and the location of persons. Such information, like included in the HIPPAA Privacy Rule, may include the education records of individuals and records of employment. In relation to the HIPPAA privacy rule, any PHI that related to the past, the present and the future states of physical and mental health conditions, their payment for healthcare provisions is considered identifiable PHI when it is received or created by healthcare providers, healthcare clearinghouses, employer or health plan (National Institute of Health, 2007).
- Cucoranu, I. C., Parwani, A. V., West, A. J., Romero-Lauro, G., Nauman, K., Carter, A. B., … & Pantanowitz, L. (2013). Privacy and security of patient data in the pathology laboratory. Journal of pathology informatics, 4(1), 4.
- HIPAA (2009). HIPAA ‘Protected Health Information’: What Does PHI Include? Retrieved February 13, 2017 from https://www.hipaa.com/hipaa-protected-health-information-what-does-phi-include/
- HSS. (2008). Summary of the HIPAA Privacy Rule. HHS.gov. Retrieved 13 February 2017, from https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html?language=es
- National Institute of Health (2007). What Health Information Is Protected by the Privacy Rule? Retrieved 13 February 2017, from https://privacyruleandresearch.nih.gov/pr_07.asp
- University of Miami (2017). What is personally identifiable information (PII)? | Privacy | Office of HIPAA Privacy & Security at Miller School of Medicine. Privacyoffice.med.miami.edu. Retrieved 13 February 2017, from http://privacyoffice.med.miami.edu/faq/privacy-faqs/what-is-personally-identifiable-information-pii