HIPAA was designed to protect patient privacy. Every private practice owner should be mindful of guarding patient health information.
Nitin Chhoda explains the link between HIPAA and your electronic medical records system and what you should look for in an EMR vendor.
However, there are a few very important things to know about HIPAA regulations, especially if you are going to use electronic medical records.
First of all, the regulations are not as stringent for smaller practices. In many ways, HIPAA was designed to focus on the biggest offenders first, but design a roadmap for everyone to eventually follow.
At this point, all medical clinics must follow the HIPAA regulations. When the law was first written and adopted, practices were given a lot of time to transition to the new forms and standards.
Some adjustments were made to accommodate problems that were discovered through the process. Compliance dates were set for 2003 and some as late as 2006. The National Provider Identifiers had to be used starting in 2007 and the smallest plans had a deadline of 2008.
HIPAA Regulations Related to EMR
Some of the most specific parts of HIPAA regulations are about maintaining and sharing medical records, and especially electronic medical records. It is likely that any practice that has been operating for any amount of time will already know about HIPAA regulations pertaining to documentation, and there are many places where you can find out what the standards are.
Most importantly, you should remember that if another medical provider asks for information about a patient or patients, you are only allowed to do so with permission from the patient and under conditions that merit the transfer of electronic health records.
Privacy is a major part of HIPAA regulations, so always err on the safe side when handling patient health information.
The technical safeguards detailed by HIPAA regulations include a few specifics that you must know about if you are operating a medical facility of any kind.
Some of these are obvious, such as the requirement that monitors should not be situated in a way that allows patients to see private information of another patient. A few more are listed below.
- Access to hardware, software, and any equipment that contains health information is limited to authorized personnel and should be monitored carefully.
- HIPAA regulations of individual practices and covered entities must be documented and submitted to the government so compliance can be verified.
- Risk analysis and risk management programs must be in place, to assess how safe private health information is within the clinic and on the computers.
HITECH Act Effects on HIPAA
The HITECH Act was enacted in 2009 as part of the American Recovery and Reinvestment Act. There are a few requirements made that effect HIPAA regulations compliance.
First of all, if a HIPAA covered facility experiences the theft or exposure of private health information of over 500 patients, they must report the breach to the media, the patients, and the Dept of Health and Human Services. There are also regulations about how electronic medical records can be shared and stored.