HIPAA Training


Caregiver training in the senior care industry for professional caregiver employment is regulated by the State’s Department of Health. Twelve hours of training must be completed each year to stay compliant with State regulations.  Caregivers out of compliance are not authorized to work.


  • Read the following HIPPA lesson.

  • Complete the quiz then press the Submit button, you will immediately see your score.  A passing score is 80 points and above.  If you score lower than 80 points, please retake the quiz. 



HIPPA provides information about the requirements of the Health Insurance Portability and Accountability Act (HIPPA) particularly as it relates to patient privacy.

Strict guidelines for maintaining privacy, confidentiality, and security of health information are also part of HIPPA legislation.


The Health Insurance Portability and Accountability Act of 1996 (HIPPA), also known as “Kennedy-Kassebaum “, passed congress rapidly and with great bipartisan support in 1996. Many aspects of the legislation have been implemented in the ensuing years; the deadline for full implementation of the privacy and confidentiality requirements was April 14, 2003.


Health care providers and organizations have strict guidelines that must be followed to remain within the law.  HIPPA also contains other requirements that have an impact on employers, insurance companies, and purchases of health insurance coverage.

HIPPA is needed because health care professionals realized the need to protect patients from unauthorized use of their health information; at the same time, they want to have access to needed information when treating a patient.


Widespread of electronic data is facilitating the rapid transfer of information and the Institute of Medicine has urged the creation of standards so electronics records can be available (Follansbee, 2002).  Similarly, the public is concerned about the privacy of their medical records.  Prior to the electronic medical record, patient information was maintained in paper form and neatly locked away, accessible only to those who had authorized access.

HIPPA describes those affected by the law as “covered entities”. Included under this umbrella are health care clearinghouses, and business associates.   


HIPPA also contains an administrative simplification section designed to improve the efficiency of health information coding to facilitate the digital transfer of information between and among health care providers, payers, and health plans.


HIPPA creates safeguards so that only those people or entities having a real need to know health information will be able to access it (Calloway and Venegas 2002).


The HIPPA rules complement other standards that protect patients’ rights, i.e., the joint Commission on Accreditation of Health Care Organizations (JCAHO ) and the Centers for Medicare and Medicaid Services (CMS).


Compliance with privacy rules promises to be a cornerstone of future JCAHO and Medicare/ Medicaid surveys.


Remember, compliance ID is mandatory, not voluntary.


HIPPA created two new phrases to describe information protected by the legislation. The medical record is now referred to as protected health information (PHI). This includes all information that is created by any covered entity.


All forms of the information are part of protected health information i.e., paper, electronics, videotapes, photos, audiotapes, and any information that has been duplicated, discussed, read from a computer screen or shared over the internet.

HIPPA also established the “minimum necessary rule” which stipulates that only the minimum necessary information may be shared, even with patient authorization.

Patients must be fully informed about the way agencies use a signed authorization and are entitled to receive a free accounting every twelve months describing how their health information has been used.


All covered entities are required to comply with certain procedural rules. Most have had to develop new policies and procedures to address the many aspects covered under these rules.

Here are a few of the rules.

  1. All forms of communication must be addressed in administrative safeguards.

  2. Training must be provided to employees to assure that they are informed about patient rights and disclosure of information.

  3. Agencies must develop an internal compliance process that will assure no patient rights are violated, complaints are addressed and investigated, and that a process for remediation is in place.

  4. Agencies must agree and have policies that specify no retaliation for an employee or consumer who files a complaint.

  5. Agencies must appoint a privacy officer who will monitor and audit compliance.

  6. HIPPA requires that agencies document any and all violations and that sanctions parallel other disciplinary policies.

  7. Agencies must have a process for mitigating any harmful effect of disclosure.


The public health department is deemed a legitimate recipient if certain personal health information and providers may, in fact in some instances, must report some findings to the proper public health agency. Included are the cause of death even when the patient dies at home, reportable communicable diseases, child abuse, reporting as an adverse drug reaction to the Federal Drug Administration, the occurrence of cancer in a state with a cancer registry, meningitis, and immunizations for children. These examples are thought to be important to the health of the public (Campos-Outcalt  2004).

As part of the HIPPA rule promulgation, centers for Medicare and Medicaid Services CMS mandated standardization of transaction and code sets (TSC) to reduce duplication, confusion, and non-compliance. CMS admits that problems with these coding sets exit; new ICD-10-CM and ICD-10-PCS are thought to reduce the ambiguity and facilitate full implementation of electronic processing.