HIPAA (Health Insurance Portability and Accountability Act) is a law implemented under the Federal Law imposed on all health care organizations including hospitals, home health agencies, nursing homes, physicians, and other providers that protect the patient’s health information. HIPAA privacy policies have the main motive of protecting the PHI (Protected Health Insurance) is properly handled. HIPAA states the ways to protect the patient’s information. In case of the electronic transmission of data it must be handled in a standard way so that HIPAA compliance is not affected. There are some rights for the patients under HIPAA and the patients need to be informed about it.
What is confidential information?
Any information that can result in identification of the patient is PHI. The PHI includes the following:
- Date of Birth
- Social security number
- Registration death
- Death date
- Medical record number
- Surgical pathology number
If any of the above information is leaked it will be a breach of HIPAA laws, which will result in fine as stated by the laws.
HIPAA Do’s are as follows:
- As per HIPAA laws the PHI data is securely shared with files encrypted with passwords
- If screenshots are taken from production, the PHI should specifically be covered with the help of graphic editors like paint.
- The PHI information should be the right to access PHI data should be given to selective users of a system like Super administrators, Site administrators or any authorized person.
- If due to human or system error any PHI has been shared it should be destroyed immediately. There needs to be proper training for this error.
HIPAA don’ts are as follows:
- It is specified very clearly that any password of the client side specimen application, which has real data over emails, should not be shared.
- Sharing of screenshots over emails or updates via wiki/forums with screenshots containing real data should not be done.
- Data should never be stored on the local machines however, if it has to be the data should be immediately deleted after the work has been done.
- Any credentials that are anywhere associated with PHI should never be shared with outsiders or anyone.
- It is prohibited to share PHI over emails or public servers or 3rd party tools like Google drive or dropbox. Only secured servers should be used to share the data.
Online HIPAA training assures that the health care providers and the associated businesses are aware of the do’s and don’ts and in case of any breach or non-compliance there are set categories of punishments under the civil and criminal penalties section. Civil penalties have monetary fine, which depends on the circumstances, and need that resulted in the violation. The punishment can range from $100 to $50,000 during a calendar year. on the other hand the criminal penalties include potential jail sentences for upto one year to ten years. Moreover breach often results in loss of reputation and trust of the patients.
HIPAA as stated by the Federal law intends to protect the PHI of the patients and there are other rights to protect the interests of the patients. The HIPAA states the do’s and the don’ts for the medical care providers, covered entities and the business associates. In case of breach of the laws, which is identified during the HIPAA, audit conducted by the third party then there are monetary and jail imprisonment set as per the Federal laws. Under HIPAA laws the patients have rights, which the healthcare provider should let them know and also help them to exercise the rights.