What Is HIPAA and How Does it Impact Electronic Health Records

HIPAA stands for the Health Insurance Portability and Accountability Act. Enacted in 1996, HIPAA is a federal law that protects the privacy and security of patient health information. This means whether your health information is stored in a paper record or an electronic record, it must be kept private and secure.
Nowadays, most healthcare providers have ditched traditional paper records in favor of electronic health records (EHR). While there are several benefits to storing information electronically, there’s also plenty of room for breaches in security and privacy.

To ensure HIPAA compliance, healthcare organizations must implement a variety of security methods to protect their patients’ health information, including passwords, PIN numbers, encryptions and logon and change audit reports.

 

What Is Protected Health Information?

Thanks to the introduction of electronic health records, healthcare professionals can easily store, update and share information about a patient’s health. The information can be accessed by doctors, nurses, lab technicians and pharmacists in real time, which makes it easier for patients to receive fast and accurate care.

Medical professionals must also protect the information they’re creating by maintaining HIPAA compliance. HIPAA rules apply to a broad spectrum of patient data, including:

• Personal details (name, SSN, home address, date of birth, phone number, photos)
• Full medical history
• Weight and BMI
• Allergies
• Past surgeries
• Billing information
• Medical claims
• Prescription details
• Treatment plans
• Discharge notes

All this data is considered protected health information (PHI), meaning medical professionals must store, access and share this information according to the HIPAA Security Rule.

 

What Are the Most Common HIPAA Violations?

Some violations can be due to willful negligence, but most result from a lack of proper employee education and training. The most common HIPAA violations include:

• No proper HIPAA training by employers or educational institutions
• Using digital technology that’s unsecured and vulnerable to breaches, like hacking and malware
• Exposing medical information by leaving computers unlocked or using paper instead of electronic files
• Improperly disposing of protected health information (not shredding or wiping hard drives)
• Releasing medical information to the wrong people without patient consent
• Disclosing the wrong patient’s information (usually done in error)
• Disclosing patient information in private conversations with family, friends and coworkers

Organizations breaking HIPAA policies can suffer devastating consequences, such as hefty financial penalties of up to $1.5 million dollars per year if the violation resulted from willful neglect.

 

Ensuring Workplace HIPAA Compliance

While there’s plenty of room for HIPAA violations to occur, healthcare organizations and businesses can take several steps to enforce safe handling policies for confidential patient information.

Businesses should strive to create comprehensive privacy policies and ensure each employee, regardless of their everyday responsibilities, receives proper HIPAA compliance training. Special attention should be given to administrative employees, such as medical billers and coders who manage patient electronic health records. These trainings should be delivered in a simple and straightforward manner, without overwhelming employees with legal jargon or unnecessary information.

Other ways to ensure HIPAA compliance in a workplace include:

• Having a dedicated HIPAA security officer
• Updating passwords every 90 days
• Minimizing the use of paper records
• Regular shredding of sensitive paperwork
• Encrypting emails and using SPAM filters
• Investing in reputable software security measures, like antivirus and antimalware programs
• Locking all computers that aren’t in use
• Verifying patient identity before giving out information
• Protecting the organization from theft by installing an alarm system, cameras and limiting employee access to keys and confidential information

 

Jumpstart Your Professional Medical Billing Career with St. Louis College of Health Careers in Missouri

Are you interested in being part of the ever-evolving healthcare administration field? A career in medical billing may be the right choice for you. As a medical biller, you’ll be responsible for effectively managing a variety of medical records. Medical billers are needed in all kinds of healthcare organizations, including hospitals, private practices and nursing facilities.

Take the first step in your healthcare career by exploring SLCHS’s Professional Medical Billing program. Our academically challenging coursework will give you a solid foundation and professional confidence to set your healthcare career in motion.

To learn more about our programs, call 866-529-2070 or fill out the form on our website.