Institute:Office of National Coordinator (ONC) Workforce Training Curriculum
Component:The Culture of Health Care
Unit:Privacy, Confidentiality, and Security
Lecture:HIPAA Privacy Rule
Slide content:What Is Covered? Protected health information (PHI) Collected from patient and created by covered entity Individually identifiable Electronically transmittedin reality, all information Extends to covered entities and business associates De-identified information is not covered Pre-emption HIPAA trumps state law if state law is less protective of privacy and security, but state laws that go beyond the HIPAA protections are not nullified by HIPAA and must be followed 8
Slide notes:What is covered by the HIPAA privacy regulations? The privacy regulations cover protected health information, or PHI [P-H-I]. This is information that is collected from the patient and created by a covered entity, such as a health care provider, clearinghouse, or health plan. Its individually identifiable and electronically transmitted information. HIPAA regulations extend to covered entities and business associates of the covered entities. For example, if a business works with a health care institution for whom the HIPAA regulations apply, then those regulations apply to that business as well. De-identified information is not covered; issues with so-called de-identified information were discussed in a previous lecture. There are various levels of pre-emption: HIPAA trumps state law if state law is less protective of privacy and security, but state laws that go beyond the HIPAA protections are not nullified by HIPAA and must be followed. 8