Merge pull request #9 from CodeRunRepeat/tasks/1840-hipaa-basics

HIPAA basics documentation
This commit is contained in:
Omri Mendels 2020-03-19 09:29:51 +02:00 коммит произвёл GitHub
Родитель ec165f3d6b 4eeb2e2293
Коммит 288e8bdcd8
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
4 изменённых файлов: 81 добавлений и 0 удалений

4
docs/.markdownlint.json Normal file
Просмотреть файл

@ -0,0 +1,4 @@
{
"MD013": false,
"MD033": false
}

Просмотреть файл

@ -0,0 +1,13 @@
# Overview
## What is HIPAA?
HIPAA is a U.S. regulation that gives patients greater access to their own medical records and more control over how their personally identifiable health information is used. The regulation also addresses the obligations of healthcare providers and health plans to protect health information.
## What is PHI?
PHI stands for Protected Health Information and it includes data elements that can be used within a data set to identify an individual and disclose their medical records and/or health related financial history.
## What is HIPAA compliance?
In order to be HIPAA compliant, entities such as health care providers or employers that manage PHI, and providers of services to these entities, must ensure that technical, physical and administrative safeguards are in place and adhered to, in order to protect the integrity of PHI. They are also required to follow specific procedures if the integrity of PHI is breached.

Просмотреть файл

@ -0,0 +1,35 @@
# Protected Health Information
## PHI data types
The 18 different types of data elements that are considered PHI identifiers are:
1. Names or part of names
1. Geographical identifiers
1. Phone numbers
1. Email addresses
1. Medical record numbers
1. Account numbers
1. Vehicle license plate numbers
1. Web URLs
1. Fingerprints, retinal and voice prints
1. Any other unique identifying characteristic
1. Dates directly related to an individual
1. Fax numbers
1. Social Security numbers
1. Health insurance beneficiary numbers
1. Certificate or license numbers
1. Device identifiers and serial numbers
1. IP addresses
1. Full face or any comparable photographic images
Source: [https://www.hipaajournal.com/considered-phi-hipaa](https://www.hipaajournal.com/considered-phi-hipaa/)
## Deidentifying PHI
The PHI deidentification guidance specifies two different approaches:
1. *Expert determination* applies supervised statistical methods to review the data and confirm whether individuals would be identifiable from the data.
1. *Safe harbor* removes all data of the 18 PHI types, thus making re-identification impossible as per HIPAA definition.
Source: [https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html](https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html)

Просмотреть файл

@ -0,0 +1,29 @@
# Source material
## PHI identifiers
1. Names
2. Geographical subdivisions smaller than a State (see [Identifiers list](#identifiers-list) for details)
3. Dates directly related to an individual (see [Identifiers list](#identifiers-list) for details)
4. Phone numbers
5. Fax numbers
6. E-mail addresses
7. Social Security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate/license numbers
12. Vehicle identifiers and serial numbers, including license plate numbers
13. Device identifiers and serial numbers
14. URLs
15. IP address numbers
16. Biometric identifiers, including finger and voice prints
17. Full face photographic images and any comparable images
18. Any other unique identifying number, characteristic, or code
## Links
* <a name="hipaa-site">[HIPAA official site](https://hipaa.com/)</a>
* <a name="identifiers-list">[List of identifiers](https://cphs.berkeley.edu/hipaa/hipaa18.html)</a>
* <a name="compliance-checklist">[HIPAA compliance checklist](https://www.hipaajournal.com/hipaa-compliance-checklist/)</a>
* <a name="deidentification-guidance">[Deidentification guidance](https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html)</a>