If you've been involved in healthcare for more than a month, you've heard the term 'HIPAA compliance'. It's practically a catch phrase in the field, since the law that the concept is based around governs a great deal about interactions between patients, providers, and practices.
Most likely, you've heard it so many times that you've forgotten some of the finer points-a dangerous position for any healthcare practice or provider.
To make sure that doesn't happen to you, below is a succinct refresher on the finer points of HIPAA compliance, including legal requirements and patient rights for both patients and providers. Note: Please consult an attorney for legal advice as it relates to HIPAA compliance.
All patient information is private, but the information that is especially
protected includes . . .
Contact or personally identifying information (e.g. address, phone numbers,
Biometric identifiers (e.g. fingerprints and photographs)
Every patient has the right to...
Informed consent: permission for treatment granted only after the patient
has been made aware of the full potential consequences, both risks and benefits,
as well as all potential treatment options.
Cost and coverage details: includes information about costs for all treatments/services,
insurance coverage, payment decisions, and appeal processes related to those
decisions; everything must be discussed prior to treatment, as well as clear,
legible, and easy to understand.
Choice: the right to choose doctors, have access to specialists, and be
informed about providers, prior to an appointment.
Confidentiality: every word, gesture, and action that alludes to a medical
condition, treatment circumstance, or personally relevant detail is protected
by patient-doctor confidentiality and HIPAA compliance laws.
Full disclosure: the right to know about provider incentives or restrictions
that could affect "practice patterns".
How to Stay Compliant
To maintain HIPAA compliance, you must always . . .
Verify identity: before releasing any details over the phone or in person,
always err on the side of caution and verify identity by asking for personally
identifying information (PII), like a birth date or a driver's license.
Verify contact information: before sending any information to another provider
or the patient, make sure you verify the contact details (mail, email, or
fax) to ensure information is not sent to the incorrect party. Be very cautious,
however, sending anything by email at all, as accounts are easily hacked.
Question the right of the receiver to possess the information: if sending
patient records to another provider, make sure the person who is receiving
the information has need of the information and knows how to securely handle
Make every effort to keep information secure: this means locking computer
screens to prevent accidental access, keeping passwords up-to-date and private,
and locking patient files in their proper locations after use.
Keep access limited: in all ways, the only individuals who should be able
to access patient files are the doctors and nurses who need the information.
With the huge number of cyber theft and hacking incidents that have occurred
in the last five years, security and the protection of patient information
is more important than ever. Take the time to make sure you're meeting all
the necessary regulations for HIPAA compliance, as each is designed to keep
private patient records out of the hands of thieves or those who would misuse
Most importantly, train your staff on these expectations and on the appropriate handling of PII and ePHI (electronic patient health records). HIPAA compliance never really goes away, and the penalties for letting your policies lapse are harsh. Set up regular trainings and refresher courses for all of your staff and medical providers, instead of relying on one-time or independent training.
Ultimately, your patients and your practice will reap the rewards of your efforts, with fewer and less devastating record compromising incidents. The safer your patients' health records, the more secure your practice.
About the Author - Ashley Choate is a native of Jacksonville, FL where she lives with her son, dog, and three cats. She graduated Magna Cum Laude from Jacksonville University with a BA in English and holds an MAED in Adult Education and Training. She lives for reading and writing, learning and teaching, and figuring out the day-to-day traumas and joys of mommyhood. .
As healthcare reform mandates increase patient payment responsibility; providers need to meet demands for more flexible payment options. NTC Healthcare's revenue cycle management solutions help practices to do just that.