HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. This act was created specifically to assure the rights and privacy of each individual's health advice, medical care and medical records be kept confidential. The HIPAA act suggests that every patient be treated fairly and equally---regardless of her medical condition.
Who is Protected?
Any person who receives any type of medical or medical related care in the United States is protected under HIPAA regardless of age or circumstance. Examples of care include going to a doctor for a strep test, getting one's teeth cleaned or having surgery. The HIPAA rule also protects the patient's personal and medical information when multiple locations are used to undergo medical care, advice or treatment.
Type of Information Protected
The type of information that is protected under HIPAA includes any type of consultation or treatment that is included in the patient's chart. Not only does HIPAA protect against unwanted access to medical records, but it also excludes personnel from verbally speaking about that information outside of the treatment process. Any personnel who work in a medical or health care facility must abide by this rules.
Phone calls and direct inquiries from others, other than the patient and treating physician, are also strictly forbidden. Treating physicians can only discuss treatment with the direct care team responsible for the patient. Other medical professionals may not access or discuss patient information without the patient's written consent or a Durable Power of Attorney if applicable.
Examples of HIPAA Violations
Here are some examples or possible scenarios of HIPAA violations:
The wife of Mr. Brown has just visited her family doctor to have blood work and tests done to see if she has cancer. Three days later Mr. Brown calls the doctor's office to inquire about his wife's test results without her written or verbal consent. The receptionist immediately tells Mr. Brown that his wife's test results are back and she has stage-3 liver cancer with metastases.
In this case, the receptionist violated HIPAA laws and regulations by discussing personal medical information with the husband, even though he is a close family member. Because there was no verbal or written consent from the patient prior to the phone call, the receptionist is in violation of HIPAA laws.
Jody works in the medical records department for a hospice organization. At lunch one day she meets her best friend Tracey. Tracey says to Jody, " I heard that John Smith is on hospice care now because he has end stage COPD---he's my neighbor and his wife confided in me." Jody responds, "I was just setting up his chart yesterday. He's so young to have COPD, too bad he doesn't have much time---that poor family."
In this case, the cleark is in clear violation of HIPAA laws. Even though someone else informed her of a patient's medical information, whom she already had clear knowledge of, Jody should have stated that she could not comment, agree or disagree with any information in a patient's medical record.
Types of Businesses who follow HIPAA Rules
There are several types of businesses that must follow the rules and regulations set forth by HIPAA. The first being insurance companies that provide health care plans to individuals or businesses. Some of these health plans may include those that cover strictly dental and vision, HMOs, private insurers, Medicare, Medicaid, prescription drug insurance agencies, and supplemental insurance agencies. Health care providers are the most at risk for violating HIPAA because they deal with direct patient care and contact. These include doctor's offices, hospitals, clinics, dentists, pharmacies, medical equipment providers and other health care providers that provide direct medical care to an individual. Businesses that track medical statistics among hospitals or gather numerical data about certain diseases also fall under the Health Insurance Portability and Accountability Act.
Enforcement for Non-Compliance
For employees and employers that violate HIPAA, aside of facing possible job termination, there are additional enforcements that can also take place. As of 2009, a minimum of $100 per violation up to $1.5 million dollars capped per organization per year are the standards. In cases where an individual or business discloses or knowingly obtains an individual's medical or health records for personal or financial gain; criminal charges may be involved. These penalties are the result of a direct complaint or charge filed by the Department of Health and Human Services, Office for Civil Rights. The Office for Civil Rights will conduct a thorough investigation shortly after a complaint is made and proceed with enforcement if applicable.
Member Comments