Being HIPAA complaint is very important. Read on to learn everything you need to know about HIPAA compliance.
What’s a physicians least favorite animal? A Hippo, since it’s only one letter away from Hippa!
You can have that joke for free, as a bonus to this article. Consumers love HIPPA since it makes it easier to get personalized and sometimes secret care. However, it can create a lot of problems for practitioners and their staff, if they don’t follow the regulations.
Correct HIPPA compliance is essential to any functioning clinic. But how long do you take to tell each new employee what it is and how to follow it?
Sometimes it takes weeks. That legal language is hard to wrap your head around. Instead of trying to translate – read our guide instead.
What is HIPPA?
The five letter acronym stands for the Health Insurance Portability and Accountability Act. It came to be in 1996, but we didn’t hear it really talked about until the mid-2000’s with the passing of Obamacare.
Its purpose is to protect patients from having their information and health history spread. It protects specific patients from being mentioned in research or papers. If Suzy Q had an interesting reaction to a hysterectomy and her doctor wanted to do a study on it, her name would be patient x.
Or something of the like.
Why Have HIPPA?
Before they put HIPPA into place, almost every health care network had their own processes for claims. HIPPA changes that by making everyone use the same system.
It’s like if some clinics in the states were using the metric system while others used imperial. If an imperial clinic had to send records to a metric, that would be a pain. So now, everyone is on the HIPPA system.
It also came from some security breaches of patient confidentiality in the 90’s. Along with that, the legislators behind Obamacare knew there would have to be some stricter regulations with a government controlled system.
What Does it Change?
Other than giving everyone the same system, HIPPA changes what different people at different points of the medical process see. If the doctor needs to share information with another doctor, they can see the patient’s whole file.
However, if billing is processing a treatment the patient had, they only have enough information to get the job done. That may just mean name, age, a treatment code, and insurance information.
It puts regulations and restrictions on the number of eyes that can see sensitive details of a patients file.
What Must I Change?
Most of us are already familiar with HIPPA compliance, which means we avoid the use of certain “unique identifiers” when discussing patient history. Unique identifiers are anything that could give someone the true identity of the patient in question.
Here’s a comprehensive list of all the HIPPA identifiers.
- Address (smaller than state)
- Telephone number
- Fax number
- Email address
- Medical record number
- Serial numbers of any device (medical or other)
- Images of the patient
- Account number
- Social security number
- Health plan number
- Fingerprint or other biological identifiers
- IP address
- Personal websites
- Anything else that separates patient A from patient B in identity or personality.
Let’s look at an example. Say you were doing an experiment on two patients for a medication.
A HIPPA friendly report wouldn’t have any identifiers. So the following information could not go anywhere until the identifiers are removed.
Information with identifiers:
We are studying the effects of medication A on two patients, Thomas and Andrew. Both patients agreed to take the medication for a reduced cost in exchange for follow up appointments.
The appointments are every Wednesday from 3-5 PM at the patient’s home hospital, ABC hospital. Patient Thomas has a heart pump, serial number, 3234234.
See how much information is in that about Thomas and Andrew? Here’s what that information looks like as HIPPA compliant.
Two patients agreed to test the side effects of Medication A at ABC hospital. They are receiving reduced cost in exchange for follow up appointments and research tests. One patient has a heart pump, which is a potential extraneous variable to track.
Patients check in once, weekly, for two hours to talk to researchers and run tests.
See the difference?
You still understand the purpose of the experiment and what’s going on without identifiers. That way both Thomas and Andrews’s identities stay safe and they can go on with their lives.
HIPPA After Death
One a patient dies, they’re still protected by HIPPA regulations. As the law stands now, their records need to stay compliant for fifty years from the day they died.
There are some cases where identifiers of the deceased can be shared, but it required approval by family or specific doctors.
Finally, there is one situation where you can share the identifiers of a person. If the patient gives you reasonable reason to believe they’re going to hurt themselves or others, the doctor is allowed to share that information for prevention.
This could be to parents, law enforcement, or social workers. Doctors do need to tell patients that they’re required to report this information, which is part of the reason we require HIPPA consent forms.
Maintaining HIPPA Compliance Practices
The information covered in this article as identifiers can also be referred to as PIH, or private health information. The same PIH apply to all sectors of medicine, dental offices, and the like.
If you handle health information and records, you’re required to work with Hippa compliance. If you’re not, your clinic could be fined large amounts, sued, or even shut down completely.
That’s not something you can risk. Make sure you use our billing services and programs – we build our compliance in. Check it out here.