Health Insurance Portability and Accountability Act - HIPAA Privacy
What is HIPAA?
HIPAA is an acronym for the Health Insurance Portability and Accountability Act. HIPAA is a federal law containing complex new regulations that prohibit the unauthorized access to and inappropriate use and disclosure of protected health information. It generally requires organizations to take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose.
What constitutes Protected Health Information?
Protected health Information (PHI) is any information relating to an individual that has the possibility of tying that individual to his or her health record. HIPAA applies to information communicated both orally and in writing, housed in any files or depositories or information stored in any electronic or recording devices or transmitted through any electronic means.
Who is protected by HIPAA?
Any individual who provides their PHI to the University is protected by HIPAA.
What information is confidential?
All PHI provided by an individual to the University is protected by HIPAA regulations. Even information that you learn just because you work at Ohio Northern University, such as seeing an acquaintance in a clinic or overhearing a conversation about protected health information, is confidential information that you must not share with anyone, not even your own co-workers, unless you are specifically authorized to do so. If you are working in an office where you may see protected health information about our students, the law says that we must keep that information confidential. Everyone has a legal right to privacy and, in your role us as employee, you have an obligation to maintain that privacy. Information can only be shared with a co-worker if that co-worker has a need and right to know the information. Your "need and right to know" is defined by the job that you perform. If you must know the information to successfully perform your job duties, then you have a need and right to know the information.
What happens if I release confidential information?
Breaching the confidentiality and privacy of anyone's protected health information, even unintentionally, is serious. The misuse of a student's health information can result in government fines and even criminal penalties.
What can be done to help comply with HIPAA?
- Treat all protected health information about our students as confidential, whether you know it because of your job or you learn it accidentally.
- Never access protected health information that you are not specifically authorized to access.
- Never discuss protected health information with anyone, inside or outside ONU, who is not specifically authorized to know the information.
- When you are working with protected health information, make sure it is secured when you step away from your area.
- If you work with protected health information on your computer, make sure you log off before leaving it unattended, and make sure you have good password protection. Never share your computer password, and don't leave it lying around.
- Make sure your computer screen is not in public view.
- Move fax machines that are used to receive or transmit protected health information to secure locations away from public access.
- Don't transmit protected health information by e-mail unless you have special software installed on your computer that protects it when it is sent electronically.
- Always lock file cabinets that contain protected health information, and lock doors to offices where protected health information is housed.
- Only mail protected health information in envelopes addressed to specific individuals and in ones that are clearly marked confidential.
- Never throw protected health information in the trash. Always shred it.