Project 3: HIPAA, PII, and PHI Training

Project 3: HIPAA, PII, and PHI Training

Top of Form

The human resource department is updating its HIPAA Basic Training for Privacy and Security course. As a security analyst for the hospital, you have been tasked with covering the topics in the training related to the HIPAA security rule and the information that hospital staff need to know regarding personally identifiable information (PII), personal health information (PHI), and electronic personal health information (ePHI) to comply with federal regulations.

This week, you will submit your presentation. The presentation should include voice overlays as narrative for each slide. Include one to two slides for each bullet below (4-8 slides total) explaining the following:

· HIPAA Security Rule

· HIPAA, PII, PHI, and ePHI Definitions

· Safeguarding of PII, PHI, and ePHI

· Disclosures of PII, PHI, and ePHI

You may want to refer to the 

HIPAA Learning Resources 

from last week.

How Will My Work Be Evaluated? In this training guide, you will demonstrate how to integrate your IT skills in an organizational setting. You’ll be combining your technical skills with effective communication techniques to provide learning resources for the client/customer. You will not be evaluated on the voice recording quality. The following evaluation criteria aligned to the competencies will be used to grade your assignment: · 1.2.2: Employ a format, style, and tone appropriate to the audience, context, and goal. · 1.3.3: Integrate appropriate credible sources to illustrate and validate ideas. · 1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience. · 2.3.3: Explain inferences and deductions that follow logically from the evidence provided. · 12.1.3: Communicate policies, processes, and/or procedures to stakeholders. · 12.3.1: Select controls. · 12.3.2: Describe the implementation of controls. · 12.3.3: Explain how to assess controls. · 12.9.1: Describe organizational compliance with government legislation that impacts technology. · 12.9.2: Explain organizational compliance with industry regulations.

9/16/2020

HIPAA

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/hipaa.html?ou=510377 1/3

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996

to improve the security of the storage and use of health care data. These regulations

define how health care agencies must secure patients’ personal information and regulate

its disclosure.

IT staff members should understand how HIPAA applies to their work so they can

correctly handle sensitive information and demonstrate the organization’s

compliance

with the law in order to protect patients and the organization (DNS Stuff,

n.d.). Unauthorized access or release of data can lead to problems for the individuals

whose data has been compromised and also fines and penalties for organization (Ashraf,

n.d.). Two important IT-related aspects of HIPAA are the Privacy Rule and the Security

Rule.

HIPAA Privacy Rule

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical

records and other personal health information and applies to health plans, health care

clearinghouses, and those health care providers that conduct certain health care

transactions electronically. The Privacy Rule requires appropriate safeguards to protect

the privacy of personal health information and sets limits and conditions on the uses and

disclosures that may be made of such information without patient authorization. The rule

also gives patients specific rights over their health information, including rights to examine

and obtain a copy of their health records, and to request corrections (HHS, “Privacy

Rule,” n.d.).

The Privacy Rule protects all “individually identifiable health information” held or

transmitted by a covered entity or its business associate, in any form or media, whether

electronic, paper, or oral (HHS, “Summary of the HIPAA Privacy Rule,” n.d.). The Privacy

Rule calls this information “protected health information (PHI).” PHI is information,

including demographic data, that relates to:

Learning Topic

9/16/2020 HIPAA

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/hipaa.html?ou=510377 2/3

the individual’s past, present or future physical or mental health or condition,

the provision of health care to the individual, or

the past, present, or future payment for the provision of health care to the

individual, and that identifies the individual or for which there is a reasonable basis

to believe it can be used to identify the individual, such as name, address, birth date,

Social Security number).

HIPAA Security Rule

The Security Rule (HHS, “Summary of the HIPAA Security Rule,” n.d.). requires covered

entities to maintain reasonable and appropriate administrative, technical, and physical

safeguards for protecting electronic personal health information (ePHI). Specifically,

covered entities must:

1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive,

maintain or transmit;

2. Identify and protect against reasonably anticipated threats to the security or

integrity of the information;

3. Protect against reasonably anticipated, impermissible uses or disclosures; and

4. Ensure compliance by their workforce.

Note that the concept of personal health information is very similar to the term personally

identifiable information (PII), which is a broader term used by the federal government to

indicate “any information about an individual maintained by an agency, including any

information that can be used to distinguish or trace an individual’s identity, such as name,

Social Security number, date and place of birth, mother’s maiden name, or biometric

records; an any other information that is linked or linkable to an individual,” such as

medical, educational, financial, and employment information (GAO, 2008).

