Health Insurance Portability and Accountability Act
HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. HIPAA requires the protection and confidential handling of protected health information including patient health information, demographic information, physical or mental health, health care payment provisions, and client identity. At the same time, the Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes. Failure to comply with HIPAA can result in civil and criminal penalties (42 USC § 1320d-5).
Examples of HIPAA violations:
Improper disposal of patient records; shredding is necessary before disposing of patient’s record.
Insider snooping, which refers to family members or coworkers looking into a person’s medical records without authorization. This can be avoided with password protection, tracking systems, and clearance levels.
Releasing information to an undesignated party; only the exact person listed on the authorization form may receive patient information.
Releasing the wrong patient’s information; through a careless mistake, someone releases information to the wrong patient. This sometimes happens when two patients have the same or similar name.
Unprotected storage of private health information, such as a laptop that is stolen. Private information stored electronically needs to be stored on a secure device. This applies to a laptop, thumbnail drive, or any other mobile device.
Scenarios of HIPAA violations:
Telling friends or relatives about clients that are under your care
Discussing private health information in public areas
Discussing private health information over the phone in a public area
Not logging off your computer or a computer system that contains private health information
Including private health information in an unsecured text or email
Confidentiality of client medical information
Individuals in our care expect us to maintain the confidentiality and security of all their Protected Health Information (PHI). Agape does not use, disclose, or discuss client-specific information with others unless the client authorizes the release of his or her information, or we are required or authorized by law to release the information. Agape maintains the confidentiality of client medical information and uses appropriate security measures to protect this information, including information contained in client charts. Agape also uses appropriate security measures of PHI in all communications.