LSU Health Logo

Office of Compliance Programs

HIPAA Privacy Training for Non-Clinical Workforce

Revised: January 24, 2017

HIPAA Privacy Workforce Training

The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff, residents and students) about the University's HIPAA policies and those specific HIPAA required procedures that may affect the work you do for the University.

Overview

This presentation provides a brief summary of the HIPAA Privacy Rule. It lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

The HIPAA Privacy Rule

A covered entity (e.g. LSUHSC-NO and its faculty, staff and students) may not use or disclose protected health information (PHI)about a patient without that patient's written authorization unless the use or disclosure falls under one of the exceptions.

What is PHI?

PHI consists of two parts:

What is an identifier?

PHI does not include:

Remember

PHI can appear in any medium including but not limited to:

Exceptions

Uses and disclosures that do not require and authorization include but are not limited to:

There are other exceptions. If you have a concern regarding whether a particular use or disclosure requires an authorization from the patient, contact the LSUHSC-NO Privacy Officer at (504) 568-5135 or via email at nocompliance@lsuhac.edu.

Protecting Patient Privacy

Any such unauthorized access would be a direct violation of LSUHSC-NO policy and HIPAA regulations. Such action would expose the violator not only to disciplinary action, but also to possible legal action.

LSUHSC-NO Privacy Policies

The HIPAA Privacy Policies and Procedures are contained in Chancellor’s Memorandum 53.

What is a Breach?

A breach of PHI is the unauthorized access, use, or disclosure of PHI that compromises the security of that information.

Any unauthorized access, use, or disclosure of PHI should be reported immediately to the Compliance/Privacy Officer in the Office of Compliance Programs at LSUHSC-NO.

Compliance will conduct a risk assessment to determine if the use and/or disclosure must be reported to the patient and the U.S. Department of Health and Human Services.

Things to Remember about Breaches

Some Examples of a Breach of PHI include, but are not limited to:

Privacy Complaints

If anyone suspects or knows of mishandling or misuse of patient PHI, a complaint can be made to:

Hotline button

How to Report a HIPAA Violation

Penalties

The HHS Office of Civil Rights shall assess penalties ranging from $100 per violation up to $1.5 million per violation.

Please note that inappropriate use and or disclosure of information on each patient is a separate violation.

In addition, LSUHSC-NO may take disciplinary action up to and including termination of employment or, if a student, expulsion from your program.

Individuals and health care providers (hospitals, etc.) can also face civil and criminal prosecution, depending on the facts of the case.

Recap

Resources

Chancellor’s Memorandum 53

HHS Office of Civil Rights HIPAA webpage.

Any Questions?

We Are Here to Help!

Office of Compliance Programs

433 Bolivar St.

Suite 807

New Orleans, LA 70112

568-5135

nocompliance@lsuhsc.edu