HIPAA for Cancer Educators: Are You Correctly Using PHI?

Privacy and confidentiality policies and practices, including Health Insurance Portability and Accountability Act (HIPAA) policies, may vary from institution to institution because they are developed to be institution-specific. HIPAA privacy and security regulations represent the minimum standards, and the expectation is that institutions will develop policies and practices that are reasonable and appropriate for their institution. These privacy and information security safeguards impact the use of sensitive and protected data often used by cancer educators. Therefore, it is important for cancer educators to be familiar with the policies, rules, and guidelines their institution has developed to comply with HIPAA. However, despite institutional differences, certain principles related to the confidentiality, protection, and uses of a patient’s health information remain consistent. HIPAA provides two sets of regulations that directly impact the work of many cancer educators: privacy and information security. The HIPAA Privacy Rule includes some security requirements, and HIPAA Security Regulations were designed to ensure privacy of the patient’s protected health information (PHI). This paper focuses primarily on the privacy factors.