The grace period is over.
While health care providers and health plans were already following the Health Insurance Portability Accountability Act (HIPAA) now, as of October 1, 2013 business associates who work with patient health information must also legally follow the rules. The Health Insurance Portability and Accountability Act of 1996, also known as HIPPA, is a federal law to protect health information about individuals. HIPAA rules govern the protection of a patient’s private health information, and provides steps to take if information is mishandled. In the case of an audit or office visit by the HHS, a company will have to demonstrate their plan to confirm compliance with HIPAA.
Why is protecting health information important?
No matter if employees manage patient information, everyone must always safe guard confidential information. An employee may be exposed to new types of confidential information including personal health care information. It is imperative that we are vigilant about following all laws and regulations protecting this information in the United States and around the world. US Federal Laws, including HIPAA are in place to protect sensitive and confidential health information. All employees must be aware of laws if they sell and service products related to health care and therefore may be exposed to patient health information. HIPAA also applies to business associates. Covered entities and their business associates must comply with certain regulatory requirements to ensure that PHI and EPHI is appropriately protected, shared and used. For example, health plan business associates, and dental must also comply with HIPAA requirements. HIPAA applies to third parties performing a function, activity or service on behalf of a company which may involve using health-related information or discloses protected health information. For example, this would include consultants, collection agencies, attorneys, accountants, third-party administrators, all of whom create, use or disclose PHI, being medical information, in their work for hospitals, labs, clinics and health plans.
What is an example of PHI?
PHI, Protected Health Information is any information which may identify a person’s past, present or future medical condition. The kind of identifiers include, for example, a patient’s name, social security number, perhaps a hospital ID number, the individual’s phone number or their date of birth. Protected Health Information is sensitive, and its confidentiality must always be protected. Electronic Protected Health Information is information found on any electronically transferred material which may identify a person. For example, EPHI includes health information on hard drives, magnetic tape, memory sticks, CD’s, email and data transferred by a wireless, modem and cable network connections.
What is de-identify?
When specific identifiers have been removed so the remaining information cannot be used to identify an individual it is called de-identified health information. When identifiers have been removed, the information is no longer considered protected. Most employees will not be exposed to PHI. However, if you are exposed to PHI, for example, in discussions regarding a clinical study, or if a customer inadvertently sends PHI to you, be aware that you are not authorized to use such PHI for any purpose. You must not share the PHI with anyone. Don’t forward the information, don’t talk about it, don’t leave PHI up on a computer screen or elsewhere where someone else can see it or remove it. Don’t carry PHI out of the facility. Don’t attempt to gain access to any system program or document containing PHI unless you need to be in that system program or document for appropriate work-related purposes.
