The Health Insurance Portability and Accountability Act (HIPAA) originated in 1996 to ensure that patient health records are kept confidential and secure, and hospitals are being held accountable. The Department of Health and Human Services (HHS) has the right to impose civil money penalties against facilities and other entities that violate HIPAA regulations, and the industry is seeing record fines being imposed. With at least 30 million health records breached since 2009, facilities need to do all they can to reduce their vulnerability and protect patient privacy.
However, HIPAA can be confusing, and it can be hard for healthcare providers to know when they are or are not in compliance. What exactly constitutes a violation is sometimes difficult to understand, but ignorance of the law is not an excuse for breaking it. To avoid fines and penalties, all healthcare professionals in any capacity should be required undergo thorough training.
The easiest rule to understand regarding HIPAA is to not discuss patient information with any other individual unless it’s required for the patient’s care. If a conversation is required, the discussion must not take place where others may overhear the information. The onus is on the individual speaking to ensure the protection and privacy of patient information.
HIPAA also protects any medical information collected by insurance companies, including billing details. As with a conversation, medical information identifying a patient cannot be shared unless necessary for the patient’s treatment. Electronic violation of HIPAA is an area of special attention. In 2009, The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as a modification to HIPAA. The HITECH Act was put in place to address the growing area of electronic use and transmission of medical records and patient information. As with any electronic transmission of sensitive information, special policies and protections need to be carefully followed to ensure the information remains secure.
Overall, HIPAA and HIPAA HITECH now cover the following areas of medical security:
- Medical Records
- Patient Privacy
- Electronic Transmission of Medical Data
Covered entities, including health plans, healthcare clearinghouses and healthcare providers, are required to update and notify individuals regarding any changes and modifications. These covered entities are also required to remind consumers of their rights under HIPAA every three years. HHS has discovered the most common violations are in the administrative areas of the covered entities. HIPAA is complex and difficult to apply properly without proper oversight and continual vigilance regarding the use of patient information and data transmission.
The two most important points to remember regarding HIPAA may in fact be, don’t assume you know the rule, and don’t ignore the need for privacy of each and every patient detail. Reptrax UniversityTM, our learning management system, offers two HIPAA options for vendor representatives: HIPAA: What Healthcare Workers Need to Know and HIPAA HITECH: Final Rule Compliance for Business Associates. The Reptrax HIPAA credential requirement can be satisfied with either course.
Contact us to learn more about Reptrax and Reptrax UniversityTM.