In 1996, the Health Insurance Portability and Accountability Act, also known as HIPAA, was enacted to allow the flow of a client's health information needed to provide and promote high-quality health care while protecting their health, well-being, and privacy. Because the healthcare industry is so diverse, HIPAA is designed to cover the different ways to keep patient information confidential when they seek care and healing.
Our HIPAA Seal of Compliance is displayed at the bottom of our Sales and Support web pages. If your business collects and stores patient information, you can turn on HIPAA compliance in Vagaro when sending messages to your clients via text, push notifications, and emails.
Learn more about HIPAA from the US Department of Health and Human Services.
HIPAA rules consist of national standards to protect patient medical records and other personal health information. It also:
-
Gives patients more control over their health information.
-
Sets boundaries on the use and release of health records.
-
Establishes appropriate measures that health care professionals and others must achieve to protect the privacy of medical information.
-
Keeps violators accountable by imposing civil and criminal penalties for violating patient privacy rights.
For patients, it means being able to make informed decisions when seeking care based on how personal health information is used. It specifically:
-
Allows patients to find out how their information is used.
-
Generally restricts the release of information to the minimum needed for the purpose of the disclosure.
-
Generally gives customers the right to examine and get a copy of their health records and request corrections.
-
Permits individuals to control certain uses and disclosures of their health information.
The following entities are considered covered entities and must follow HIPAA:
-
Health Plans, which include health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
-
Most Health Care Providers, especially those that conduct certain business electronically, such as electronic health insurance billing. Such providers include most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
-
Health Care Clearinghouses and businesses that process nonstandard health information they receive from another entity or vice versa.
-
Business Associates, by virtue of their relationship with covered entities.
-
Client medical records that are inputted by doctors, nurses, and other healthcare providers.
-
Patient conversations with doctors about care or treatment with nurses and others.
-
Client information that's entered into a health insurer’s computer system.
-
Billing information about the client and clinic.
-
Other client health information held by professionals who are required to follow HIPAA laws.
-
Healthcare businesses must have the proper measures in place to protect health information and ensure that it is not used or disclosed improperly.
-
Facilities must have procedures in place to restrict who can view and access client health information and implement training programs for employees on how to protect medical information.
-
Entities must have the appropriate safeguards to protect health information and ensure they do not use or improperly release this data.
Here's a list of recommendations from the U.S. Department of Health and Human Services to help you stay HIPAA compliant:
Appoint a privacy officer and contact person to oversee privacy issues. This individual is the point person for receiving complaints and training all employees on privacy matters, specifically letting staff know about PHI (protected health information) disclosure restrictions and practices.
Under HIPAA, the Privacy Rule requires clinics and healthcare professionals to turn over copies of health records within 30 days of receiving a written request. Clients also have the right to have their health records corrected in a timely fashion.
Build and maintain a secure website that is in line with all HIPAA privacy requirements for identifying information. Run the site on a secure network with all the proper safeguards and get professional help if you need to. Here are some additional safety precautions to take:
-
Require a secure password-protected login.
-
Put timeouts on your devices so that they automatically log out if you're not actively using them.
-
Train staff to act with integrity when handling electronic health information, including not destroying or changing records.
-
Require authentication for all staff or entities who access PHI.
-
Make sure that data transfers that include PHI are encrypted.
Weigh your options regarding storing your clinic’s health information, whether you decide to store it as a hard copy, on your own servers, or in a cloud-based practice management system.
Consider a solution that meets the needs of your daily workflow while also adhering to HIPAA. Also, consider choosing a combination of these storage options.
HIPAA requires a written contract between clinics and any other entity handling health information. For this contract, HIPAA defines two types of organizations:
-
Covered Entity: This is the organization that records the data. This mainly pertains to health clinics and practitioners or anyone treating patients or seeing clients.
-
Business Associate: The organization helps store and process data on behalf of the covered entity.
Check state laws that have additional privacy requirements beyond HIPAA. Here are some specific things to consider:
-
Where state law is less strict than HIPAA, HIPAA will apply.
-
Where state law is stricter than HIPAA, state law will apply.
-
In many cases, more stringent state laws involve reporting public health information, such as communicable diseases or child abuse, or birth and death records.
Comments
0 comments
Please sign in to leave a comment.