HIPAA myths part 1 dragonWe discuss some common HIPAA myths (or points of confusion) surrounding HIPAA compliance requirements.  There are many cases of HIPAA myths being passed around.  Often it is a misunderstanding of what is required based on guidance from OCR and HHS.  There are plenty of lists of myths.  Our topics come from myths listed by HealthIT.com and HHS.  We are going to review and comment on each of the HIPAA myths in their lists.  We can’t get through all 10 myths in one episode so this is HIPAA Myths Part 1.

Glossary
Myth is a widely held but false belief or idea.

A 5 star review would make us so HAPPY!
Free HIPAA Training
Delivered to your inbox every Friday

Links

HealthIT.gov Top 10 Myths of Security Risk Analysis

HealthIT.gov Guide to Privacy and Security of Electronic Health Information Analysis

HIPAA Myths Part 1

  1. Providers are not allowed to share information about a patient with others unless authorized by the patient to do so. False. Providers can share:With anyone the patient identifies as a caregiver.  When the information is directly relevant to the involvement of spouse, family member, friends, or caregivers. (Ebola for example)When necessary to notify a caregiver about a change in condition or location of a patient (as long as the patient doesn’t object)When in the best interest of the patient regardless of their ability to object or not.
  2. The security risk analysis is optional for small providers and business associates. False. Everyone is required to abide by the Security Rule which specifically requires a security risk analysis.
  3. A checklist will suffice for the risk analysis requirement. False.Checklists are tools for doing the analysis and gathering your data but they aren’t enough to meet the risk analysis requirement. A Security Risk Analysis must include three main elements (according to OCR guidance):

A. Identification of all PHI sources
B. Human, electronic and environmental threats to the PHI
C. Review of current security measures to protect the PHI from those

That gets us through the first 3 myths in HIPAA myths part 1.  Next week we will continue on the list until we can get it finished!  Part 2 probably won’t be the finishing point either based on how long 3 took us to get through.

Share This
HIPAA Boot Camp