Is your medical information at risk?
In your day-to-day life you take steps to keep your personal information secure. You keep your social security number private. You don’t let people have access to your credit card or banking information without first checking to see if it is safe. You are aware of potential scammers trying to get that information. You even use good passwords to your various accounts. These are great ways to keep your information secure. Keeping an eye on your credit history and perhaps even using a program to monitor your personal information are important steps to security. Are there any steps you might be missing in the security of your personal records? How about your medical service providers? Do they take the necessary steps to protect your data?
Most of us have heard of HIPAA and have a basic understanding that it means the healthcare providers you use are required to keep your patient records private and secure. That is the basic idea but did you know there is much more to it? As a patient, you have rights to ensure your information is being properly protected.
What is HIPAA?
Before jumping into how to protect yourself it is a good idea to have a basic understanding of HIPAA and what it entails. HIPAA is an acronym for the Health Insurance Portability and Accountability Act which was passed by congress in 1996 as a measure to secure the privacy and confidentiality of patient records.
Fact: HIPAA Compliance is required by law.
HIPAA was designed to reduce healthcare fraud and abuse, set industry-wide standards for healthcare information on electronic billing and other processes, and requires the protection and confidential handling of protected health information (PHI). HIPAA also provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs.
Who Does HIPAA apply to?
Now that you have a little bit better of an idea of what HIPAA is, you might be wondering who HIPAA applies to. Put simply, any healthcare provider, their suppliers and vendors or business associates who “transmit, maintain, access or store” PHI (Protected Health Information). This includes all doctor offices, dental offices, chiropractic offices, pharmacies, and the list goes on. If it involves healthcare, that provider is required to comply with HIPAA regulations.
Fact: Anyone who handles PHI (Protected Health Information) is required by law to satisfy all requirements for HIPAA compliance.
Other third party companies that are associated with your healthcare provider are also required to be HIPAA compliant including malpractice insurance companies, managed care organizations, vendors who handle records, personal injury attorneys, and any external technology companies used to service their devices.
Is Your Provider HIPAA Compliant?
You may wonder how you can know if your healthcare provider is HIPAA Compliant and if they are taking steps to protect your information. Next time you visit their office ask yourself some simple questions. Are the computer screens visible to patients? Are there any charts left lying around unmonitored?
Fact: 79% of HIPAA Audits result in failure.
You can also ask your provider to speak to the HIPAA compliance officer to find out if they’ve had a risk analysis in the last year and if it is on record. You can also ask if they have proof that they are HIPAA compliant. Also, find out if you received a copy or if you can get a copy of the Privacy Practices for their office.
What Are Your Patient Rights?
You might wonder what the rights are as a patient. Did you know that you have a right to an electronic copy of your information? There may be a small fee from the doctor but they often offer electronic copies in the form of an online portal, a flash drive, or CD (depending on the individual office).
Fact: Patients have a right to know how their information is being used and shared.
You have a right to know how your information is being used and shared. However, there are certain things your provider can share without your consent like reporting the flu in an area (without your personal info) or working with another doctor to determine a best treatment option. Otherwise, information shared by your doctor should be cleared of any of your personal information. If you are concerned about HIPAA violations in your provider’s office and want to report the office you can take action to protect yourself by visiting the HIPAA sitehttps://www.hhs.gov/hipaa/filing-a-complaint/index.html, they will investigate violations.
You can also look to see if a provider you are using is currently under investigation by visiting the OCR (Office for Civil Rights) page atOcrportal.hhs.gov/ocr/breach. This page lists practices that are currently under investigation or have been investigated in the last 12 months.