HIPAA Basics Assignment
This assignment relates to the following course learning outcomes:
< Examine healthcare privacy, confidentiality, legal and ethical issues.
< Comply with legislative and regulatory processes related to healthcare occupations
and health information.
In this assignment you will be learning about some of the basic actions HIPAA requires covered
entities to perform related to medical records. You should use your textbooks as well as the
hhs.gov website to assist you in completing this assignment. The hhs.gov site can be accessed
within Canvas by going to your Course resource module and clicking on HIIM Resource Guide.
HIPAA requires covered entities to provide patients with a Notice of Privacy Practices (NPP). It
also requires that patients (or their authorized representative) be given a copy of their medical
record and that they can request an amendment to their medical record if they feel it is inaccurate.
1. Find an example of a NPP, request for medical records for an individual patient and a
request to amend a medical record. This can be accomplished in several ways: Search the
internet to find the home page of a healthcare provider and look for these on their
website. Many providers now have these documents and forms available on their website.
Search the internet for generic examples of these documents. Ask your personal
healthcare provider for a copy of these documents. You will be uploading your example
documents so you will need to scan any printed versions you might get and convert them
to a .pdf file.
2. Perform a search of the hhs.gov site to review any HIPAA requirements for the 3
documents you found in step #1. Review the documents and determine if they are in
compliance with applicable rules and regulations. Also review them for ease of use from
a patient’s perspective. What did you like/dislike about each document?
3. As you review the hhs.gov site and your textbooks answer the following questions:
G What are the required disclosures for PHI authorized by HIPAA? Hint: There are
only 2 required disclosures. There are many other instances in which disclosure
may be given, but only 2 that must be adhered to in all instances.
G When must a healthcare provider give an individual who has a direct treatment
relationship with the provider their NPP?
G What should the covered entity make a good faith effort to obtain after giving
individuals the NPP?
4. Submit your documents along with your analysis and your answers to the questions in #3
on the assignment due date. Your analysis and answers should be typed.
5. Follow written assignment instructions as necessary. Cite references as appropriate.
HIPAA Basics Assignment