UnityPoint Clinic Family Medicine and Walk-In Care - Cascade

610 2nd Avenue Northeast
Cascade, IA 52033

Closed Patients
Waiting Now

UnityPoint Clinic Family Medicine and Walk-In Care - Peosta

8456 Commercial Ct
PO Box 80
Peosta, IA 52068

Closed Patients
Waiting Now

UnityPoint Clinic Urgent Care - West

2255 John F Kennedy Road
Dubuque, IA 52002

Closed Patients
Waiting Now

HIPAA Education

What is HIPAA?

The Healthcare Insurance Portability and Accountability Act (HIPAA) is an important federal law dealing with the privacy and security of protected health information. Complying with HIPAA is very important to UnityPoint Health Dubuque. There are fines and even criminal penalties if we do not take reasonable steps to comply.

HIPAA is not just for doctors and nurses. HIPAA also applies to our employees, volunteers and students.

What is protected health information?

Protected health information is any information about past, present or future physical or mental health, health care or payment for healthcare that identifies a patient. Examples of protected health information include:

  • Name 
  • Location smaller than a state
  • All elements of date except year
  • Telephone and fax number
  • Email addresses
  • Social security numbers
  • Medical Record numbers
  • Health Plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifier and serial number
  • Device identifier and serial number
  • Web universal resource locators
  • Internet protocol address number
  • Biometric identifiers (including voice and finger prints)
  • Full face photos
  • Any other identifying number, characteristic or code

HIPAA Privacy Rules

Privacy refers to our duty to prevent others from seeing or using protected health information about our patients. Under HIPAA, we can only use and disclose protected health information for certain permitted purposes. If we use or disclose the information for any other purpose, we may have violated the law.

As a member of our workforce, this means that you should not see or obtain protected health information unless it is part of your job. The Finley Hospital has adopted policies and safeguards to help you understand these rules and to limit your access to information you do not need.

HIPAA Security Rules

Security refers to our duty to keep health information secure and available. Security also refers to steps UnityPoint Health takes to make sure protected health information stays private.

For example, our privacy policies prohibit members of our workforce from obtaining protected health information unless they need it to do their job. Our security safeguards will limit who has a key to the records room or who can log on and view patient information. Thus, privacy and security go hand-in hand!


As a volunteer, this means that you should not see, discuss, or obtain protected health information unless it is part of your duties. You should not disclose protected health information to anyone. Violation of any patient's rights to confidentiality may result in termination.

The Finley Hospital requires you to report if you have first-hand knowledge that there has been a violation of our privacy or security policies or an improper use or disclosure of protected health information. You may report to your Supervisor, the Privacy Officer- 563-589-2607, Compliance Officer-563-589-2573, or the UnityPoint Health Compliance Helpline at 1-8002-548-8778.

How HIPAA Affects You

UnityPoint Health Dubuque needs your help to comply with HIPAA. Here is a simple summary of what we expect from you:

  • Take patient privacy seriously. Be the "patient" and imagine what you would want people in your job to do.

  • Be familiar with the policies and procedure that apply to you.

  • Ask your supervisor or the Privacy Officer if you have questions.

  • Only use or disclose protected health information for permitted purposes and when you need to in order to do your job.

  • Take steps to limit the amount of protected health information used or disclosed to the minimum necessary except when the information is being used to treat the patient. 

  • Promptly report any first-hand knowledge you have of a violation of HIPAA or a breach of The Finley Hospital's privacy and security policies.

Review Questions