The Role of HIPAA & PHI When Using Technology

An error occurred trying to load this video.

Try refreshing the page, or contact customer support.

Coming up next: Required Assignments Reminder

You're on a roll. Keep up the good work!

Take Quiz Watch Next Lesson
Your next lesson will play in 10 seconds
  • 0:03 HIPAA
  • 1:10 Example of HIPAA in Action
  • 4:01 Emergency Room and HIPAA
  • 4:59 Another ER Example
  • 6:03 Lesson Summary
Save Save Save

Want to watch this again later?

Log in or sign up to add this lesson to a Custom Course.

Log in or Sign up

Speed Speed
Lesson Transcript
Instructor: Monica Walker
You will have heard about HIPAA, if you are employed by a healthcare facility, a health insurance company or any company that may see medical records because of the services they provide. Your daily work is affected by HIPAA rules of privacy and security. Let's learn about HIPAA.


Let's start with HIPAA first. HIPAA stands for Health Insurance Portability and Accountability Act (HIPAA) of 1996. It is a federal law that provides national standards on how to handle privacy and security of patients' medical records. It must be followed by healthcare facilities, healthcare workers, health insurance companies, and any company or worker that may see medical records because of the job they do (for example, a medical billing company or a technology company).

There are two parts to HIPPA:

  1. Privacy Rule states how Protected Health Information (PHI) is to be used
  2. Security Rule states how electronic PHI is to be protected

When it comes to electronic PHI, you should think of yourself as a gatekeeper. You protect the information using governmental and company policies. You can be fined, and workers can be fined or imprisoned for violating HIPAA and PHI. Now we will use examples to show how PHI should and should not be used.

Example of HIPAA in Action

Mary is at her favorite seafood restaurant for dinner with friends on a Friday night. She had to wait 30 minutes for a table even though they had a reservation. Minutes after Mary is seated, there is a commotion toward the back of the restaurant. Someone asks if there is a doctor or nurse in the restaurant. Since Mary is a licensed registered nurse, she runs to the back of the restaurant to help. She sees a woman who has fainted, and now is not breathing. Mary recognizes the woman as a patient from the clinic she works at. She performs CPR while someone calls 911.

When the EMT arrives and takes over the patient care, Mary accesses the patient's electronic medical records with her personal cell phone. She then informs the EMT that the patient is known to her. Mary then tells the EMT the patient's name is Josie Jones, she is 60 years old, diagnosed with hypertension, diabetes type 2 and hyperlipidemia. The patient is on Lisinopril 20 mg, Lipitor 20 mg and Metformin 45 mg.

Any concerns with this scenario? The information Mary shared was Protected Health Information (PHI). PHI includes health condition and personal identifiers like name, date of birth, address, date of birth, and social security number.

Let's see how much PHI Mary disclosed: the patient's name, age, medical diagnosis, and medications. Was this okay to disclose?

HIPAA Privacy Rule states that PHI can be disclosed for patient care. Mary shared information from the patient's electronic medical record. This is considered electronic PHI.

So what did Mary do wrong? Mary verbally disclosed electronic PHI but did not take note that other people having nothing to do with the patient's care were close enough to hear her. Mary also did not follow her employer's electronic PHI security procedure (do not access patient records on personal devices). Mary overlooked the fact that the patient regained consciousness prior to her sharing electronic PHI. Mary returned to dinner with her friends, after the ambulance left.

Looking at the HIPAA Security Rule a little closer, it specifically talks about protecting the confidentiality, integrity, and availability of electronic PHI.

In order to comply with HIPAA, healthcare companies must develop company-specific procedures for their workers to follow. Healthcare companies must develop and maintain technical security and continue to develop ways to keep up with technology.

In trying to help Ms. Jones, Mary violated the HIPAA privacy rule and the HIPAA security rule, and she should report the incident to her healthcare employer immediately.

Let's look at another example.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account