HIPPA: The Basics
Start
Introduction
HIPAA, The Health insurance and Portability and Accountability Act, protects patient health information. It is important to understand your role in ensuring that MPW as a company is compliant with HIPAA. In this training, you will learn about different sections of HIPAA, your role, and what happens when HIPAA is violated
Objectives
By the end of this training, you will be able to...
Determine when confidential patient information can be disclosed
Comply with HIPAA rules and regulations
State ways to protect client's confidential medical information
Who Must Comply with HIPAA
Click to learn more about complying with HIPAA
Contractors
Volunteers
Any Business
Employees
- Following agency privacy rules
- Securing devices and documents
- Reporting security concerns
- Accesing only what is necessary for their role
Unpaid status does not remove responsibility
Unpaid status does not remove responsibility
- Signing confidentiality agreements
- Completing Training
- Not sharing patient information
- Accessing information only when authorized
- Written HIPAA politices and procedures
- Safegaurds to protect PHI
- Workforce training
- Branch reporting process
The organization sets the standard for privacy and security
- Accessomg only the minimum necessary information
- Keeping passwords secure
- Not discussing patient information publicly
- Reporting potential breaches immediately
All employees, must follow HIPAA policies
Why Must You Comply With HIPAA
Law
Integrity
Trust
HIPAA Rules Overview
HIPAA has 3 distinct rules that must be followed. Click through to learn about these rules
Privacy Rule
SecurityRule
Breach Notification Rules
Client Authorizations for Disclosure
Do we have valid authorization?
Client Choice
Click the hotspots to learn more about client authorizations
Check ROI
Is the Authorization Valid?
All authorizations must be written in understandable language
Click to learn what must be included in authorizations:
Violations
- If you ignore the rules and carelessly or deliberately use or disclose PHI or confidential information you can expect:
- Disciplinary action, up to termination
- Cilvil and/or criminal charges
- Examples:
- Accessing PHI for purposed beyond assigned job responsibilities
- Attempting to learn or use another person's access information.
- Acknowledge the mistake and notify your supervisor and the Compliance Officer immediately
- Don't cover up or try to make it "right" by yourself
- Learn from the error and prevent it from happening again
- Assist in correcting the error only as requested by your leader
Intentional Violations
Accidental Violations
Title
Title
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Subtitle
Mistakes can happen
Subtitle
Ignoring the rules
Everyday Ways to Prevent Breaches
Click through to learn steps you can take
Verbal Safeguards
Physical Safeguards
Technical Safeguards
Administrative Safeguards
Why it Matters
HIPAA violations can put yourself at risk including
HIPAA violations can put MPW at risk including:
It is your responsibility to take the patient information confidentiality seriously
Personal
Company
Responsibility
Thank You!!
Take the Quiz
Breach Notification Rule
- The HIPAA Breach Notification Rule requires covered entities and business associates to notify patients when unsecure PHI is disclosed or breached without authorization
- PHI is presumed breach unless a risk assessment demonstrates a low probability that the information has been compromised
- The Office for Civil Rights (OCR) investigates complaints and breach reports
- If a breach affects 500 or more individuals, OCR must be notified with no delay and no later than 60 calendar days from discovery
Do we have valid authorization?
Under both federal and state law, MPW must obtain a client's written authorization before using or disclosing any Protected Health Information (PHI) that is not for treatment, payment, or health care operations and is not otherwise permitted or required by the HIPAA Privacy Rule
Client Choice
By law, MPW cannot require a client to provide authorization as a condition of receiving treatment, payment or eligibility for benefits, except in certain limited situations specifically allowed by law
It's the Law
HIPAA is a federal requirement, not a guideline
Failure to comply may result in:
- Disciplinary action
- Termination
- Fines and penalties
- Criminal charges in serious cases
Compliance is mandatory for everyone with access to PHI.
Include an expiration date
It's the Right Thing to Do
We our expect our own health information to remain private
HIPAA Compliance reflects:
- Respect
- Professionalism
- Integrity
Protecting patient information is part of maintaining a safe, ethical, and trustworthy environment for everyone we serve
Physical Safeguards
PHI in paper or visible form must be secured at all times. Unauthorized access can occur simply by leaving documents exposed or unattended.
Examples:
- Do not leave PHI unattended on desks, printers, or fax machines.
- Store records in locked cabinets when not in use
- Turn documents face down when not actively using them
- Shred documents containing PHI before disposal
Technical Safeguards
Electronic PHI must be protected through proper system use and security practices. Each staff is responsible for preventing unauthorized digital access.
Examples:
- Lock your screen when stepping away
- Never share passwords or login credentials
- Log out at the end of your shift
- Access only the PHI necessary to perform your job duties
- position computer screens away from public view
Include the right to revoke in writing
Verbal Safeguards
Be mindful of where and how you discuss PHI. Conversations can be overheard, so take reasonable steps to protect privacy.
Examples:
- Avoid discussing PHI in hallways, elevators, waiting rooms, or restrooms
- Lower your voice in semi-private areas
- Limit voicemail details
- Be aware of who may overhear conversations
Identify who is disclosing and receiving
Administrative Safeguards
Organizational policies and procedures support HIPAA compliance. Staff must follow established protocols to ensure PHI is used and disclosed appropriately.
