logo
Let's Stop Calling It HIPAA

Compliance

Let's Stop Calling It HIPAA

Oftentimes in medicine, or even life in general, we might be required to revisit the origin of a popular belief, phrase, or "common-sense" piece of knowledge. the requirements of the multi-stage meaningful use program, everything just feels different  likely because it actually is.

through numerous transmissions, these concepts can stray far from their original meanings and transform into something entirely different and even erroneous.

Unfortunately that seems to be happening with HIPAA. Speak the words among providers and you'll likely invoke thoughts of uptight regulators in suits and extraordinarily hefty fines issued to those foolish enough to have loads of data on an unsecured laptop computer. However, HIPAA is not about overbearing rules or inconveniently adding to the documentation burden. It is about privacy.

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is simply a federal law put in place to protect the identifying information of any patient getting medical care. It gets a little detailed, but essentially the law was put into place so that providers, clearinghouses, and insurance companies make a serious effort to protect information like names, birthdates, social security numbers, photographs, and any other unique identifier a person may have. The end-goal is that a patient's medical needs are kept private. Aside from being a basic human right, privacy should be protected for additional reasons like the possibility of discrimination against patients by employers or insurers (see preexisting conditions).
Big (Unsecure) Data

For better or worse, we will soon be so proficient at collecting data that nearly every aspect of our lives will be quantified. Despite being completely obtrusive and a little creepy, this massive data collection and analysis will have benefits like solving the obesity epidemic and finding new treatments for many diseases. Unfortunately that is an optimistic view. Currently, most of the data collected with our mobile devices is simply being used to find more efficient ways to market to us. Even more, as we've seen over the past couple of years, we are nowhere near experts at data security. Think back to 2013 when Target failed to protect the credit and debit cards of over forty million customers. However, health data is much more sensitive, considering that we can't simply cancel and replace health information in the same way we would a stolen credit card.

"We're HIPAA compliant& right?"

Aside from data security, there's a lot of confusion around HIPAA in general, especially with smaller medical practices. A recent survey conducted by medical software company NueMD found that practices are far from HIPAA compliant.

Many practices are struggling to train their employees (only 56% of office staff said they've received HIPAA training within the last year). And only 45% of respondents reported that their practice has a (HIPAA-required) breach notification policy. At the end of the survey, respondents were asked, "How confident are you that someone in your business is actively ensuring HIPAA compliance?" With only 38% saying "very confident," it's clear that we, as an industry, have some work to do.

Practices certainly have a lot on their plate, between ICD-10, Meaningful Use, the ACA, but we can't let HIPAA fall to the wayside. Aside from increased communication and simple education, I suggest we do one more small thing to bring the focus back to what matters:

Ditch the Acronym

Whatever reason a patient may have to keep data private, providers should be making it a top priority. With so much conflict surrounding our personal information, we absolutely cannot afford to take this matter lightly. This isn't about documentation written in 1996 or outrageous fines. It is about protecting the privacy of people. So, let us rid ourselves of the strange acronym that reminds us of a water animal and take on this issue by giving it a name that makes sense: PATIENT PRIVACY.


William Rusnak, MD (@RusnakMD) is a resident physician in radiology. He's also a financial investor, entrepreneur, and frequent contributor at NueMD. He writes about healthcare technology and business, and trends in policy and regulation. He plans to practice as a diagnostic or interventional radiologist.


The Conversion to Direct Primary Care

Practice Management

The Conversion to Direct Primary Care:Since hearing about the concept, I personally have been a fan of the direct primary care (DPC) model.
Concierge Medicine: No Longer Exclusively for the Rich

Practice Management

Concierge Medicine: No Longer Exclusively for the Rich:When a physician mentions concierge medicine, she is likely to receive stares from judgmental eyes. Her peers will immediately assume that she is selling out, tailoring to the rich in order to become an overpaid comforter of the wealthy, who are in no way starving for medical attention.

William Rusnak

William Rusnak


Financial investor at NueMD


 

Total articles published on BC Advantage 3

Editorial Ad

Ad pdf ad here