doctor examining woman in doctor's office

Everything You Need to Know About HIPAA

If you work in the field of healthcare, you’ve more than likely heard of HIPAA law. HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. This law was put into place to protect the privacy and rights of patients and to safeguard patient medical information. Whether you work in the medical industry, or you just want to understand how your medical information is being protected and secured, you need to understand HIPAA law and how it affects the use of patient information and the transmission of electronic medical records.

What is HIPAA Law?

HIPAA was originally passed in the United States and signed into law on August 21, 1996. The main purpose of HIPAA is to protect and sevure patient medical data, as well as patient insurance information, and other personal information. There are three parts to HIPAA: The Privacy Rule, The Security Rule, and the Breach Notification rule. The Privacy Rule defines PHI, Protected Health Information, as “any information held by a covered entity which concerns health status, the provision of healthcare, or payment for healthcare that can be linked to an individual.” This rules was later updated on April 21, 2005, to address electronic Protected Health Information (ePHI). The Security Rule covers how patient information is protected. The third part of HIPAA, the Breach Notification Rule, pertains to what constitutes a breach of security and the steps that need to be taken if a security breach occurs and a patient’s medical information is illegally accessed. If you work in healthcare in any capacity, whether as a doctor, nurse, transcriptionist, receptionist, or even at home as a medical coder, medical writer, or medical claims examiner, you must comply with HIPAA privacy, security, and breach notification guidelines. Mandatory compliance means that anyone who works in the healthcare industry and has access to patient data must take any precautions that are necessary to remain HIPAA compliant.

What Are The Objectives of HIPAA?

HIPAA was created with the following objectives:

  • to “improve the portability and accountability of health insurance coverage” for employees between jobs
  • to combat waste, fraud and abuse within the healthcare and health insurance industries
  • to promote the use of medical savings accounts through tax breaks
  • to provide insurance coverage for employees with pre-existing medical conditions
  • to simplify health insurance administration

The Privacy and Security Rules were put into place to ensure that:

  • a patient has the right to control access to their own health information
  • a patient is not required to disclose information about any healthcare they receive that is privately funded
  • all healthcare providers take the necessary steps to determine how patient information is disclosed, whether the disclosure is in the form of physical documentation or electronic transmission
  • the patient grants permission to use their personal information for marketing, fundraising, or research purposes

Since HIPAA has changed the way that doctors, nurses, and staff handle patient medical records, insurance information, and personal data, let’s take a look at what you need to know about complying with HIPAA law, especially if you are interested in pursuing a career in healthcare.

How Do I Comply with HIPAA in the Medical Office?

If you are working in the healthcare field, or you’re thinking about working in the healthcare field, it’s important to comply with HIPAA in the medical office, as well as in your home office if you are working remotely. Here’s how to remain HIPAA compliant:

  • Keep patient records out of public reach. Make sure paper records aren’t left in open areas with public access. If the patient’s records are on a computer, make sure the monitor is facing away from a public area, or invest in a privacy screen. If the computer is in a public area, remember to sign off from your computer if you step away from your desk.
  • Be careful not to reveal personal information about patients to other patients, or to anyone else who is not directly involved with the patient’s healthcare.
  • Do not sell or otherwise release patient information to third parties. This violates HIPAA law.
  • Obtain consent from the patient themselves before releasing information to any unknown party, if someone other than the patient asks for the patient’s medical records or personal information.
  • Protect the unique access ID and password that you use to sign on to your PC, especially if you have access to individual patient charts. This is important to ensure that any information being accessed is accessed only on a need-to-know basis.
  • Ensure that you are only releasing PHI or ePHI to individuals with the right to access it – either the patient him or herself, their medical provider, or anyone the patient has allowed to have access to their medical records. Failure to comply with the HIPAA Privacy, and Security, and Breach Notification Rules places the healthcare organization – whether it is a doctor’s office or an insurance company – at risk of enforcement action which can include fines, loss of license, or loss of ability to provide insurance to patients. If an individual employee contributed to any violations, it also will put him or her at risk of disciplinary action, job loss, or even government fines. 

In summary, the important thing to remember is that patients trust their healthcare providers and staff to protect their privacy and treat their medical records and personal information with the utmost respect and discretion. Whether you are pursuing a career in the healthcare industry or you are already working in the healthcare field, consider enrolling in the course entitled “How to Learn Professionalism in Healthcare (with REAL-WORLD Examples!)” offered by Avidity Medical Design Academy. You might also consider the course entitled, “How to Read Your Own Medical Record (Learn What is in YOUR Medical Files!) ” learn more about HIPAA law from the patient’s perspective, as well as from the perspective of working in the healthcare field. Visit the Avidity Medical Design Academy website to enroll in each of these courses, as well as other courses that might help you become successful in the field of healthcare.