Know Your Risk


HIPAA became law in 1996 by the Department of Health and Human Services.

· It mandates that breaches of health information, no matter how simple or small, can be punished with fines reaching up to $1.5 million per violation.

· The Privacy Rule insure the confidentiality of protected health information (PHI), which is health information that can be tied to an individual.

· PHI includes diagnostic or treatment information, plus an identifier. Identifiers include: names, geographic data, all elements of dates, telephone numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, fax numbers, vehicle identifiers & serial numbers including license plates, device numbers, Web URL’s, biometric identifiers, internet protocol addresses, full face photos, any unique identifying number, characteristic or code.

· The Security Rule sets national standards for the protection of electronic Protected Health Information (ePHI).

· Government reimbursement programs mandate that ePHI be protected through a HIPAA Risk Analysis and other measures, including training. There are no exclusions!

· CAM Providers are included.

HIPAA Regulations: