Although The Health Insurance Portability and Accountability Act (HIPAA) has been around since 1996, it's only become a more familiar term in the healthcare industry since the implementation of the Privacy Rule in 2001. The Privacy Rule was designed to specifically address the protection of an individual's personal health information. It is important for the vitality of your medical office to maintain HIPAA compliance.
Any organization that accesses patient health information is considered a covered entity and is required by law to comply with HIPAA provisions or face civil and/or criminal penalties. It is imperative that medical records remain confidential and cannot be accessed by people that do not have proper authorization. Disclosures made regarding a patient's protected health information (PHI) without their authorization is considered a violation of the Privacy Rule.
All healthcare providers have a responsibility to keep their staff trained and informed regarding HIPAA compliance. Whether intentional or accidental, unauthorized disclosure of PHI is considered a violation of HIPAA. Here are 5 tips to avoid violating HIPAA:
- Routine Conversation. Healthcare professionals should be very careful to refrain from disclosing information through routine conversation. This can easily be done by mentioning to a third party something seemingly insignificant as saying that John Smith had an office visit today.
- Public Areas. Discussing patient information in waiting areas, hallways or elevators should be strictly off limits. Sensitive information can be overheard by visitors or other patients. Also be sure to keep patient records out of areas that are accessible to the public.
- Trash. PHI should never be disposed of in the trash can. Any document thrown in the trash is open to the public and therefore a breach of information.
- Gossip. Gossip is particularly hard to control. That is why it is important that access to information be strictly limited to employees whose jobs require that information. This type of violation can be particularly damaging to the reputation of your organization especially in small communities where "everybody knows everybody."
- Marketing. Selling patient lists or disclosing PHI to third parties for marketing purposes is strictly prohibited without prior authorization from the patient. Remember that disclosure of patient information should only be accessed for the purpose of providing quality care.