Introduction

HIPAA Law

HIPAA stands for "Health Insurance Portability and Accountability Act" (HIPAA). President Bill Clinton signed the bill into law on August 21, 1996. It is said to be the most significant act of Federal legislation to affect the health care industry since Medicare and Medicaid were rolled out in 1965. The law officially became effective on July 1, 1997.

HIPAA required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations to protect the privacy and security of certain health information.

Who Must Comply With HIPAA Laws

The following is a specific list of who needs to be HIPAA compliant:

• Covered healthcare providers (hospitals, clinics, regional health services, individual medical practitioners) who carry out transactions in electronic form
• Healthcare clearinghouses (billing services, repricing companies, community health management information systems, information systems, and value-added networks)
• Health plans (including insurers, HMOs, Medicaid, Medicare prescription drug card sponsors, flexible spending accounts, public health authority, in addition to employers, schools or universities who collect, store or transmit e-PHI, or electronic protected health information)
• Company business associates (including private sector vendors and third-party administrators)

Who Is Not Required to Follow These Laws

Many organizations that have health information about you do not have to follow these laws.

Examples of organizations that do not have to follow the Privacy and Security Rules include:

• Life insurers
• Employers
• Workers compensation carriers
• Most schools and school districts
• Many state agencies like child protective service agencies
• Most law enforcement agencies
• Many municipal offices

Course Components

This course is a summary of key elements of the HIPAA rules and not a complete and comprehensive guide to compliance. Entities regulated by the Rule are obligated to comply with all of its applicable requirements and should not rely on this summary as a source of legal information or advice.

Modules

To begin your training, click on the module links below. If you are just starting this course, you should start with module 1.

Click on the links below to access the modules. You can also click on the links at the top of the page.

Module 1 - HIPAA Overview

Learning objectives in this module include:

• Discuss the scope of the standard and its application.
• List and define some of the primary terms used in the standard.

Module 2 - Your Personal Rights Under HIPAA

Learning objectives in this module include:

• Describe the purpose of the HIPAA Privacy Rule.
• Discuss strategies to protect patient privacy.
• Describe the purpose of the HIPAA Security Rule.
• Identify "covered entities" under the Security Rule.
• Discuss how the HIPAA Privacy and Security Rules differ.
• Discuss how the Privacy Rule applies to Protected Health Information (PHI)
• List the 18 HIPAA Identifiers.

Module 3 - Health Care Provider Responsibilities

Learning objectives in this module include:

• Describe HIPAA responsibilities for covered entities.
• Define and describe the function of Health Care Plans, Health Care Clearinghouse, and "Health Care Providers.
• Describe electronic Protected Health Information (PHI) and how it is covered by the HIPAA Privacy Rule.
• Define "Integrity," and "Availability" as used in the HIPAA Security Rule.
• Discuss risk analysis activities in the HIPAA Security Rule.
• Describe the various types of administrative and technical safeguards regarding electronic protected health information (e-PHI).
• Discuss enforcement of the HIPAA provisions, and associated penalties for non-compliance.

Please login to your student dashboard to access and download this FREE course PDF study guide. You can save this study guide to your computer for offline studying, or print the study guide if you prefer.

Course 625 Final Exam

After studying the course material and answering the quiz questions, it is time to take the final exam. We highly recommend answering the module quiz questions to check your understanding of the course material. The final exam questions are typically developed from these quiz questions.

OSHAcademy course final exams are designed to make sure students have gained a sufficient understanding of the content covered within each course. To help demonstrate this understanding, students must achieve a passing score on course final exams. It is OSHAcademy's policy to protect the integrity of our exams: as a result, we do not provide missed questions to students.

This is an open book exam. Students are permitted to use a separate browser window to review course content while taking the exam. If you do not pass a final exam, you will see a "Retake Exam" button next to the course on your student dashboard.

If you have already paid for your certificate

If you have already paid for certificates, your exam score will be displayed on your student dashboard after successfully passing the final exam. If you chose PDF certificates, you can view and print your certificate and personal transcript from your student dashboard. If you chose original printed documents, they will be prepared and mailed to the address in your student account.

If you only want free training

OSHAcademy provides free access to all training materials, including course modules, practice quizzes, exercises, and final exams. However, exam scores, certificates, and transcripts are provided only if you purchase a certificate package to document your training. If you do not require official training documentation, we will archive your exam results should you decide to purchase official certificates later.

Take the Final Exam

Endnotes

1. Occupational Safety and Health Administration. (2014). HIPAA and OSHA: Whistleblower Complaints. Retrieved from: www.osha.gov/Publications/OSHA-factsheet-HIPAA-whistle.pdf

2. U.S. Department of Health & Human Resources. (2006). Health Information Privacy. Retrieved from: www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/provider_ffg.pdf

3. U.S. Department of Health & Human Resources. (2014). HIPAA Privacy Rule: What Employers Need To Know. Retrieved from: www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

4. U.S. Department of Health & Human Resources. (2014a). Summary of the HIPAA Privacy Rule. Retrieved from: www.twc.state.tx.us/news/efte/hipaa_basics.html

5. U.S. Department of Health & Human Resources. (2014b). Health Information Privacy. Retrieved from: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/

6. U.S. Department of Health & Human Resources. (2014c). Sharing Health Information With Family Members and Friends. Retrieved from: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/sharing-family-friends.pdf

7. U.S. Department of Health & Human Resources. (2014d). A Health Care Provider’s Guide to the HIPAA Privacy Rule. Retrieved from: www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/provider_ffg.pdf

8. Government of Kansas. (2014). HIPAA. Retrieved from: www.dcf.ks.gov/Agency/Documents/HIPAA-Training.pdf

Additional Resources