Health Insurance Portability & Accountability Act Training
In this age of information sharing, ensuring individual privacy has become increasingly important. According to the U.S. Department of Health & Human Services, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) "gives you rights over your health information and sets rules and limits on who can look at and receive your health information." HIPAA requires entities with protected health information be diligent in disclosure and follow specific security measures to assure the protected health information remains confidential.-
What is Protected Health Information?
-
According to the University of Miami, Miller School of Medicine, protected health information is "any information, whether oral or recorded in any form or medium that is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university or health care clearinghouse; and relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual."
HIPAA provides standards for health care providers and insurance providers, making them legally required to keep medical information private regarding their clients. Failure to do so can mean large fines and possible jail time. Therefore, it is important for anyone who works with protected health information be HIPAA compliant.
Where do I Start?
-
In order for HIPAA compliance to be followed, you need to understand the law, who it is applicable to and the definition of protected health information (PHI) In your company, designate one individual to be the HIPAA compliance champion who will educate and enforce HIPAA compliance.
HIPAA's protects an individual's health information regardless of format: electronic data, paper records, and/or verbal communication so educating your entire work force, from custodians to the president is required.
Set Rules
-
Lock cabinets and drawers. The designated HIPAA champion can set safety measures in place to protect the privacy of your client's medical information. Common rules would include locking all unattended desk drawers and cabinet files, locking your computer screen when away from your desk, requiring passwords to be changed on a quarterly basis, securing office areas so only authorized employees can enter, keeping documents turned upside down and/or out of view of non-authorized employees and shredding all documents containing PHI.
Train and Test
-
Test understanding. All of your employees who have access to protected health information need to be HIPAA compliant. Have your HIPAA champion educate your employees and require a test to ensure if they were to commit a violation they can not claim they were unaware of the law. Plus if a violation by an employee occurs, you as an employer can be in violation.
Non-compliance
-
The Secretary of the Department of Health and Human Services (HHS) determines the penalty based on the type of violation and the extent of harm caused by the non-compliance. Non-compliance may mean fines, jail and lawsuits against either individuals or companies and fines up to $50,000 per violation are imposed. However, if the violation is corrected within 30 days no civil penalties can be imposed except in cases of willful neglect.
-
General Healthcare Industry - Related Articles
- Health Insurance Portability & Accountability Act Requirements of Registered Nurses
- Health Insurance Portability and Accountability Act Regulations
- Health Insurance Portability Act
- Health Insurance Portability and Accountability Act
- How to Find Information About Portability of Health Insurance
- Health Insurance Port Ability & Accountability Act
- Information on the MediKids Health Insurance Act