University of Maryland Home Page Link Photo of 4 adults in white lab jacketsPhoto of 3 hospital employees Headshot of man smilingMan in shirt and tie Woman's face glancing up Woman in scrubs smiling with stethoscope around neck
  Home    | What is HIPAA? | Organization & Policies | Privacy Training | Privacy Practices   | Oversight Responsibilities
 
 
square bullet Take the HIPAA Quiz
square bullet Sample Situations
square bullet Get more Information
   
 
 
 
 
 
 

 

 

 

 

  Photo of the McKeldin Mall from Main Admin  

 

University Compliance with HIPAA
the Health Insurance Portability and
Accountability Act of  1996

Privacy Training Information

This privacy training information is being provided to university employees who, in the course of their duties, may have access to billing records indicating an individual has received Health Center services.

If you have any questions about this information, please contact Mike Landi, Bursar, or John Trangsrud, Assistant Bursar, at 301-405-9006, or Amy Ginther of the Office of Information Technology at 301-405-2619.

This information will help you understand: (click the [+] to find the answers)

What is HIPAA? []

HIPAA is the Health Insurance Portability and Accountability Act of 1996. It is a federal law that goes into effect in April 2003. This law protects the privacy of a patient’s personal and health care information.
Violations of the law can result in fines up to $250,000 and in jail sentences up to 10 years.

Who has to follow the HIPAA law? []

Everyone.

When does the law have to be followed? []

Now.

Why is HIPAA important? []

HIPAA protects our privacy and the security of information about us when we are patients. It’s the law and it’s the right thing to do.

What patient information must we protect? []

All information about an individual who is a patient of a health care service is private or confidential. The information may be written on paper, saved on a computer or spoken. HIPAA refers to this information as Protected Health Information (PHI).

  • a person’s name, address, phone numbers, e-mail address, age, birth date, social security number
  • medical records including the reason for seeking health care, diagnosis, prescribed treatment and medications, x-rays, lab work, test results
  • billing records including claim information, referral authorizations, benefits explanations
  • research records

If you have access to any of this information—including the simplest fact that a person received health services—and reveal it to someone who does not need to know it, you have broken the law and compromised a person’s confidentiality.

How does HIPAA affect you and your job? []

  • If you currently see, use or share a person’s protected health information as part of your job, HIPAA may change the way that you do your job.
  • If you currently work directly with patients, HIPAA may change the way that you do your job.
  • As part of your job, you must protect the privacy of PHI.

When can you use PHI?

You can only use PHI to do your job. You should, at all times, protect a person’s information as if it were your own information.You may

  • Look at a person’s PHI only if you need it to do your job.
  • Use a person’s PHI only if you need it to do your job.
  • Give a person’s PHI to others when it is necessary for them to do their jobs.
  • Talk to others about a person’s PHI only if it is necessary to do your job.

Use common sense in making decisions about whether you need to see or share PHI to perform your job. Ask yourself, "Do I need to know this to do my job?" If you do not, do not access the information. It is none of your business! But if it is your business, you have nothing to worry about.

After reviewing this basic tutorial information, please complete the 6-item on-line exam, below, to certify your understanding of the information. This is necessary to confirm your continued access to the SAR system.

 
* Code of Federal Regulations 45; Part 160
Links to Specific HIPAA Regulations: General Administrative Requirements
Security Standards Not Yet Included (April 14, 2003)
* Code of Federal Regulations 45; Part 162
Links to Specific HIPAA Regulations: Administrative Requirements
Security Standards Not Yet Included (April 14, 2003)
* Code of Federal Regulations 45; Part 164
Links to Specific HIPAA Regulations: Security and Privacy
Security Standards Not Yet Included (April 14, 2003)
* HIPAA Security Rule
HIPAA Security Standards and Commentary in pdf format
* Department of Health & Human Services HIPAA Page
Links to Federal HIPAA Information
* HIPAA Privacy Rule Primer for the College or University Administrator
American Council on Education Analysis
* The Impact of the HIPAA Privacy Rule on Academic Research
American Council on Education Analysis

 

 


[Home]  [What is HIPAA?[Organizations & Policies]  [Privacy Training]  [Privacy Practices]  [Oversight Responsibilities]

Copyright University of Maryland. All rights reserved
Office of the Vice President for Student Affairs
2108 Mitchell Building
College Park, MD 20742-5221
(301)314-8428

Revised: June 12, 2007
Division of Student Affairs Link