LSU Health Logo

Office of Compliance Programs

HIPAA Privacy Training for Non-Clinical Workforce

Revised: January 22, 2018

HIPAA Privacy Workforce Training

The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff, residents and students) about the University's HIPAA policies and those specific HIPAA required procedures that may affect the work you do for the University.


This presentation provides a brief summary of the HIPAA Privacy Rule. It lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

The HIPAA Privacy Rule (thumbnail sketch)

A covered entity (e.g. LSUHSC-NO and its faculty, staff and students) may not use or disclose protected health information (PHI)about a patient without that patient's written authorization unless the use or disclosure falls under one of the exceptions.

What is PHI?

PHI consists of two parts:

What is an identifier?

PHI does not include:


PHI can appear in any medium including but not limited to:


Uses and disclosures that do not require and authorization include but are not limited to:

There are other exceptions. If you have a concern regarding whether a particular use or disclosure requires an authorization from the patient, contact the LSUHSC-NO Privacy Officer at (504) 568-5135 or via email.

Protecting Patient Privacy

Any such unauthorized access would be a direct violation of LSUHSC-NO policy and HIPAA regulations. Such action would expose the violator not only to disciplinary action, but also to possible legal action.

LSUHSC-NO Privacy Policies

The HIPAA Privacy Policies and Procedures are contained in Chancellor’s Memorandum 53. Also, all HIPAA forms (e.g. Notice of Privacy Practices, HIPAA Authorization, Research Authorization, etc.) can be found at this link.

What is a Breach?

A breach of PHI is the unauthorized access, use, or disclosure of PHI that compromises the security of that information.

Any unauthorized access, use, or disclosure of PHI should be reported immediately to the Compliance/Privacy Officer in the Office of Compliance Programs at LSUHSC-NO.

Compliance will conduct a risk assessment to determine if the use and/or disclosure must be reported to the patient and the U.S. Department of Health and Human Services.

Things to Remember about Breaches

Some Examples of a Breach of PHI include, but are not limited to:

Privacy Complaints

If anyone suspects or knows of mishandling or misuse of patient PHI, a complaint can be made to:

Hotline button

How to Report a HIPAA Violation


The HHS Office of Civil Rights shall assess penalties ranging from $100 per violation up to $1.5 million per violation.

Please note that inappropriate use and or disclosure of information on each patient is a separate violation.

In addition, LSUHSC-NO may take disciplinary action up to and including termination of employment or, if a student, expulsion from your program.

Individuals and health care providers (hospitals, etc.) can also face civil and criminal prosecution, depending on the facts of the case.



Chancellor’s Memorandum 53

HHS Office of Civil Rights HIPAA webpage.

Getting Help

Office of Compliance Programs
433 Bolivar St.
Suite 807
New Orleans, LA. 70112