Examples:
- Follow the Minimum Necessary standard
- Confirm a valid ROI is on file before disclosing PHI
- Report suspected privacy breaches immediately
- Follow all MPW privacy and security policies
Security Rule
The Security Rule (IT) includes security requirements to protect patients electronic PHI confidentiality, integrity, and availability
The Security Rule requires MPW to:
- Develop reasonable security policies and ensure staff compliance, including protection against unauthorized use or disclosure of PHI
- Identify and protect against threats to ePHI security and integrity
- Limit facility access to authorized staff only
- Ensure proper use of workstations and electronic media, including securing unattended computers
- Analyze security risks and implement appropriate safeguards
Our Patients Trust Us
Patients share highly personal information
They trust us to:
- Keep their information private
- Use it appropriately
- Protect it from unauthorized access
Protecting PHI preserves dignity, safety, and confidence in care
Identify what information will be disclosed
Check ROI
Whenever any MPW staff member receives a request to release PHI, a valid ROI must be on file. Failing to have proper authorization may constitute a HIPAA breach
Always check ROIs before releasing any information
Privacy Rule
The privacy rule protects patients' PHI while letting you securely exchange information to coordinate patient care
The Privacy Rule also gives patients the right to:
- Examine and get a copy of their medical records, including an electronic copy
- Request corrections to their records
- Restrict their health plan's access to information about treatments they paid for in cash
HIPPA: The Basics
Katie
Created on February 16, 2026
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Customer Service Course
View
Dynamic Visual Course
View
Dynamic Learning Course
View
Akihabara Course
Explore all templates
Transcript
HIPPA: The Basics
Start
Introduction
HIPAA, The Health insurance and Portability and Accountability Act, protects patient health information. It is important to understand your role in ensuring that MPW as a company is compliant with HIPAA. In this training, you will learn about different sections of HIPAA, your role, and what happens when HIPAA is violated
Objectives
By the end of this training, you will be able to...
Determine when confidential patient information can be disclosed
Comply with HIPAA rules and regulations
State ways to protect client's confidential medical information
Who Must Comply with HIPAA
Click to learn more about complying with HIPAA
Contractors
Volunteers
Any Business
Employees
Unpaid status does not remove responsibility
Unpaid status does not remove responsibility
The organization sets the standard for privacy and security
All employees, must follow HIPAA policies
Why Must You Comply With HIPAA
Law
Integrity
Trust
HIPAA Rules Overview
HIPAA has 3 distinct rules that must be followed. Click through to learn about these rules
Privacy Rule
SecurityRule
Breach Notification Rules
Client Authorizations for Disclosure
Do we have valid authorization?
Client Choice
Click the hotspots to learn more about client authorizations
Check ROI
Is the Authorization Valid?
All authorizations must be written in understandable language
Click to learn what must be included in authorizations:
Violations
Intentional Violations
Accidental Violations
Title
Title
Use this side to give more information about a topic.
Use this side to give more information about a topic.
Subtitle
Mistakes can happen
Subtitle
Ignoring the rules
Everyday Ways to Prevent Breaches
Click through to learn steps you can take
Verbal Safeguards
Physical Safeguards
Technical Safeguards
Administrative Safeguards
Why it Matters
HIPAA violations can put yourself at risk including
HIPAA violations can put MPW at risk including:
It is your responsibility to take the patient information confidentiality seriously
Personal
Company
Responsibility
Thank You!!
Take the Quiz
Breach Notification Rule
Do we have valid authorization?
Under both federal and state law, MPW must obtain a client's written authorization before using or disclosing any Protected Health Information (PHI) that is not for treatment, payment, or health care operations and is not otherwise permitted or required by the HIPAA Privacy Rule
Client Choice
By law, MPW cannot require a client to provide authorization as a condition of receiving treatment, payment or eligibility for benefits, except in certain limited situations specifically allowed by law
It's the Law
HIPAA is a federal requirement, not a guideline
Failure to comply may result in:
Compliance is mandatory for everyone with access to PHI.
Include an expiration date
It's the Right Thing to Do
We our expect our own health information to remain private
HIPAA Compliance reflects:
Protecting patient information is part of maintaining a safe, ethical, and trustworthy environment for everyone we serve
Physical Safeguards
PHI in paper or visible form must be secured at all times. Unauthorized access can occur simply by leaving documents exposed or unattended.
Examples:
Technical Safeguards
Electronic PHI must be protected through proper system use and security practices. Each staff is responsible for preventing unauthorized digital access.
Examples:
Include the right to revoke in writing
Verbal Safeguards
Be mindful of where and how you discuss PHI. Conversations can be overheard, so take reasonable steps to protect privacy.
Examples:
Identify who is disclosing and receiving
Administrative Safeguards
Organizational policies and procedures support HIPAA compliance. Staff must follow established protocols to ensure PHI is used and disclosed appropriately.
Examples:
Security Rule
The Security Rule (IT) includes security requirements to protect patients electronic PHI confidentiality, integrity, and availability
The Security Rule requires MPW to:
Our Patients Trust Us
Patients share highly personal information
They trust us to:
Protecting PHI preserves dignity, safety, and confidence in care
Identify what information will be disclosed
Check ROI
Whenever any MPW staff member receives a request to release PHI, a valid ROI must be on file. Failing to have proper authorization may constitute a HIPAA breach
Always check ROIs before releasing any information
Privacy Rule
The privacy rule protects patients' PHI while letting you securely exchange information to coordinate patient care
The Privacy Rule also gives patients the right to: