Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

HLT 162 - Selected Topics in Health Science : Hiller: HIPAA

Courseguide for HLT 162

AMA: Amedican Medical Association

HIPAA Background

To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, included Administrative Simplification provisions that required the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.

Following the passage of HIPAA, two additional laws have been enacted that add requirements to HIPAA and strengthen various aspects of administrative simplification. These laws are:

  • Health Information Technology for Economic and Clinical Health Act (HITECH) enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA)
    Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
  • Patient Protection and Affordable Care Act of 2010 (ACA)
    ACA builds upon HIPAA with new and expanded provisions, including requirement to adopt operating rules for each of the HIPAA covered transactions; a unique, standard Health Plan Identifier; and a standard for electronic funds transfer. ACA requires that health plans certify their compliance with the standards and operating rules, and increases penalties for noncompliance.
    -AMA Website



How do I access from home?...

One of your first duties as a student is to "activate" your BCC Campus card...aka...student ID.  Why?  Well, once activated, the back of your library card, the barcode (22777...) becomes your accessPass to the libraries resources from home, or for that matter wherever you are that has a internet connection and a device to load it.

If you are trying to access books or online books, please type in the barcode from the back of your activated BCC Campus card.  This will ensure remote access.

To access Films on Demand

BCC Libraries provides access to a collection of streaming videos specific for anatomy topics. Below is a brief description of the selected titles and instructions on how to access. Please visit the database Films On Demand for further streaming videos on your topic.

Films On Demand videos are accessible on campus and off campus with a valid BCC Campus card activated at the library. If the barcode on the back of your ID is not working (22777...) please visit the Library at any of the three campuses to activate.

Any questions please email me @ Melanie Johnson.

HIPAA Defined

Acronym that stands for the Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers. Developed by the Department of Health and Human Services, these new standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent a uniform, federal floor of privacy protections for consumers across the country. State laws providing additional protections to consumers are not affected by this new rule. HIPAA took effect on April 14, 2003.

- American Psychological Association (APA):
anatomy. (n.d.). Retrieved September 24, 2014,  from website:

Books and Media in the Library

Title: Getting started with HIPAA [electronic resource] / Uday O. Ali Pabrai.
Personal Author: Pabrai, Uday O.

Subject Term:

Title: HIPAA [videorecording] : basic principles for staff education / Medical Consultants Network Inc.
Edition:Version 2.0
System Requirements:DVD.
Physical Description: 1 videodisc (27 min.) : sd., col. ; 4 3/4 in.

The purpose of this video is to educate your staff about the confidentiality, privacy, and information security requirements contained in the Health Insurance Portability and Accountability Act. It will also provide your staff with the key components of a HIPAA compliance plan.

Access: Located @ BCC Fall River - DVD915

Title: Guide to HIPAA security and the law / Stephen S. Wu, editor.
Contents: Background and history of HIPAA / Steven Fleisher -- HIPAA privacy and security / Françoise Gilbert -- Scope and applicability of the security rule / John Christiansen -- The security rule / Mike Jerbic and Stephen Wu -- Implementation / Stephen Fleisher and Stephen Wu -- Enforcement / Françoise Gilbert -- Liability and litigation / Kathryn Coburn.

Access: Located @ BCC Fall River - KF 3827 R4 G85 2007

Title:HIPAA [videorecording] : legal liability issues.
System Requirements:VHS.
Physical Description:1 videocassette (26 min.) : sd., col. ; 1/2 in.

Presents the legal liability issues of HIPAA, the Health Insurance Portability and Accountability Act of 1996. This act requires covered entities to ensure the privacy of Protected Health Information (PHI). The penalties for not protecting the confidentiality of PHI can range from a fine of $50,000 and 1 year in prison up to $250,000 and 10 years in prison. The problem facing health care providers, insurance companies and anyone who handles medical information covered under HIPAA regulations, is how to ensure that medical records and sensitive information is tracked and protected. In order to comply with HIPAA, covered entities must make a 'good faith effort' to meet the 'minimum necessary standard' rule, ensuring that only the very minimum information is ever exchanged between entities in order to achieve specific transactional ends.

Title: Quick guide to HIPAA : for the physician's office / Brenda K. Burton.
Personal Author:Burton, Brenda K.

Access: Located @ BCC Fall River - REF KF 3827 R4 B87 2004 AND KF 3827 R4 B87 2004

Title:Patient privacy under HIPAA [videorecording] : keep it to yourself / HCPro ; reviewer, Chris Apgar ; multimedia producer, Jessica Carbone ; senior manager of production, Matt Sharpe.
Edition:3rd ed.
System Requirements: DVD format.
Physical Description:1 videodisc (30 min.) : sd., col. ; 4 3/4 in.
General Note: "VPSAY3"--disc face."Patient privacy under HIPAA : keep it to yourself, third edition, is a cost-effective and simple way to ensure everyone in your organization is trained to meet the daily challenges that HIPAA places on healthcare workers."--back cover.

Covers both privacy and security training in one convenient package and is designed for ongoing training for new and existing staff.

Subject Term:
Medical records -- Access control -- United States.

