HIPAA laws are designed to protect unauthorized access to a patient’s personal and medical information.

Nitin Chhoda elaborates on HIPAA regulations and how to comply with them to avoid fines and penalties in your practice, and the role that your electronic medical records (EMR) system plays in the process.

HIPAA complianceHIPAA or known as the Health Insurance Portability and Accountability Act of 1996 is something with which every therapist must be closely acquainted.

The act sets forth the rules regulating patient privacy and security, and the way personal health records are collected, maintained, used and shared.

Therapists are in possession of sensitive client data each day and clinic owners must take steps to safeguard the security of those documents. Practice owners that aren’t in compliance with HIPAA regulations will find themselves facing harsh and costly fines, along with civil and criminal penalties.

HIPAA Regulations

The HIPAA privacy rule protects patients by prohibiting the release or sharing of individually identifiable health information. It applies to all forms of communication, including oral, paper or electronic.

Protected data includes a patient’s past, present and future medical condition. It includes demographic information such as name, address, date of birth and insurer information. There are exclusions under HIPAA, but therapists must be absolutely sure they’re not violating the law. The parameters are quite narrow concerning the release of client data.

There are unique circumstances in which a patient’s data can be divulged. For example, if the president declares a state of emergency or the Secretary of Health and Human Services declares a public health emergency. The client’s own health information can be released to them if they make the request in writing. HIPAA also makes provision for the release of information to parents and legal guardians of minors.

The usage of unidentifiable information is more liberal. It can be disseminated when used for public health reasons and research. Data can also be included in a wide range of marketing efforts, as long as no data leads back to a specific client, including names, addresses, social security and insurer data.

State Laws and Disclosures

HIPAA regulationsTherapists must also be cognizant of state laws of disclosure, always keeping in mind that HIPAA rules supersede state requirements.

Typically, states can divulge information to prevent payment fraud or abuse, for state reporting on healthcare costs and regulation of controlled substances.

As more clinicians implement electronic medical records, the question of documentation security will continue to grow and evolve to meet the changing needs of electronic medical record systems.

Physical therapy documentation software ensures practice owners are HIPAA-compliant, while providing superior security and safeguards. User login information and verification are required for authorized personnel.

The Connection between your EMR Provider and HIPAA

In an effort to comply with HIPAA requirements, consider the use of an EMR system. With a web-based system, records are maintained in the cloud instead of on local computers, laptops and tablets, where they’re safe from fires, floods and other natural disasters.

Server-based systems are kept and maintained on-site. Therapists run the risk of having equipment stolen that contains personally identifiable patient information. Identity theft and disgruntled employees also place records in danger.

Complying with HIPAA guidelines isn’t optional, it’s the law. It’s one that can cost practices dearly if patient information isn’t adequately protected and is inadvertently made available to unauthorized third parties.

Recent penalties for infractions ranging up to $1 million amply demonstrate this. It highlights the need for clinicians to ensure staff members are trained in privacy regulations and procedures. Even innocent mistakes could lead to penalties that can cripple a private practice.