HIPAA (Health Insurance Portability and Accountability Act) are federal regulatory standards, created to outline what counts as lawful and unlawful health information disclosure. If you run a healthcare organisation, then it’s very important that you comply with HIPAA, in order to protect your patient’s privacy. HIPAA is regulated by the Department of Health and Human Services. If your organisation is in breach of HIPAA regulations, then you could get into a lot of trouble. It could even result in you being forced to close.
This post will outline nine things you didn’t know about HIPAA:
If you are responsible for overseeing the daily management of a healthcare organisation, then it’s very important that you have your staff trained in HIPAA. Sending your staff away to HIPAA training courses is an effective way of ensuring that you don’t end up getting into trouble. More often than not, untrained staff are responsible for HIPAA breaches. The Office for Civil Rights, which enforce HIPAA regulations, will not accept ignorance as a defence. If you are going to have your staff trained, then it’s essential that you find a reliable and experienced course provider. A good way to determine whether or not they are worth working with is to check their reviews and testimonials.
A common HIPAA breach that’s made is sharing patient health information with their employers. It’s not uncommon for employers to reach out to healthcare organisations, to try and find out information about their staff’s health. This is especially common in industries or lines of work that require physical fitness, like private security. Healthcare organisations can only share a patient’s medical records after the patient has authorized them to. If an employer approaches your organisation claiming that the patient has given authorization for them to access their medical records, you need to receive written confirmation from the patient in question first.
HIPAA compliance is not optional. If you do not comply with HIPAA, then your organisation can get into a lot of trouble. While it might seem unnecessary, it is unavoidable. It’s very important that in addition to training staff, you read extensively about HIPAA. It’s especially important to research how HIPAA works in relation to digital storage, like Cloud storage. If you don’t adhere to HIPAA regulations, then your organisation can receive fines. HIPAA compliance is very easy, so as long as you follow the practices outlined in training, then you won’t have any issues.
You don’t need a patient’s consent to share their information with another doctor, as long as you are doing so in a professional capacity. If you are gossiping about patients and sharing their information then this is not allowed. Doctors are permitted to disclose patient information for payment, healthcare operations, and treatment. Any other reason is not allowed. If you are found to be sharing patient information without their approval to other doctors, you can be made unemployed. Sharing patient information isn’t something that’s taken lightly, especially if sensitive information is being shared.
Something that you might not know is that patients can have their friends and family collect prescriptions on their behalf. Releasing prescriptions into another person’s care is not a breach of HIPAA, contrary to common belief. The only condition under which a person cannot collect another person’s prescription is if they cannot produce evidence, proving that they have been given information. It is up to the discretion of pharmacists whether or not they release prescriptions if the person collecting the medicine has not got an official prescription form with them. Another one might need to be printed. With that said, many prescriptions are now sent electronically so this might not be necessary.
Healthcare organisations are permitted to share information with a patient’s family if it is relevant to their care. Otherwise, this is not allowed. A family member cannot ring up a person’s doctor and ask to access their information. Were a doctor to give information to a patient’s family without the patient’s approval (or if it was not related to treatment), then a doctor could be fired. The only other time that a family member can request a patient’s information is if the patient has some kind of addiction, and the family member wants to find out what’s going on with their treatment.
Image Source: unsplash
Healthcare organisations cannot use their patients’ information for marketing purposes unless a patient has given them express permission to do so. General communication is allowed, however. When your staff take their HIPAA course, this will be covered extensively so they know exactly what is allowed and what is not. If health organisations are found to be using their patients’ information for marketing without their approval, they can be sued and fined. Illegally marketing your patients’ information is not dealt with softly.
Email communication regarding a patient is allowed, even if the doctors communicating aren’t used encrypted devices. People wrongly believe that doctors are unable to communicate via email because online hacking is increasing in frequency. At this time there are no limitations on email communication, although this could potentially change in the future. Cyber theft is becoming alarmingly common, so there is the potential for electronic communications to become restricted. It is important that doctors use discretion and only send information that is not highly sensitive by email unless it is an emergency. While there are no limitations, many doctors won’t send sensitive information by email.
One last thing that you should know about HIPAA is that EHR (Electronic Health Record) mistakes aren’t a breach of HIPAA. If a doctor checks a patient’s medical record and accidentally accesses somebody else, they cannot get into trouble. This is because doctors regularly check thousands of patients’ records on a weekly basis. If one doctor is regularly making mistakes, however, then they will be investigated by the relevant and authoritative departments in charge of HIPAA enforcement.
If you work in the healthcare industry, then it’s a very good idea to familiarise yourself with HIPAA regulations. Knowing what they are, how they work, and how they are implemented will save you from making mistakes with your patients’ information. A mistake could ruin your career, so be careful.