References

Ashraf, A. (n.d.). PII and PHI overview: What CISSPs need to know.

Infosec. https://resources.infosecinstitute.com/category/certifications-

training/cissp/domains/asset-security/protecting-privacy/#gref

Department of Health and Human Services (HHS). (n.d.). The HIPAA privacy

rule. https://www.hhs.gov/hipaa/for-professionals/privacy/index.html

9/16/2020 HIPAA

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/hipaa.html?ou=510377 3/3

Department of Health and Human Services (HHS). (n.d.). The HIPAA security

rule. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

DNSStuff. (n.d.) What is HIPAA compliance? https://www.dnsstuff.com/what-is-hipaa-

compliance

United States Government Accountability Office (GAO). (2008). Privacy: Alternatives exist

for enhancing protection of personally identifiable

information. https://www.gao.gov/new.items/d08536

Resources

Provider Responsibilities Under HIPAA

(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/your-practice-

and-the-hipaa-rules.html?ou=510377)

Electronic Health Records, the HIPAA Security Rule, and Cybersecurity

(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/electronic-

health-records–the-hipaa-security-rule–and-cybersec.html?ou=510377)

Educating and Training Your Workforce

(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/educating-

and-training-your-workforce.html?ou=510377)

© 2020 University of Maryland Global Campus

All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity

of information located at external sites.

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/your-practice-and-the-hipaa-rules.html?ou=510377

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/electronic-health-records–the-hipaa-security-rule–and-cybersec.html?ou=510377

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/educating-and-training-your-workforce.html?ou=510377

9/16/2020

Presentation Resources

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 1/7

Presentation Resources

Source: cnythzl / Getty Images

A narrated presentation is for a specific audience to which you would ideally present in

person or online in real time, but for practical reasons, you need to record for later

viewing.

While Microsoft PowerPoint is considered the default presentation tool for presentations,

you may consider using other presentation platforms or tools. Just be sure the tool

supports prerecorded narration.

Preparing for Your Presentation

As with any project, it is good to begin by creating an outline. This will help you determine

how many slides you will need to develop and how much information you will need to

present on each slide. It should also help determine a logical order in which to present

material.

Be sure to dedicate enough time to the narrated presentation to get the timing for

transitions right, and ensure that the sound is clear and the narration is at the right

volume.

Creating Slides

Course Resource

9/16/2020 Presentation Resources

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 2/7

Source: cnythzl / Getty Images

A good

recorded

presentation

shares most of

the same traits

as a good live

presentation.

Your

presentation

should not be

an academic

paper cut into

text-filled

slides. You are

giving a talk to

an audience, so

the narrative

should provide

most of your

ideas and

argumentation.

Be sure the

themes either

flow or

transition appropriately from slide to slide.

Here are some recommendations:

Keep slides uncluttered by using brief bullet points—only a few key words each.

An easy way to make your presentation look more appealing is to use one of the

designs provided within PowerPoint.

Adding images and/or clip art is another good way to add visual interest to your

presentation, but don’t overuse slide transitions or animations, as these can be

distracting.

When you are citing sources of information on a slide, use a small font size so the

citations don’t detract from the primary points.

Be sure to proofread carefully: Any errors on a slide will be particularly noticeable

because of the relatively small number of words.

When you record audio for each slide, a loudspeaker icon will appear in the middle

9/16/2020 Presentation Resources

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 3/7

Source: cnythzl / Getty Images

of the slide. You can drag this icon to a better position (often the bottom right

corner of the slide) so it doesn’t interfere with the text.

Writing the Script

The script for your presentation can be a complete word-for-word documentation of what

you intend to say as each slide is displayed, or it can be a much briefer set of notes to use

as a reminder while you are recording to ensure that you cover all the points. The latter

approach is preferable, because this makes it less likely that you will sound rushed or

overly scripted when speaking. Keep in mind that if you were making the presentation in

person, you would not want to be reading your comments; instead, you would want to

make eye contact with the audience.

