HIPAA is the Health Insurance Portability and Accountability Act. This federal law, enacted in 1996, is intended to set a national standard for protecting the privacy and security of health records and other individually identifiable health information. Many things can qualify as protected health information (PHI), including names, addresses, social security numbers, medical record entries, recorded dates (birth, death, admission, discharge, etc.), and images
HIPAA applies to “Covered Entities” and their “Business Associates.” Covered entities include health care providers, health plans, and health care clearinghouses. Anyone who helps these entities carry out their functions is considered their business associate. Covered entities and their business associates need to know about and practice HIPAA compliance. At Loganzo & Mantell PLLC, we often deal with HIPAA compliance matters. Read on to discover our tips.
Understand what is protected and what constitutes a breach.
Covered Entities and Business Associates must ensure that all staff and subcontractors with access to PHI are properly trained regarding HIPAA compliance and are aware of the possible penalties for noncompliance, including termination, fines, and jail time. They should know what information needs to be protected, how it must be secured, what is considered a breach, and how to handle and report any breaches that may occur.
Use common sense.
To comply with HIPAA, it is important to maintain awareness when handling PHI, and to use common sense. For instance, passwords should be protected to protect confidential information, documents containing private information need to be kept away from public areas, and any papers that include PHI should be shredded rather than recycled.
Strike the right balance.
Covered entities and their business associates must know what disclosures are permissible, required, or prohibited so that they can balance privacy and security concerns with the need to allow for the patient’s right to access information and to ensure continuity of patient care.
Keep HIPAA in mind even during emergencies.
HIPAA contains specific rules regarding PHI disclosures, whether made to family, friends, public health officials or emergency personnel. These requirements remain in effect even during a national public health emergency like that presented by the Coronavirus (COVID-19), unless suspended or specifically waived by the Department of Health and Human Services Office for Civil Rights (OCR). Two such waivers occurred this week. On March 15, 2020 OCR announced it would waive HIPAA sanctions and penalties against covered hospitals for non-compliance with five specific provisions. Two days later, OCR announced that it also would waive HIPAA sanctions and penalties against covered health care providers for good faith use of remote technology when communicating with patients and providing telehealth services. Understanding these waivers, or deciding whether a disclosure is permitted even without a waiver because the disclosure is necessary to protect the public against a serious and imminent threat, can be particularly challenging during a national emergency.
I am a patient. How can I authorize my providers to release my PHI to my family members?
You can find a Patient Authorization Form on our website. This comes in handy for parents who want to access information to assist their young adult children living at home or away at college who need help navigating and paying for treatment as well as for adult children who want to provide similar assistance to their parents and other family and friends.
Know who to consult for legal assistance.
The HIPAA statute and related regulations are lengthy and complex. If you have questions about HIPAA compliance or other regulatory matters governing health care providers, the Loganzo & Mantell team is here to help. To schedule an appointment, give us a call at (646) 791-2240. We can’t wait to hear from you!
Loganzo & Mantell PLLC
Latest posts by Loganzo & Mantell PLLC (see all)
- Spouse/Partner Consent. What is it and do you need it for your business? - October 28, 2021
