hello i am nooru lathar pmp cphims and i did certified and welcome to my presentation on rhi exam prep domain two compliance with you join disclosure or phi first we see what is hyper compliance hyper student for health insurance portability and accountability act hyper compliance adherence to the physical administrative and technical safeguards outlined in hyper risk covered entities and business associates must afford to protect the integrity of protected health information phi hype is quickly approaching its 25th anniversary and the needs and demands of the legislation have changed as technology has advanced first we'll see hyperterms protected health information phi protected health information phi is any patient data that the law is mean to safeguard data that can be used to identify an individual common example include names email address social security numbers insurance certificates and so on the privacy rules create a standard for privacy of phi according to privacy rule health care providers and plan have to be responsive when their patient asks for the following access to their health records changes to be made to their phi in case of errors records of disclosures doctor patient communications the security rule standardized the handling of electronically protected information ephi the breeze notification rule managed that cover entities and business associate must alert any affected parties whenever their protected health information is compromised now see what is covered entity a covered entity sees any health care provider health plan or health data clearing house this commonly include doctor clinics and pharmacies etc nonetheless by definition a high pacquiaod entity is healthcare plan healthcare provider or healthcare data clearinghouse that electronically sends and or receive protected health information phi as described by hyper and hh standard the transmission of phi or ephi electronic phi often occurs for one of two reason health care related financial transactions or insurance processing now see what is business associates a business associate is any third party organization that handles individually identifiable health data on behalf of covered entity a hyper business associate is a person or organization that is not employed by a health care plan provider or clearing hall but that completes tasks related to individually identified world health information as governed by hyper administrative simplification rules which include the all important privacy rules and security rules now see notice of privacy practice npp a document that defines how healthcare providers protect patient privacy the npp focus on individual privacy issues and concern promoting users prompting users to open discussion with health plans and health care providers to exercise their privacy rights now see 18 hyper identifiers the hyper privacy rule straightforward policies to protect 18 identified director consider personally identifiable information pii these are the data points that can be used to identify contact are located and individual when one of these identifiers is used to use in conjunction with the person's health information or a payment method for for use for that health care it become protected health information if any communication contain pii the data is to be considered identified to be considered de-identified all of the 18 hype identifier must be removed from the data sets these are 18 identified designated under hyper name geographical element state address city country or zip code smaller than state dates birth date admission date discharge date date of death and exact age if over 89 telephone number fax number email addresses social security number medical record number help plan beneficiary number account number certificate or license number we can license plate and other identifiers device serial number any website url internet protocol ip address finger or voice print photographic image any other characteristic that could uniquely identify the individual like tattoo now you see hh health and human services the mission of u.s department of health and human services hhs is to enhance the health and well-being of all americans by providing for effective health and human services and by fostering sound sustained and advances in the science underlying medicine public health and social services now see what is onc the office of national coordinator for health information technology onc is at the forefront of administration health i.t efforts and is a resource to the entire health system to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care once he is organizationally located within the office of secretary for us department of health and human services now we see hype act the high tech act sorry now see high tech act the high tech act encourage health care provider to adopt electronic health records and improve privacy and security protection for health care data this was issued through financial incentives for adopting esrs and increase penalties for violation of hyper privacy and security rules the difference between hyper and high tech the difference between hyper and high tech is subtle both act addresses security of electronic protected health information ephi and measured within high-tech support of the effectiveness informant's enforcement of hyper most notably the police notification ruled that hyper enforcement rule however there is a difference between hyper and high tech with regards to patient rights prior to high-tech patients were unable to find out who their ephi had been disclosed to both authorized and authorized were known in 2011 department of health and human services published a high tech required rule that allowed patients to request access reports these reports explain to patients who accessed and view their ephi underwater authority hyper is federal law which is enforced by ocr office for civil rights of the department of health and human services the hyper security rule protect electronic data now see what is unique identifier all hyper-covered entities are required unique identifier for plan members employees and providers the identifiers are help plan identifier hpid national provider identifier npi and employer identifier number ein now see what is core sets hyper requires all code entity to adopt specific courses for diagnosis and procedure which must be used in all transaction core sets are necessary as they inform a wide range of health care functions the course states detail in hyperinclude the 10th edition of international classification of disease icd-10 current procedure terminology cpt healthcare common procedure coding system scpcs code on dental procedures and nomenclature cdt national drug code ndc there have been four major amendments since 1996. these are the security rule amendment of 2003 the privacy rule amendment of 2003 the brief notification rule of 2009 the final omnibus rule of 2030 now we will explore one by one the security rule amendment of 2013. the hypersecurity rule outlines the requirements for the protection of electronic patient health information the security rule refers to security standards for the protection of electronic protected health information technical safeguards physical safeguards and administrative safeguard let's explore technical safeguard what technical safeguards are needed network encryption must do control access must do authenticate ephi or alternative encrypt device must do control activity audit must do enable automatic log off or alternative now receive physical safeguard what physical safeguards are needed control facility access or alternative manage workstation must do protect mobile must do track servers or alternative now see administrative safeguards what administrative safeguards are needed risk assessments must do systematic risk management must do train your staff or alternative build contingencies must do test your contingencies or alternative block unauthorized access must do document all security incident or alternative now see the privacy rule amendment of 2013. high pass privacy rule is in place to ensure that percent health information phi is protected the privacy rule is actually called standards for the privacy of individually identifiable health information respond promptly hyper legislation give you just 30 days to get back to patient access request mandatory must do notice of privacy practice npp must do privacy training or alternative do not come to corruption the ensure appropriate steps are taken to maintain the integrity of ephi and individual personal identifier of patients must do get authority must to update your copy your authorization forms would now include reference to changes in treatment of school immunizations ephi restriction in disclosure to health plans and right of patient to their electronic records must do now you see reached notification rule of 2009 high pass priest notification rule set out requirements for who to notify in eventa protected health data breach know the notification process if bridge of ephi occurs you have to make both your patients and hs department aware if more than 500 people's records are involved you must also notify the media if it is under 500 percent you have to submit a small scale hacks through ocr websites this is manner various reports should ideally be made once initial investigation has been conducted the ocr only requires these reports to be made annually all of the immediate notification must be completed within 60 days post discovery check twice for four make sure your base notification methods contain these four elements a description of ephi and personal identifiers involved in the breach who can unauthorize access to phi or related information whether details were simply seen are taken leaving versus equal requirement if no the degree to which risk mitigation was succeed succeeded now the final omnibus rule of 2013 the hyper omnibus rule set out additional requirements for covered entities and business associate affected by hyper refresh your baa update your business associate agreements to reflect the changes of the omnibus rule must do send new ba copies get signed copies of new ba with the omnibus information incorporated to stay compliant must do refresh your privacy policy privacy policies must also reflect omnivorous changes must do update notice of privacy practice npp must be updated to cover the types of information that require an authorization the right to opt out of correspondence for fundraising purpose purposes and must factor in new this notification requirement must be performed must do finalize your training make sure that everyone on your staff is aware of all omnibus rules adjustment by conducting through training recommended or alternative hipaa quest please go to following links and play quiz hyper quiz to enhance your knowledge okay i have given all these links in video description okay that brings us to enough my presentation thanks for watching i hope you would have found this information useful if you like my videos please subscribe to my channel