HIPAA [Healthcare Compliance Tips]

Get serious about HIPAA.

The Health Insurance Portability and Accountability Act of 1996 or HIPAA is a law that is designed to protect patient medical information.  Your compliance team or representative will play a role in ensuring your practice is completing this correctly.

The HIPAA Privacy Rule consists of two parts, such as:

Part One

This section of the rule describes the responsibilities of how covered entities should use, disclose, and protect all patients PHI.

Part Two

In this portion,  PHI is discussed regarding patient’s rights and the information within their medical record.

Overall, this rule defines and limits the way information is disclosed or used by covered entities.  It’s also dependent upon the situation and information type, in which there are different requirements regarding authorization and disclosure of PHI in the following levels:

Level 1

• Disclosure of PHI without the need of patient written authorization and without the need to obtain patient’s agreement or disagreement.

Level 2

• No need for patient’s written authorization but the patient has the right to agree or disagree to disclosure.

Level 3

• Specific written authorization must be received from the patient or their legal representative to disclose the PHI.

Remember, HIPAA requires that all records and complaints are kept for six years after the initial date.  However, since the False Claims Act states ten years, it is best that you keep your records per that timeframe.

**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties.  Research, modify, and tailor the advice to fit your specialty.