- HIPAA is an Act that protects all patient health information from getting lost or stolen electronically or physically.
- Businesses involved in handling health information are to be HIPAA certified down to the employees who encounter patient information firsthand.
- Employees who handle patient health information should be mindful of their actions regardless of their work setup as there is always a potential risk of exposure everywhere.
- My RCM Group follows HIPAA rules and regulations and is up-to-date in its system that will not allow potential data breaches.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 is a federal law that serves to protect sensitive patient health information (PHI) from public disclosure without the patient’s consent, getting lost, or even stolen. All health industry parties dealing with sensitive patient health information should be HIPAA certified to promote cautious handling of PHI and will be legally liable if a violation was proven. Medical billers, coders, physicians, nurse practitioners, medical assistants, and the entire health business workforce are trained and certified for HIPAA if they are to encounter this type of information in their work. The US Department of Health and Services summarizes it into major rules.
The Privacy Rule
HHS defines the Privacy Rule as the “establishment of national standards to protect individuals’ medical records and other individually identifiable health information (collectively defined as “protected health information”) and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.” This rule protects PHI from unauthorized use or disclosure.
The Security Rule
HIPAA Security Rule defines which information is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronically protected health information. This pertains to the different safeguards put in place physically, technically, and administratively. Physical safeguards cover the protection of PHI in the office where it is stored. Technical safeguards deal more with the cybersecurity of the PHI or in this matter ePHI (Electronic PHI). Data backup, antiviruses, encryption, and firewalls are examples of this. Administrative safeguards are more on the work guidelines and staff training for compliance with rules and regulations in handling PHI or ePHI.
The Breach Notification Rule
For more than 500 patients the entities covered by HIPAA “must notify the Secretary of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of the breach within 60 days of the end of the calendar year in which the breach was discovered. (A covered entity is not required to wait until the end of the calendar year to report breaches affecting fewer than 500 individuals; a covered entity may report such breaches at the time they are discovered.)”
The Omnibus Rule
Business associates are mandated also to be HIPAA compliant if they wish to be in partnership with an already HIPAA compliant party and Business Associates Agreements (BAAs) should be outlined as well surrounding HIPAA prior to the partnership.
Even if what may seem to be an honest mistake, any person or company can be charged with penalties if a PHI has been breached. Back In August of 2012, a large oncology practice in Indianapolis, the Cancer Care Group, was charged with a whopping amount of 750, 000 USD for a data security breach after an employee’s car was stolen, and inside of that car was a laptop containing PHI of 55,000 patients along with their insurance information and social security numbers.
HIPAA Certified Medical Billers and Coders
Down to the level of medical billers and coders, where raw patient health information is collected and disclosed, the exposure of this information is very likely and should be handled discreetly and privately as possible. Aside from their work ethics, another blanket of precaution should be kept in mind to avoid breaches in the PHI. Training is provided for HIPAA Certification; a standby technical support group is placed in cases of systems malfunctions and highly secured office software is used to make sure information is not leaked as it goes through the entire cycle.
My RCM Group ensures all staff are HIPAA compliant and utilize software tightly protecting our work tools to prevent potential data breaches. With us, you can rest easy as we handle private patient information with utmost care and privacy. Communication with insurance companies, patients, and providers is dealt with using HIPAA-compliant applications and all data are always encrypted when they are handled throughout the process.
Tips for HIPAA Compliance
Don’t work in public. If you are working with any HIPAA sensitive information or any tasks dealing with private health information, it is best not to work in any public areas or any crowded workplace with people who are not HIPAA compliant. A coffee shop is a common out-of-office and out-of-home place where people can work at their own pace but is actually very exposed to prying eyes.
Volume down. PHI discussions between workers cannot be avoided sometimes, especially if the person you need to talk to about is just right around the corner. The risk of being overheard by other people is always possible if you talk loudly and you may be at risk of violating HIPAA therefore set your volume to a level that only your intended worker can hear.
Secure your digital tools and the information highway. Hacking incidents are always a threat to the digital community. Use a VPN to encrypt your internet connection data when working with HIPAA – sensitive information. This is available also as a phone application and will prevent outside parties from snooping and will hide over all your activity. Computer system updates maybe sometimes a bother for some people but this may actually help improve your settings as viruses and malware are also continuously updated by hackers. A strong antivirus will be a good investment to protect your work and your computer as well.
Never mix work with your personal hustle. You may prefer working with everything on one laptop since all your personal clutter and workload is more easily accessible if everything is in one place. Company-provided laptops, once provided, should only serve the purpose of work. If a personal laptop is also being used for work, use separate calendars and mail apps for work from your other personal life events and be organized about it. If the same application is used for work and personal matters, account management in the settings is an option so as to not mix these two.
Always sign out. Whether working on-site or remotely from home, always make it a habit to sign out from your work account. This is to prevent unauthorized access from non-HIPAA-compliant people or maybe plainly just from those with bad intentions. Merely an unintended exposure of a PHI with your family can get you in trouble.
Coordinate with your support team on security protocols. Your technical support team is there to continuously oversee and guide you should you have any concerns with your computer. Software updates, technical concerns, and systems checks are under their supervision and they should be alerted immediately if anything suspicious has caught your attention.
Utilize HIPAA-compliant software and cloud services. HIPAA-compliant software and cloud services are used by most health organizations that follow strict protocols in handling patient information and their patient encounters. Daily activities are stored and backed up by these and have strict security settings to avoid third-party hacking. Google Drive and Microsoft OneDrive are actually HIPPAA-compliant and are being used by most healthcare businesses in filing, communicating, and storing PHI-sensitive information.
References:HIPAA for Professionals | HHS.govGroups hit with record $4.8M HIPAA fine | Healthcare IT News
Want To Learn More?
Book an appointment with us for a NO-COMMITMENT and totally FREE consultation!