HIPAA, or the Health Insurance Portability & Accountability Act (HIPAA) is a civil rights law which gives patients control over the use and disclosure of their health information. If you work in the healthcare field, you are required to ensure the privacy and security of your patients’ protected health information (PHI).
Communications in your daily work (whether electronic, written, or oral) about your patients can contain sensitive information which is protected by HIPAA. A patient’s protected health information should only be used or released if absolutely necessary for treatment, payment, or healthcare operations, in order to provide adequate care and fulfill your responsibilities as a health care provider. To understand how to maintain compliance with HIPAA laws, you must understand what consitutes a breach.
A breach, according to HIPAA laws, is the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security or privacy of the information. When the HIPAA law is violated by a breach, the health care professional and/or organization responsible can face very serious consequences, such as termination, prosecution, or civil penalties.
To prevent breaches, always keep patient information confidential and follow your organization’s security practices. Here are some examples of breaches and what NOT to do:
Sending PHI to the wrong recipient, whether via fax or other means of communication.
Sharing PHI on social media, blogs, or with family and friends.
Throwing any form of PHI in the trash, instead of a shredding bin.
Reviewing medical records when it is unnecessary to perform your duties as a healthcare provider.
What do I do if I believe there has been a breach of PHI in my organization? Contact your supervisor to discuss the possible breach immediately.
Employees who do not take care of sensitive information can lead their organizations into fines, increased operating costs, loss of customer confidence, and even more governmental regulation. Do your part to keep sensitive information safe at all times.
The tips included in this message are meant to remind you to keep sensitive information secure. Remember, your organization’s privacy, security, and compliance policies for handling sensitive information should be followed first and foremost.