DOME home

















HIPAA Training

With the advent of HIPAA, patients will have greater access to their own medical records and more control over how their personal information is used. The new law will change the way Hopkins does business, and employees need to know how.
Training, therefore, is essential. It will be required for everyone and participation will be monitored. Most training will be available online. Sessions take about 40 minutes to complete.

The training Web site,, is currently under construction and will be complete in mid-March. Employees without access to the Internet will be assigned alternate training methods.

Other materials also have been developed to help educate the Hopkins community about HIPAA, including posters, tent cards and more detailed information on the Web site,

What's Protected Health Information?

At the most basic level, HIPAA protects any patient information that could be used to identify the individual.

"If the data is just a diagnosis," explains Carol Richardson, HIPAA administrative coordinator and privacy officer for Hopkins, "it doesn't become identifiable until you attach a name, address or social security number to it."

For example, if a person comes in for prostate cancer treatment, any of the following information linked to a name and address could reveal the patient's medical condition.

  • Diagnosis
  • Department visited
  • Name of doctor or researcher
  • Lab test results
  • Vital signs
  • Billing data

If a participant agrees to sign up for a research trial, likewise, the information below might become "identifiable."

  • Specific results of tests involved in the trial
  • Answers to survey questions asked during the trial
Whenever a health care provider like Hopkins creates or receives this kind of identifiable health information, it is referred to as protected health information, or PHI.

Which Hopkins Entities are Affected?

When the HIPAA privacy regulations were first unveiled in 2000, the national medical community was concerned that the new rules, if not amended, might cripple the exchange of information inside complex health systems like Hopkins. In the original regulations, for example, if a patient were admitted to the Hopkins Bayview Medical Center, transferred to Hopkins Hospital, then discharged to Hopkins Home Care Services, then each entity would need a separate consent form to share information about that patient.

Fortunately, Health and Human Services, responding to pressure from health care providers, allowed a covered entity to include all affiliated covered entities. Following are the Hopkins entities and parts of entities that constitute the Hopkins' affiliated covered entities for purposes of complying with HIPAA:

The Johns Hopkins Hospital
Johns Hopkins Bayview Medical Center
Howard County General Hospital
Johns Hopkins Community Physicians
Johns Hopkins Home Care Services
Johns Hopkins Pharmaquip
Johns Hopkins Pediatrics at Home
Johns Hopkins HealthCare
Johns Hopkins Ophthalmology Associates

Parts of The Johns Hopkins University:

School of Medicine
School of Nursing
Bloomberg School of Public Health
Whiting School of Engineering
Krieger School of Arts and Sciences


Johns Hopkins Medicine About DOME | Archive
© 2002 The Johns Hopkins University