The Health Insurance Portability and Accountability Act (HIPAA) protects electronic medical records. Its Privacy Rule affects everything a medical transcriptionist does. While there is a lot of detail to learn, noncompliance can be very expensive and may even lead to criminal charges and imprisonment.
What is HIPAA?
HIPAA is a federal law that Congress passed and President Clinton signed in 1996. Title I is about health insurance coverage when workers lose or change their jobs. Title II covers electronic medical record-keeping and is what we will look at today.
In general, Title II protects individual health information without delaying the necessary flow of health care information. Its Privacy Rule spells out which businesses are covered and sets up very specific requirements for how they handle electronic medical records.
HIPAA Privacy Rule
According to the US Department of Health and Human Services , “The Privacy Rule standards address the use and disclosure of individuals’ health information-called ‘protected health information’ by organizations subject to the Privacy Rule – called ‘covered entities,’ as well as standards for individuals’ privacy rights to understand and control how their health information is used.”
Protected health information relates to someone’s physical or mental health, the care they get, or payment for that care. There must also be something in the information that can identify the patient.
Covered entities are health plans, health care providers and health care clearinghouses. Medical transcription companies and independent contractors who get personal health information from covered entities are called business associates.
The Privacy Rule in Title II is very detailed. Here are some of its most important requirements.
HIPAA requires covered entities and business associates to have written privacy policies and procedures for handling protected information. Someone must be responsible for seeing that privacy standards are followed and that both employees and independent contractors get regular training about them.
In addition, there have to be appropriate physical, technical and administrative safeguards. This obviously includes shredding documents, but it also extends to things like keeping the work area secure and using passwords when a computer boots up. It could even mean destroying the hard drive, if there is protected information on it, when changing computers.
There is much more to HIPAA compliance. It’s worth it to get familiar with all the details because an infraction has serious consequences.
Civil penalties can run up to $50,000 per violation and are handled by the Department of Health and Human Services. If someone knowingly violates the HIPAA law, the Department of Justice takes over. Criminal penalties go all the way up to 10 years in prison plus a $250,000 fine.
HIPAA pays off for everybody because it protects individual medical records without hindering the flow of health information. While medical transcriptionists will need to spend some time and effort on learning about the Privacy Rule and staying up to date with HIPAA compliance, that’s a lot easier than having to deal with the penalties and fines that come with violations of the law.
” Summary of the HIPAA Privacy Rule ,” US Department of Health and Human Services.
” Business Associates ,” US Department of Health and Human Services.
” Combined Regulation Text of All Rules ,” Title II only. US Department of Health and Human Services.