HIPAA, or the Healthcare Information Portability and Accountability Act of 1996, is a federal statute established to help patients maintain their insurance plans. According to the US Department of Health and Human Services, the office for Civil Rights is the government arm involved in enforcing the different provisions of HIPAA which include the HIPAA Privacy Rule; the HIPAA Security Rule, and HIPAA Breach Notification Rule and Patient Safety Rule. All these rules protect the privacy and sharing of patient information and require entities to disclose the occurrence of any security breaches.
HIPAA has a section of provisions called Administrative Simplification. According to the Texas Department of State Health Services, this section aims to promote the following key regulations:
– A standard electronic method of transmission for administrative and financial transaction relating to healthcare services
– Unique health identifiers across all board; for individuals, employers, health insurance providers and health care providers
– Privacy and security standards to prevent the illegal sharing and protect the integrity of health documents
Spotlight on Privacy Rule
The HIPAA highlights its provision, the Privacy Rule, which essentially limits any entity’s access to protected health information. Unless authorized or considered a regulatory exception (i.e. for the benefit of the general public), basically no entity can release the protected health information to any third parties. The protected information refers to all information relating to the person’s medical history and current or future health condition; the healthcare services rendered; and the payment method for the healthcare service. Other protected information also includes names, addresses, contact details, social security numbers and the like. Usually, protected information sharing is allowed when physicians need to know a patient’s medical history in order to treat them better, for billing disputes, and for certification and peer review requirements.
Who Does HIPAA Cover?
Covered entities, as defined by the act, include healthcare providers, insurance providers and clearing houses that transact electronically, according to Smith, Gambrel and Russel Attorneys at Law LLP. Healthcare providers, as the name implies, encompasses any practicing medical or alternative healthcare entites, even schools and non-profit organizations that provide healthcare services. Insurance providers, as you know, are entities that reimburse insured patients for their medical bills. Business owners and employers who at the same time make use of the services of medical insurance providers to provide workers health plans for fringe benefits, are by extension, covered by HIPAA. This means as covered entities, these business owners would have to comply with HIPAA preparation activitiess which include educating employees of privacy policies and posting Notice of Privacy Policies at the work premises and on their website.
HIPAA Training Requirements
One of the slight issues involved with HIPAA is the role of training in HIPAA compliance. The thing about HIPAA is that it doesn’t explicitly require healthcare workers to train on the HIPAA Privacy Rule. However, most third-party advisors and educational providers recommend periodic training and retraining to ensure compliance. Even a HIPAA refresher about six months after initial training can do wonders on helping workers retain information on HIPAA requirements.
How Can Healthcare Professionals Maintain Compliance on the Job?
Helen Osborne, President of Health Literacy Consulting, penned a very insightful article on the matter for Boston Globe’s On Call Magazine. Here’s a summary of her recommendations on how to ensure patient information privacy:
Maintain a sign-in sheet at the reception desk. Ask patients to sign a printed daily appointment sheet kept at the reception counter. Do not ask the patients to sign a master list. This prevents other patients from seeing what the others are there for, thereby protecting everyone’s privacy.
Be courteous. Do not call out a patient out loud and let the whole room why they’re paying their doctors a visit. Osborne suggests that instead of saying “the [insert name of] doctor will see you now,” healthcare professionals should walk up to the patient and call them by their first name only.
Keep all charts and patient records confidential. Keep patient records and charts at a place where it cannot be seen by patients even passer’s by. Make sure the charts are facing the wall than the corridor.
Keeping phone calls private. Make sure to keep all phone calls private. Do not talk loudly that even other people can overhear you.
Secure your database. Ideally, a computer system should require those accessing it a password as well as a fingerprint ID Your computer screen should be locked even just a few minutes of being idle, requiring you to log in again.