Module Privacy Risk Trust

LEARNING OBJECTIVES
To obtain an overview of HIPAA, to understand the scope, mechanics, and basic rights and obligations under the HIPAA Privacy Rule, to learn about the HIPAA Security Rule and Breach Notification Rule, to understand how state law regulates health data beyond HIPAA.

 

Length: Approximately 1 hour

Written by: Professors Daniel J. Solove and Paul M. Schwartz

Instructor: Professor Daniel J. Solove

FAQs

COURSE DESCRIPTION
This course provides an overview of the regulation of health privacy in the United States. The course explains the basic structural elements of HIPAA – how it applies, what types of entities it regulates, how it defines protected health information (PHI), and how it regulates business associates. It discusses the responsibilities of organizations under HIPAA, the rules governing the use and disclosure of PHI, and patient rights.  The course also provides an introduction to the HIPAA Security Rule as well as the Breach Notification Rule. Additionally, the course covers the enforcement of HIPAA by the HHS’ Office for Civil Rights. Beyond HIPAA, the course discusses the role in regulating health care privacy and security by state tort law and statutory law, as well as the protections in the U.S. Constitution for health data.

CERTIFICATE
To obtain a broad overview of privacy law, to understand the key issues involved, to learn how privacy law works, and to understand the differences and similarities between various privacy laws.

COURSE OUTLINE

About this Course
Introduction
State Tort Law

Breach of Confidentiality Tort
Duty to Notify Torts

HIPAA’s Applicability and Scope

Covered Entities
Hybrid Entities
PHI

Definition of PHI
De-Identification: The 18 HIPAA Identifiers

Business Associates

Definition of a Business Associate
Data Protection Along the Chain of Custody
Business Associate Agreements

Responsibilities of Organizations Under HIPAA

Governance Provisions

Privacy Official
Policies and Procedures
Workforce Training
Documentation
Assessments

Notice of Privacy Practices
Confidentiality
The Minimum Necessary Rule

Use and Disclosure of PHI Under HIPAA

Authorization
Mandatory and Permitted Disclosures

Mandatory Disclosures
Permitted Disclosures
Disclosures for Marketing and Fundraising
Accounting for Disclosures

.

HIPAA Patient Rights

Right of Access
Right of Amendment
Right to File a Complaint
The Right to Request Restrictions

HIPAA Security Rule

ePHI
Administrative, Physical, and Technical Safeguards
HIPAA Breach Notification Rule

Definition of a “Breach”
Notification

HIPAA Enforcement

HIPAA Enforcement Measures and Penalties
OCR Monetary Penalties
Audits
Private Common Law Lawsuits

Health Privacy Beyond HIPAA

State Statutes
Constitutional Law

Conclusion

Course Outline PDF