Federal HIPAA Electronic Privacy Rules and
we believe we are in compliance
Cyber Security 

Federal – HIPAA Privacy (HHS.gov)   and
Calif. Civil Code provides  in a
one sentence summation that: 

• Any  [medical] records  which contain individually identifiable (PHI) Protected Health Information must be secured,  so that they are not readily available to those who do not need them. ^{(HSS Q & A)} Thus, the people who can see your medical records is very limited.

What does the HIPAA Privacy Rule do? 

The HIPAA Privacy Rule for the first time creates national standards to protect individuals’ medical records and other personal health information. –

• It gives patients more control over their health information.
• It sets boundaries on the use and release of health records.
• It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
• It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights. – And it strikes a balance when public responsibility supports disclosure of some forms of data – for example, to protect public health.
• For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.
• It enables patients to find out how their information may be used, and about certain disclosures of their information that have been made.
• It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
• It generally gives patients the right to examine and obtain a copy of their own health records and request corrections.
• It empowers individuals to control certain uses and disclosures of their health information.

Steve’s personal thoughts

I think if people just followed the 10 Commandments, the 7 Noahide Laws, and the Golden Rule, and be careful about Gossip,  we wouldn’t have to have ALL these pages and tons of paperwork.

What is #PHI?

PHI is any health information that can be tied to an individual, which under HIPAA means protected health information includes one or more of the following 18 identifiers. If these identifiers are removed the information is considered de-identified protected health information, which is not subject to the restrictions of the HIPAA Privacy Rule.

So, we don’t share this with ANYONE, unless we need to, to get you the Insurance Coverage you requested!

1. Names (Full or last name and initial)
2. All geographical identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the U.S. Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000
3. Dates (other than year) directly related to an individual
4. Phone Numbers
5. Fax numbers
6. Email addresses
7. Social Security numbers
8. Medical record numbers
9. Health insurance beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers (including serial numbers and license plate numbers)
13. Device identifiers and serial numbers;
14. Web Uniform Resource Locators (URLs)
15. Internet Protocol (IP) address numbers
16. Biometric identifiers, including finger, retinal and voice prints
17. Full face photographic images and any comparable images
18. Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data ^{HipaaJournal.com} *

Sec. 160.103 Individually identifiable health information  PHI)  is information that is a subset of health information, including demographic information collected from an individual, and:

(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

hhs.gov/hipaa

hhs.gov/hipaa/for-professionals

CMS Webinar on PHI

Key Resources for Agent and Broker FFM Requirements and
Regulations
• Overview of FFM Standards of Conduct for Agents and Brokers
• Providing Accurate Information to the Marketplaces and Consumers
• Best Practices for Interacting with Consumers
• Requirements for Naming Your Business or Website
• Privacy Notice Statements
• Consumer Consent Record
• Authorized Functions of PII and Reporting PII Breaches
• Monitoring and Oversight

Hints on writing the privacy notice in Plain English

• Plain Language.Gov
  • Videos
• Our Quote Engines –  Privacy Policy
• This websites Privacy Statement
• Our webpage on Plain Meaning Rule – Read the policy 3 times
• How to comply with PHI disclosure requirements  Solutions
  • Paubox.com
  • Sample business associate agreement
  • National Association of Health Underwriters now NABIB – Compliance Guide

Insurance Company Forms

Affiliate Insurance Companies 
Follow the links and find their privacy statements

Blue Cross’s Privacy Statement

Blue SHIELD Privacy Statement – Release Form

Consumer Links

Summaries and Links

• Our page on how to read law – 3 times and when you think you understand it, read it again.
• Office for Civil Rights – HIPAA H & HS Website – has a ton of information and links
• Health Systems Say Feds Should Step In To Fend Off Cyberattacks
• Our webpage on California Privacy
• Privacy wikipedia.org/
• wikipedia.org HIPAA 
• Medical Company Cyberattack May Have Snared Data On 2 Million People
  • 20 Million US Patients Have Had Data Exposed In Hacks Already This Year
  • Cyberattacks are raising health care costs
  • Nearly 4M patients hit in healthcare breaches reported last month  — KHN version
• harvard.edu 
• privacy  Torts
• Privacy Rights.org
•  Health Privacy . Org
• Jewish Thought on #Gossip, Tale Bearing JewFAQ.org
  • Online Education  Torah.org
• CMS Webinar 56 pages on Privacy
• Health Information Privacy  hhs.gov/hipaa
• How to avoid HIPAA pitfalls when managing online reviews of your hospital or medical practice
• Our Webpage on Maternity, Birth Control, Infertility & Reproductive Rights
  • HIPAA won’t protect you if prosecutors want your reproductive health records
  • U.S. health laws don’t always protect abortion information, but new bills could fill the gaps
  • No ‘slam dunk fix’ in HIPAA privacy law to protect abortion patients

Actual Text of the Law

45 CFR Part 164 – SECURITY AND PRIVACY

1. Subpart A – General Provisions (§§ 164.102 – 164.106)
2. Subpart B [Reserved]
3. Subpart C – Security Standards for the Protection of Electronic Protected Health Information (§§ 164.302 – 164.318)
4. Subpart D – Notification in the Case of Breach of Unsecured Protected Health Information (§§ 164.400 – 164.414)
5. Subpart E – Privacy of Individually Identifiable Health Information (§§ 164.500 – 164.534)