Privacy rules were introduced for the HIPAA or Health Insurance Portability and Accountability Act after a few years that have strict provisions for keeping protected health information of patients safe. HIPAA has put out both monetary and criminal penalties for non-compliance of these provisions. If you are a business or employer of any entity that is covered, you will need to be compliant as well. Below you will find some ways that will help you to assure compliance with HIPAA Privacy laws.
PHI or Protected Health Information is a part of HIPAA Privacy rules and must be followed. To follow PHI regulations with minimum disclosure is to only release bare information for the purpose of insurance payments and treatments to concerned parties. Additionally, these disclosures can be made without public interest, law enforcement and authorizations.
Importance of authorization should be understood. Besides HIPAA laws approving disclosure of permitted PHI, all unauthorized access should be safeguarded against. A written authorization given by the patient will need to be obtained for any disclosure of any reason even for family members.
Sometimes, business associates that are not covered are contracted by covered entities. These associates would need to sign a contract to assure all privacy and security measures are taken to ensure privacy of personal information.
The covered party is allowed to disclose secured information in some instances for research or marketing. However, all information that will give away the patients identity should be removed. This would include their name, phone number, address and social security. In addition, required measures to assure patients identity should be asked of marketing and research personnel to avoid any unauthorized access.
All patients will need to be given a copy of the Notice of Privacy Practices or (NOPP) which explains to them how you are safeguarding their PHI. Also mentioned should be instances where patients’ information can be disclosed without permission. All names and personnel contacts both inside and outside the covered entities that patients can reach need to be enclosed.
Last, an in-house policy that enforces HIPAA laws is a must and you as an employer will need to provide employees the proper training. This will ensure compliance is met for all HIPAA Privacy rules within your organization.