|  | Healthcare Industry | General Healthcare Industry

HIPAA Staff Rules

The Health Insurance Portability and Accountability Act, or HIPAA, was enacted to protect the privacy of a patient's personal health information that is transmitted through spoken, written or electronic information. All employees of health care facilities and pharmacies are responsible for performing their work in conformity with HIPAA regulations.

  1. Protected Information

    • Any personal, medical or financial information that is created, received or maintained by a health care or provider or health plan is included within HIPAA regulations and is considered private. Any unauthorized dissemination of this information, whether the information was received through spoken, written or electronic communication, is a violation of HIPPA. The following patient criteria are listed as Protected Health Information (PIH) by HIPPA, and should not be shared by staff:

      -Name

      -Postal address

      -All elements of date except year

      -Telephone number

      -Fax number

      -Email address

      -URL address

      -IP address

      -Social Security number

      -Account numbers

      -License numbers

      -Medical record number

      -Health plan beneficiary number

      -Device identifiers and their serial numbers

      -Vehicle identifiers and serial numbers

      -Biometric identifiers

      -Full face photos and other images

      -Any other unique identifying code or characteristic

      HIPPA applies to all employees of a health care facility, health plan or pharmacy, not solely the employees who come in direct contact with patients or who are providing care.

      Under HIPPA guidelines, an employee should not even be viewing a patient's protected information unless it is necessary to perform job duties.

    Sharing Information

    • An employee may share or access a patient's information if it is necessary to perform a job. If, for example, it is a staff member's responsibility to read a patient's lab results, provide the patient with health-related counseling or relay the patient information to another employee, the staff worker may access this information but must only collect or share the minimum amount of information necessary to perform the job function.

    Accidental Violations

    • It is possible for HIPAA to be violated through unintentional acts, like leaving patient information on computer screens or misplacing documents. Since violation of HIPAA is a serious matter, all staff members of facilities that deal with patient care should take certain precautions to avoid accidental violations of HIPPA. Some measures that employees may take to prevent these violations are: using shredders to destroy documents that contain protected information after they are no longer needed; creating passwords for computer programs that contain protected information; using antivirus software; and locking computers at workstations that are unattended. Finally, all staff members must report any breaches of security that may lead to a HIPAA violation.

General Healthcare Industry - Related Articles