9/16/2020 Presentation Resources

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 4/7

Source: cnythzl / Getty Images

Here are some additional recommendations for your script:

Try to keep the amount of narration to less than two minutes per slide. If you need

to say more than that, create another slide so the audience doesn’t get bored.

Make sure the script and what appears on the slide are closely related so the

audience can easily follow what you have to say.

Don’t simply read the material on the slide—add value by providing additional

information.

Recording the Narration

At this point, you have created and saved slides as a PowerPoint presentation, and you

9/16/2020 Presentation Resources

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 5/7

Source: cnythzl / Getty Images

have the script ready. Now it’s time to record the audio.

Here are a few general recommendations before you record:

If you are using a computer to record, use a headset/microphone combination rather

than using the computer’s built-in speakers and microphone for better audio quality.

It isn’t necessary to spend a lot on a headset/mic (typically $20 or less), and you will

be rewarded with better sound quality and less background noise.

Make sure the headset/mic is installed and working. There are simple programs on

both Macs and PCs that allow you to test whether recording is occurring and

whether the sound quality is acceptable.

Choose a quiet location to record so that background noise is minimal.

9/16/2020 Presentation Resources

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 6/7

Source: cnythzl / Getty Images

When you begin recording, speak clearly and conversationally without rushing.

Remember that it’s easy to redo the audio for a slide. If you’re not happy with the

way it sounds, you can do it again.

Once you have completed and narrated the presentation, it is a good idea to email

the file to another computer. If you are able to watch and listen to the slide show

successfully on the second computer, you will know that the audio files have been

successfully embedded in the presentation.

For Technical Support

Below are

specific

recording

instructions for

some common

tools for

presentations:

Record a Slide

Show With

Narration and

Slide Timings in

PowerPoint

(https://support.office.com/en-us/article/record-a-slide-show-with-narration-and-

slide-timings-0b9502c6-5f6c-40ae-b1e7-e47d8741161c)

Getting Started With Microsoft Sway (https://support.office.com/en-

us/article/getting-started-with-sway-2076c468-63f4-4a89-ae5f-424796714a8a)

https://support.office.com/en-us/article/record-a-slide-show-with-narration-and-slide-timings-0b9502c6-5f6c-40ae-b1e7-e47d8741161c

https://support.office.com/en-us/article/getting-started-with-sway-2076c468-63f4-4a89-ae5f-424796714a8a

9/16/2020 Presentation Resources

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/course-resource-list/presentation-resources.html?ou=510377 7/7

If you have technical difficulties with using PowerPoint, contact the UMGC 360 Help

Desk, available 24/7 http://support.umgc.edu Phone: 1-888-360-UMUC (8682).

© 2020 University of Maryland Global Campus

All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity

of information located at external sites.

9/16/2020

Information Security Breaches

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/information-security-breaches.html?ou=510377 1/2

yougyet / E+ / Getty Images

Information Security Breaches

According to HIPAA, a breach is any impermissible use or disclosure that compromises the

security or privacy of protected health information.

Covered entities (CEs) and business associates (BAs) are responsible for reporting any

breaches of unsecured personal health information (PHI).

CEs and BAs that fail to comply with the HIPAA rules can face civil and criminal penalties.

Learning Topic

9/16/2020 Information Security Breaches

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-topic-list/information-security-breaches.html?ou=510377 2/2

Resources

The following link will take you to a document that will discuss breach notification,

HIPAA enforcement, and other laws and requirements that an IT professional should

be aware of:

Breach Notification, HIPAA Enforcement, and Other Laws and Requirements

(/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/breach-notification-

-hipaa-enforcement–and-other-laws-and-requi.html?ou=510377)

© 2020 University of Maryland Global Campus

All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity

of information located at external sites.

https://leocontent.umgc.edu/content/umuc/tus/cmit/cmit320/2208/learning-resource-list/breach-notification–hipaa-enforcement–and-other-laws-and-requi.html?ou=510377