• About Hippa
  • HIPAA Overview
  • HIPAA Patient Rights
  • Compliance


What is HIPAA ?

  •  Health 
  • Insurance 
  • Portability and
  • Accountability 
  • Act 

The Goal of HIPAA

  • The primary goal of HIPAA is :-

 i. to make law easier for people to keep health insurance

ii. Protect the confidentiality and security of health care information.

iii. Help healthcare industry to control Administrative cost.

What Does HIPAA consist of ?

  1.  Standardized Electronic Data Interchange transactions and codes for all covered entities.
  2. Standards for security of data systems.
  3. Privacy protections for individual health information. 
  4. Standard national identifiers for health care.

Why HIPAA comes in picture ?

  •  In 2000, many patients that were newly diagnosed with depression received free samples of anti-depressant medications in their mail. 
  • This left patients wondering how the pharmaceutical companies were notified of their disease.
  • After a long and thorough investigation, the Physician, the Pharmaceutical company and a well-known pharmacy chain were all indicated on breach of confidentiality charges. 
  •  This is one of the many reasons the Federal Government needed to step in and create guidelines to protect patient privacy. 


For Query & Registration


For Queries, Contact - 044-39 572 572


Participant Feedback



About Hippa

  • HIPAA is divided into two different sections. Those are :-
  1. Portability
  2. Administrative simplification
  •  Portability :-
  1. This sections allows individuals to carry their health insurance from one job to another, so that they do not have a lapse in coverage.
  2.  It also restrict health plans requiring pre-existing condition of an individuals who switch from one health plan to another.
  • Administrative Simplification :-
  1. This section is the establishment of a set of standard for receiving , transmitting and maintaining the healthcare information. 
  2. Ensuring the privacy and security of individuals identifiable information.

Administrative Requirement 

Every agency must: 

  • Appoint a Privacy Officer. 
  • Develop policies and procedures that guide HIPAA implementation, evaluation and revision. These should include actions taken for people who do not follow the directives. 
  • Provide education on HIPAA and organizational policies and procedures. 
  • Develop a process for handling privacy related complaints.
  • Ensure no retaliation occurs against someone who reports potential violations in good faith. 
  • Take appropriate action to minimize any harm that may result from breach of privacy. 
  • Ensure processes are in place to demonstrate compliance with documentation and record keeping.

Who Must Comply? 

  •  The individuals responsible for implementing HIPAA rules and regulations. Some examples are:


  1. Health Plans 
  2. Health Care Clearing houses
  3. Health Care Providers who conduct certain financial and administrative transactions electronically.
  • The Privacy Rule governs who has access to protected health information (PHI).
  • The Security Rule specifies a series of administrative, technical and physical security procedures to assure the confidentiality, integrity and availability of ePHI. 
  •  The American Recovery and Reinvestment Act (ARRA) goal is to establish secure electronic health records for all Americans by 2014. 
  • The Health Information Technology for Economic and Clinical Health Act (HITECH) 
  1. ARRA/HITECH brings changes to the HIPAA regulations in 3 categories:
  2. Breach notification 
  3. Business Associate responsibilities
  4. Business Associate responsibilities •
  5. Penalties 

HITECH and ARRA Rules 

  •  HITECH is designed to encourage health care providers to adopt health information technology in a standardized manner and to protect private health information. 
  • ARRA is the direct result of modifications in the HIPAA Privacy, Security and Enforcement Rules and strengthens health information privacy and security protections. ARRA specifically addresses: 


  1.  Breaches
  2. Electronic Health Records(EHR)
  3. Personal Health Records (PHR)

The Privacy Rule

  • The Privacy Rule is designed to protect individuals’ health information (PHI) and allows individuals to: 


  1. get a copy of their medical records
  2. ask for changes to their medical records
  3. find out and limit how their PHI may be used 
  4. know who has received their PHI
  5. have communications sent to an alternate location or by an alternate means 
  6. file complaints and participate in investigations

Guidelines For Using & Disclosing PHI

  • You may disclose information, without a member’s authorization, to the appropriate authorities: 
  1. if required by law, court order, etc.
  2. to public health officials, FDA, etc. 
  3. for abuse or domestic violence
  4. to help law enforcement officials
  5. to notify of suspicious death
  6. to provide information for workers’ compensation
  7. to assist government actions
  8. to help in disaster relief efforts
  9. to avert a serious threat to health or safety
  10. for health oversight activities


You are required to: 

  • disclose PHI – limit the information you share with a person to what he or she needs to know (“minimum necessary” guidelines) 
  • use PHI according to HIPAA approved guidelines for access, accounting, amendment, and restriction of PHI . 
  • only access the PHI necessary to complete your job duties 
  • maintain confidentiality & security of member information at all times


HIPAA guarantees several rights to patients:

  1. Right to privacy
  2. Right to confidential use of their health information for their treatment, billing process, and other health care operations (such as quality improvement)
  3. Right to access and amend their health information upon request
  4. Right to provide specific authorization for use of their health information other than for treatment, billing and other health care operations. 
  5. Right to have their name withheld from our patient directories 
  6. Right to request that individuals are not told of their presence in our facilities

 Important HIPAA Terminology 

  • Protected Health Information [PHI] 
  • Covered Entities [CE]
  • Treatment, Payment and Health Care Operations [TPO]
  • Notice of Privacy Practice [NPP] 

What must a covered entity do to be in compliance with HIPAA?

  1. Notify patients about their privacy rights and how their information can be used.
  2. Adopt and implement privacy procedures. 
  3. Train employees so they understand the privacy procedures. 
  4. Designate a Privacy Officer. 
  5. Secure patient records containing Protected Health Information [PHI].

How do I protect my patient’s privacy?

Don't Do
Tell anyone what you overhear about a patient. Close doors in patient’s rooms when discussing treatments
Discuss a patient in public areas, such as elevators, hallways or cafeterias Log off the computer when you are finished.
Look at information about a patient unless you need it to do your job Dispose of patient information by shredding or storing it in a locked container for destruction.
  Clear patient information off of your desk when your leave your desk.


  •  Safe computer and fax use 
  • Safeguards 
  1. Physical Safeguard
  2. Technical Safeguard 
  3. Administrative Safeguard 
  1.  If you feel there has been a privacy violation, inform your instructor who will immediately assist you in contacting the Privacy Officer.
  2. Refer patients who have a privacy concern or complaint to the nurse in charge of the unit.


  • All health information that specifically identifies an individual is considered confidential. 
  • Protecting the privacy of patient information is everyone’s responsibility.
  • Even though you are a student nurse, you are an active part of this program. Use patient information only to perform your responsibilities as assigned. 
  • Be aware! Don’t intentionally or unintentionally disclose patient information. Help others to do the same. 
  • If you suspect any privacy violations or concerns, notify your instructor who will immediately assist you in contacting the Privacy Office. 

Important Questions

  1. What is HIPAA? Why It Needed? 
  2. How its Comes?
  3. Brief About HIPAA .