Healthcare Information Portability and Accountability Act (HIPAA)

HIPAA is the Health Insurance Portability and Accountability Act. It was initially established primarily to protect electronically transmitted health information since on-line transmissions have skyrocketed in recent years and will eventually become mandatory. In the process of establishing confidentiality protocols, it broadened to more general office procedures. Many things that seem common sense became law such as:

  • Do not discuss patient conditions where other people could potentially hear you (this applies to office staff as well as practitioners).
  • Do not disclose personal information (social security numbers, dates of birth, etc.) such that non-staff can hear you.
  • Turn computer monitors away from non-staff viewing.
  • Do not keep any healthcare records in plain view so they could be easily viewed by mistake.
  • Patient sign-in sheets are acceptable although they were initially thought to be banned as well.
  • Patient files that are stored in file pockets on patient room doors should face inward, not outward, so patient names are not readable.

Verifying the legitimacy of patient inquiries is also necessary. Not releasing information to anyone other than the patient, unless you have authorization in writing from the patient, is of huge importance. This is done in the same way that insurance companies do to us: they ask for verifying information such as date of birth and policy and/or social security numbers prior to relinquishing information regarding a patient. You must have express written consent to send records on a patient to anyone other than the patient unless they have been subpoenaed. HIPAA violations are handled by the office of civil rights and with an office in each major city in the United States, complaints made regarding HIPAA are readily investigated. Fines begin at $500. The point: it is easy for a patient to file a complaint and relatively easy for bureaucrats to follow up on it and so every practice must have a HIPAA system in place.

Resources for finding HIPAA information include:
Health Information Privacy This is the official page from the US Department of Health & Human Services Office for Civil Rights. This is the main source for information regarding HIPAA and it has helpful resources for being HIPAA compliant:

Are you a covered entity?

Summary of privacy rule

Sample business associate contract provisions

Training materials

Guidance materials

Here are some form samples the authors use in their practice:

Notice of Health Information Privacy Practices

Leave a Reply