The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a group of guidelines designed to assure patients that their private health information is properly protected, especially when that information is transferred from one healthcare professional to another. Prior to the implementation of HIPAA, the security of patient information depended on the healthcare facility that stored them. Unfortunately, some did very little to ensure the privacy of their data.
All healthcare organizations and professionals need to understand the compliance issues HIPAA contains, particularly with the secure scanning and storage of patient health records. Entities covered by HIPAA include healthcare providers, plans, clearinghouses, and the electronic medical records or EMR platforms used by these entities to manage data. If you or your organization belongs to one of these organizations covered by HIPAA, you are responsible for ensuring that both access and transfer of your patient’s records is compliant with the Act’s rules.
In a recent Healthcare IT News article, lawyer James Wieland relates to article writer Mike Miliard some of the areas of HIPAA that tend to cause interest and confusion in his clients:
“Rights to electronic access are just as important as rights to privacy. “The rights of the consumer are now more and more exercised because more records are stored in electronic form, and more and more people in all age ranges are aware of their access rights,” said Wieland.
Explicit approval is needed any time PHI is transferred, even if it’s at the patient’s request. “If you get directions or requests from an individual to transfer their personal health information to a third party, you must get them to clearly state it — in writing — or you will be at risk,” he said.
The importance of a “real, demonstrable risk assessment” cannot be overstated. This particularly goes for “providers that do not have their own in-house IT staff, that may be relying on a vendor to provide the security,” said Wieland.”
If, like Wieland’s clients, you feel that you need help understanding some HIPAA’s more intricate provisions, talking to a proven document management solutions provider like Spectrum Information Services will be extremely beneficial. Such companies can also help you with certain processes that require strict HIPAA adherence, such as proper scanning and imaging patient charts into electronic document, accurate matching of insurance claims with patient accounts receivable records, and efficient accounts payable automation.
(Source: Lawyer offers tips for HIPAA compliance, Healthcare IT News, Mar. 5, 2014)