Health Information Privacy and Security Week raises awareness of HIPAA laws

The Washington University Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Offices remind everyone of the importance of protecting patients’ protected health information during Health Information Privacy and Security Week April 13-19.

Sponsored by the American Health Information Management Association, activities during the week are designed to raise awareness about HIPAA laws that protect patients’ health information. Among the activities are a luncheon to recognize department liaisons, daily HIPAA compliance hints and a trivia contest.

The HIPAA laws, which affect patients and health-care providers, have granted patients the right to access or amend their own medical record, request a restriction, seek an account of disclosures of and specify authorizations for their health information. Health-care providers are required to notify patients of their rights and how their protected health information will be used, secure all forms of health information and monitor compliance. Failure to comply with the federal regulations could result in civil or criminal penalties.

The Privacy Office and the Information Security Office offer these reminders:

• Patient information should only be accessed on a need-to-know basis and access the minimum necessary.

• Patient information can be shared when appropriate.

• Do not share user-specific passwords to any patient databases.

• Be aware of department procedures, privacy office and liaisons and the HIPAA Web site at

• All employees can help keep patient information secure by notifying either the Privacy or Security Office of any concerns.

• The new security portal can be accessed at

• Do not e-mail protected health information to external recipients without securing the contents.

• No one should ever ask for your password or personal information via e-mail or phone.

• Lock your workstation if you will be away from it for an extended period of time.