Heath care providers and their business associates handle volumes of patient medical information on a daily basis. Because of this, they are responsible for making sure no laws of the Health Insurance Portability and Accountability Act (HIPAA) and state privacy laws are violated.
This complicated federal regulatory system has many requirements that providers must meet. The best way to ensure providers do not unwittingly violate one or more rules is to develop policies and procedures. Having these in place will help your health care facility remain compliant.
The HIPAA Privacy Rule
HIPAA has a privacy rule that places restrictions on how “protected health information” (PHI) is used and disclosed. Nearly all data maintained or created by a provider or supplier is considered PHI for HIPAA purposes.
The Privacy rule outlines the instances where it is acceptable to use protected patient information within the practice or disclose the information to outside entities. Generally, this information should only be used to treat patients, to receive payment and health care operations. The regulations have specific meaning for each one of these instances.
Patients must sign an authorization form when their health information is to be used for something other than treatment, payment and operations. The form that health care providers have patients sign must comply with the requirements of the Privacy Regulations.
There are some exceptions to this rule where providers can disclose protected information without a patient’s authorization if the disclosure is not for the three reasons stated previously.
The HIPAA Security Rule
With the Security Rule patient’s PHI is protected in electronic formats. Also known as electronic protected health information, or EPHI, privacy rules include a technological and administrative component.
Many health care providers have EPHI through billing systems, laboratory systems and electronic health records. However, purchasing a marketed electronic health records system is not enough. There are additional steps you are required to take to ensure you are compliant with the law.
Someone from the covered entity must be responsible for ensuring the facility is compliant. This person must also develop written policies and procedures. Their duties extend to having oversight to ensure others in the facility follow the rules. Typically, this person is the HIPAA Security Officer who may also serve as the HIPAA Privacy officer.
As with the Privacy Rule, the HIPAA Security Rule requires the development and maintenance of written policies and procedures. Staff should be trained to know how to handle certain information.
A key component to the HIPAA Security Rule is the Security Risk Analysis, which is required for all covered entities. Every provider and business associate of providers must identify risks, and have a plan to address those risks. When physicians apply for incentives connected to using an HER, they must attest that a HIPAA Security Risk Analysis was conducted for their facility. This is also a confirmation that any issues exposed have been corrected.
HIPAA Compliance Challenges
Many health care providers find it difficult to stay compliant with HIPAA rules and regulations. Some have a constant struggle with training issues, limited technological tools and a small staff.
If you can identify with these providers and believe you might have violated a HIPAA regulation, or you are currently under investigation, it is very important that you get legal counsel.
Being found in violation can cause potentially devastating consequences for your health care facility. Even if you follow every regulation, it is possible that an employee’s misconduct is the root violation that is under investigation.
Perhaps the employee failed to get authorization from the patient before releasing private health information. Another reason for the violation investigation could be related to not managing the security of digital information properly.
In either case, your practice can benefit from the help of an experienced HIPAA compliance attorney to protect your health care service.
Dallas HIPAA Compliance Lawyers Can Help
At Rainer & Kenniff, PC, you have a reliable defense against accusations of HIPAA violations. Our attorneys use their extensive experience to provide the type of legal services out clients need and deserve. We serve hospitals, private practices and other health care facilities.
With a detailed understanding of health care laws and HIPAA regulations, our clients depend on our skill to recognize potential pitfalls before the government has a reason to investigate.