Access: Located @ BCC Fall River - DVD2042

Title:Privacy, security, and you [videorecording] : protecting patient confidentiality under HIPAA and HITECH / HCPro, Inc. ; producer, Jessica Underhill ; director, Jay Heard.
Edition:2nd ed.
System Requirements:DVD.
Physical Description:1 videodisc (20 min.) : sd., col. ; 1/2 in. + 1 program summary booklet [7 p.]

This training video combines two vital components of the HIPAA regulation -- privacy and security. Since the U.S. government has strengthened HIPAA enforcement under the HITECH Act, stiffer penalties could cost an organization millions of dollars and damage its reputation beyond repair. This video shows staff the correct way to identify and handle everyday situations that could easily turn into HIPAA violations. Staff will learn by real-life examples the do's and don'ts of HIPAA Privacy and Security Rule compliance and how to avoid the same mistakes that cost two organizations millions in settlements.

1. Introduction -- 2. HIPAA 101 -- 3. Proper disposal -- 4. Laptop security -- 5. Misdirected faxes -- 6. Identity theft -- 7. Record snooping -- 8. Unencrypted e-mail -- 9. Employee confidentiality.

Access: Located @ BCC Fall River - DVD1419

Films on Demand

The Case for HIPAA Risk Assessments
A comprehensive security risk assessment is an important and necessary strategy for health care organizations in identifying gaps in their privacy and security environments. Though risk assessments alone do not directly mitigate data breaches, they can help to significantly decrease risk exposure by enabling an organization to know exactly where its protected health information resides and how it is handled. This program covers the reasons for a HIPAA risk assessment, explores both HITECH and HIPAA enforcement, and considers real-world examples of mistakes made by covered entities and what it cost them. Designated for 3 contact hours of continuing nursing education. Run Time: 35 minutes

The Auditors Are Coming: How to Prepare for an OCR Audit
All health care practitioners now face HIPAA-HITECH enforcement. Many experience the HITECH-mandated Office for Civil Rights (OCR) audits as intimidating, nerve-racking, and in other ways stressful. This program empowers practitioners with vital information as they prepare for the inevitable audit. Attorney James M. Barclay provides an insightful look at the OCR audit process by covering the following topics: reasons for self-audits, sources that generate an audit, how to form an audit team (and who should be on it), the categories of an audit, what the audit team will look for, the steps involved in conducting an audit, documentation requirements, and the review process of an OCR audit. Finally, Barclay walks viewers through one portion of an actual OCR audit. Run Time: 29 minutes

Transaction and Code Set Standards

Transactions are electronic exchanges involving the transfer of information between two parties for specific purposes. For example, a physician will send a claim to a health plan to request payment for medical services. HIPAA adopted certain standard transactions for electronic data interchange (EDI) of administrative health care data. Under the Health Insurance Portability and Accountability Act (HIPAA), if a covered entity conducts one of the adopted transactions electronically, they must use the adopted standard. Covered entities must adhere to the content and format requirements of each transaction. Under HIPAA, the Department of Health and Human Services (HHS) also adopted specific code sets for diagnoses and procedures to be used in all transactions, including the Current Procedural Terminology (CPT®) (outpatient services/procedures), the Health Care Procedure Coding System (HCPCS) (ancillary services/procedures), International Classification of Diseases, Ninth Revision (ICD-9) (diagnosis and hospital inpatient procedures), and ICD-10 (as of October 1, 2015).

Version 5010 electronic transactions
"5010" is the current adopted version of the HIPAA standard transactions.

ICD-10 code set
ICD-10 codes will replace ICD-9 diagnosis codes for use in outpatient and inpatient settings and will replace ICD-9 procedure codes for inpatient settings beginning October 1, 2015. CPT codes will remain the codes used by physicians for reporting procedures in outpatient settings.

New standards
The Affordable Care Act (ACA) mandates the adoption of an electronic standard for conducting electronic funds transfer (EFT) and the adoption of the claims attachment standard that was already named in HIPAA.

  • EFT: Physicians who want to receive reimbursement from their payers via EFT can now require them to do, as of January 1, 2014. Physicians are not required under HIPAA to receive their reimbursement via EFT, however, some payers such as Medicare, may as a condition of doing business, require physicians to be paid in this manner.
    • Learn morePDF FIle on how to implement EFT in your practice.

    It should also be noted that that AMA has received a number of complaints associated with abusive virtual credit card reimbursement practices by payers, which result in hefty fees for physicians. As a result of the new EFT HIPAA standard, physicians who want to avoid being reimbursed through the use of these credit cards will now have a recourse and may request their payers reimburse them via the new ACH EFT standard. If payers refuse to comply they will be out of compliance with HIPAA and should be reported to the Centers for Medicare and Medicaid Services (CMS). The AMA opposes payer’s use of credit card which result in hefty fees for physicians, as explained in "The effect of health plan virtual credit card payments on physician practicesPDF FIle."

  • Attachments: HHS has not yet named a standard for attachments.

Operating rules for transactions
ACA mandates the adoption of operating rules for each named HIPAA standard transaction.

- Source : AMA American Medical Association