HIPAA: Privacy Information Security | WKCTC

Weather Alert • February 18 – 21

Due to projected inclement weather, WKCTC will transition to remote operations starting Tuesday, February 18, 2025, at 3 PM, through Friday, February 21, 2025.

Faculty and staff will be working remotely, and students are expected to engage in remote learning as outlined in their syllabi.

All WKCTC campus locations will be closed.

Program Finder

HIPAA: Privacy Information Security

HIPAA imposes new restrictions on the use and disclosure of Personal Health Information (PHI) and gives patients greater access and protection to their medical records.

  • Individually Identifiable Health Information (IIHI) relating to the past, present or future health condition of the individual and is transmitted or maintained in any form (electronically, orally or on paper).
  • Examples: Name, address, dates of service, date of birth, social security number, etc.

What is Disclosure and Use?

  • Use: Shared, examined, applied or analyzed within an entity that holds the information.
  • Disclosure: Release, transferred, or made accessible to anyone outside the entity holding the information.

When can PHI be Used/Disclosed?

PHI can be used or disclosed for:

  • Treatment, Payment, Healthcare Operations (TPO)
  • With authorization from the individual
  • Disclosure to the patient
  • Incidental uses

When is Authorization Required?

Generally speaking, for uses other than, Treatment, Payment, Hospital Operations

An authorization is a written document, signed by the patient, that specifically allows the covered entity to disclose PHI with patient’s permission.

When is authorization not required?

  • To maintain a patient directory
  • To inform family members of patient location, general condition, or death
  • Public health activities
  • Coroners, medical examiners, funeral directors, organ donations
  • To avert a serious threat to health and safety
  • Make sure the least amount of health information is shared to accomplish the task.
  • Identify those who regularly access PHI and the types of PHI necessary for proper TPO of the patient.
  • The Patient Notice is a required document that outlines the common uses of PHI.
  • Must contain patient's rights and the covered entity's legal duties.
  • Must be made available in print.
  • Must be displayed at the site of service and posted on a web site.
  • Recognizing what types of security issues may arise in the workplace; and
  • Knowing what actions to take in the event of a security breach.
  • The HIPAA Security Rule requires that everyone in the workforce is trained.
  • Members of the workforce include volunteers.
  • Always report anything unusual.
  • Notify your supervisor if you suspect a security incident.
  • Never share your ID or password with anyone.
  1. Hidden under the keyboard - Keeping a computer password on a yellow post-it note.
  2. I'll do it my way - Not listening to or following security procedures.
  3. On, gone, not locked - Walking away from the computer, leaving it unlocked or not turned off.
  4. Gee, what's in this attachment - Unknown email attachments can cripple by carrying viruses.
  5. Weak passwords - Passwords based on information easily accessible to others.
  6. Loose lips - Talking in public about things you shouldn't
  7. Laptops with legs - Laptops left unsecured and unattended are vulnerable to theft.
  8. Law enforcement - Managers and supervisors need to ensure ongoing compliance.
  9. The threat within - Statistically, most security breaches originate inside the organization.
  10. Update now - Security updates don't do any good unless they are loaded on your computer.
  • HIPAA requires that we assign a "Privacy Officer" and "Information Security Officer"
  • This person will be responsible for overseeing all privacy policies and procedures.
  • This person will be the contact person for receiving complaints.
  • Institute a training program for Volunteers.
  • Civil penalties from $100 to $25,000
  • Criminal penalties up to $250,000 and 10 years in prison