HIPAA is the Health Insurance Portability and Accountability Act, put into place in 1996. Title II specifically deals with privacy and is something to be taken very seriously in today’s age of electronic workplace management.
Title II of HIPAA has enforced the establishment of a set of standards regarding electronic transactions of health care related information, this includes requiring national identifiers being assigned to all providers, health plans, and employers.
HIPAA is designed to protect the privacy of individually identifiable health information, or PHI, which is often transmitted electronically to health care plans and used to process claims and issue payment by a “covered entity”, i.e. health care provider, clearinghouse, and health plan. PHI is any information that identifies a patient, such as demographic information, or any information relating to a patient’s condition or care. It is the responsibility of covered entity to follow all rules and regulations to ensure confidentiality and integrity of this information. Covered entities must also have in place procedures to maintain compliance at all times, such as identifying risks, creating a compliance plan, assigning a security officer to oversee compliance and to perform internal audits, and having a business associate agreement with any outside contracted employees.
Simply put, as a health care provider, you must be familiar with all requirements and stay active in keeping your staff trained and aware of HIPAA compliance. Have technical and physical security measures in place to protect PHI. Limit communications of PHI to secure areas such as EHRs, and Practice Management software which are password protected. Never email or text any patient information or identifiers, and make patient privacy a top priority in your practice. Your patients will love you for it!
Refer to HHS.gov for information on how you can stay compliant.