5 Facts You Might want to Know about HIPAA Privacy
Whether you're the office manager of a busy vision center or the lone physician in a rural town, you have a government-mandated responsibility to safeguard your patient's personal health information (PHI). Here are 5 things you MUST know about the HIPAA Privacy Rule.
1. The HIPAA Privacy rule protects patient information.
The Privacy Rule protects the use and sharing of "individually identifiable health information," which includes:
- Social Security Number
- Birth Date
- The patient's physical or mental health condition in the past, present, or future
- The patient's provision for health care
- The patient's "past, present, or future payment for provision of health care"
Covered entities, or those compelled to comply with HIPAA laws, MUST obtain the patient's written consent for the disclosure of any protected information.
Information which does NOT disclose a patient's identity is not protected by HIPAA privacy regulations, but this de-identification must be confirmed by a statistician in order to be valid, and the covered entity must have no "actual knowledge that the remaining information could be used to identify the individual,"
2. The regulations apply to a variety of organizations.
ANY organization that transmits patient information electronically must comply. This includes:
- Health plans, such as individual and group polices that provide health, prescription, dental or vision coverage
- Health care providers, such as dentists, chiropractors, and other practitioners
- Clearinghouses, such as billing services, management information systems, etc
Not sure if you're considered a covered entity? Find out by visiting the Department of Health and Human Services website.
3. You must comply with these regulations to protect patient information and your organization.
It's plain and simple: Covered entities are required to implement policies to safeguard patients' PHI, and must notify patients of their privacy rights under HIPAA.
HOWEVER, the good news is that HIPAA requirements are scalable. In a one-doctor practice the role of privacy officer might fall on an office manager or assistant, whereas a large hospital might employ a full-time staff member or assemble a privacy board to ensure the proper implementation of the law.
4. You can be fined for non-compliance.
The Department of Health and Human Services, which oversees HIPAA compliance, can impose fines ranging from $100 to $50,000, depending on the severity of the non-complaince. However, if the Department of Justice decides that an individual knowlingly or willingly violated the law, criminal charges may be filed, leading to imprisonment.
5. HIPAA training is available to guide you through compliance.
While the law doesn't dictate how staff members should be trained on these regulations, it is important to make sure that ALL team members are THOROUGHLY educated on HIPAA laws. These laws are vast and complex, so it is a good idea to invest in a qualified HIPAA training course for you and your staff.