Some businesses are unsure how to handle privacy compliance in regards to HIPAA regulations.
The Health Insurance Portability and Accountability Act of 1996 has created more work for businesses in that they have to spend endless hours researching HIPAA regulations, training employees, rewriting contracts, internal documents, patient forms and policy and procedure manuals. If office administrators, practice managers or physicians are unsure how to handle privacy compliance, then there could be consequences which can include hefty fines.
The types of business entities that are affected by the law include, health plans, health care clearing houses, and those health care providers who conduct financial and administrative transactions (e.g., electronic billing and funds transfers) electronically. In order to ensure the security of personal health information, there needs to be privacy safeguard standards in place.
Entities may have the flexibility to design their own policies and procedures to meet regulatory standards. The requirements are flexible and scalable to account for the nature of each entity’s business, and its size and resources. Covered entities generally will have to:
- Adopt written privacy procedures. These include who has access to protected information, how it will be used within the entity, and when the information may be disclosed. Covered entities will also need to take steps to ensure that their business associates protect the privacy of health information.
- Train employees and designate a privacy officer. Entities will need to train their employees in their privacy procedures and must designate an individual to be responsible for ensuring the procedures are followed.
There are specific boundaries to keep in mind, and with some help businesses can learn to comply. For example, there must be accountability for the use and release of medical records, and companies need to ensure that health information is not used for non-health purposes. Penalties for entities that misuse personal health information include:
- Civil penalties. Civil penalties are $100 per violation, up to $25,000 per person, per year for each requirement or prohibition violated.
- Federal criminal penalties. Under HIPAA, Congress also established criminal penalties for knowingly violating patient privacy. Criminal penalties are up to $50,000 and one year in prison for obtaining or disclosing protected health information; up to $100,000 and up to five years in prison for obtaining protected health information under “false pretenses”; and up to $250,000 and up to 10 years in prison for obtaining or disclosing protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm.
Personal Health Records allows patient to provide doctors with valuable health information that can help improve the quality of care that patient receives. Personal Health Records can help to reduce or eliminate duplicate tests and allow you to receive faster, safer treatment and care in an emergency and helps to play a more active role in yours and your loved ones’ healthcare.
Personal Health Records system collects all information pertaining to the patient, which includes past medical history of the patient, laboratory test results, medications etc. This allows doctors to have instant access to patients’ data, and can give right treatment with no delay, it offers secured storage of data. Regardless of the region and time, the authorized users can access the data for various purposes such as better treatment for patients, research of critical and peculiar cases, to avoid repetition of tests and etc.
This is a serious issue and with digital copies of things flying around, violations of privacy can happen fast.
Someone in my office recently was notified by email that they had uploaded a scanned copy of a record to an openly accessible folder on their company website! It could be downloaded by anyone.
I dunno the reason behind putting it out there, but it was a scary oversight.
I had my medical records taken by my healthcare provider under false pretenses. I was told she needed my last 2 labs from my former doctor to compare to the recent one she took. I signed the ROI for the 2 labs, she took 3 years of full medical I did not agree to. Who do I contact, and what should I do?
I had my medical records taken by my healthcare provider under false pretenses.