© SBMA 2022 – all rights reserved
Your private information should remain that way – private. Ensuring your records are kept confidential requires important layers of protection. Without rules and processes in place, the lines of what information can be disclosed is blurred, especially in today’s technologically reliant world. Thankfully, there is a nationally mandated law to help guide the process on how to protect you and your information.
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. HIPAA is the structure that anyone with access to your private information – business associates and covered entities- uses to make sure Protected Health Information (PHI) is protected. At its core, it is the baseline of national standards any entity with private records must take to protect health information from anyone without proper consent from obtaining it.
Protected Health Information (PHI)
PHI is your personal private information. This includes details such as:
- Your name
- Phone number
- Social security number
- Medical records
- Financial information
- Individually identifiable health information
- Any other unique identifiers.
All of this information must be protected in its written, verbal and electronic forms. This is all important data that you want to keep in the right hands.
In order to fully understand what HIPAA is, and how to stay in compliance, it’s also important to understand the different HIPAA regulations in place.
One aspect of this is the HIPAA Privacy Rule. The Privacy Rule allows health records to be protected while simultaneously allowing the right information to be accessed by the right health term. This process promotes the best quality healthcare for the individual. It’s protecting your information while making sure the people who need your information, i.e. doctors, your health insurance, etc. have access to it.
The Privacy Rule comes into play when you verbally or electronically allow your information to be disclosed to a specific party. For example, your primary care physician must ask if they have your permission to send medical records to the specialist you were referred to. Look here to see when permitted users of your information are allowed to use PHI without authorization.
Another rule that plays a large part in staying HIPAA compliant is the Security rule. This rule is important because it protects electronic protected health information (e-PHI). It does not protect verbal or written PHI. According to the CDC, these are the elements in place to comply with HIPAA’s Security Rule:
- “Ensure the confidentiality, integrity, and availability of all electronic protected health information
- Detect and safeguard against anticipated threats to the security of the information
- Protect against anticipated impermissible uses or disclosures
- Certify compliance by their workforce.”
Who has to follow HIPAA rules?
All entities that fall under the category of “covered entities,” must always enforce HIPAA compliance. These entities include:
- Health care providers – doctors, hospitals, clinics, psychologists, pharmacies, dental offices, health plans, etc.
- Health Care Clearinghouses – organizations that process nonstandard health information into a standard form.
- Health Plans – HMO, Company health insurance, Medicare, Medicaid, etc.
- Business Associates – A person or organization that uses PHI to provide services that can include claims processing, data analysis, reviews, and billing.
Common HIPAA Violations
When holding sensitive and private information, it’s important to understand the most common ways HIPAA can be violated. This creates awareness and opportunities for preventative measures.
Here are a few examples of breaking HIPAA Compliance:
- Cyberattacks/ breaches
- Office break-ins
- Sending incorrect PHI
- Discussing PHI outside of work
- Posting PHI on social pages
- Theft of equipment containing PHI
Why is HIPAA important?
Overall, keeping the confidentiality of patient records and personal identifiers is important for safety and is a federal requirement. HIPAA protects sensitive information from the wrong hands.
Maintaining compliance provides the opportunity to build trust with patients or clients. Furthermore, staying HIPAA compliant is important to avoid any fines or penalties. Violating HIPAA policies can result in fines ranging $100 – $50,000 per violation.
At SBMA Benefits, we understand the importance of HIPAA compliance when it comes to your health information. Click here to learn more about what we do and the insurance packages we have to offer.