Healthcare has moved into the digital age, largely doing away with paper records in favor of electronic health records (EHRs). If you're interested in a career in nursing or any other position in a healthcare environment, you’ll want to become familiar with the usage and functionality of EHRs in medical practice. But what you'll really need to pay close attention to are the Health Insurance Portability and Accountability Act guidelines and protocols. They dictate the management of care and record keeping for healthcare providers. Since it may seem like a different language to you, here are some frequently asked questions you may come across as a nurse about HIPAA.
What is HIPAA?
Passed by Congress in 1996, Health Insurance Portability and Accountability Act (HIPAA) sought to establish national guidelines for the electronic transmittal of health information. It was passed to determine privacy and security measures for patients' medical data.1 Under this law, the U.S. Department of Health and Human Services implemented the Privacy Rule, which set the standards for privacy regulation in healthcare. It was effective in April 2013 and gave providers a year to comply with the new stipulations.
What does it do?
Mainly, HIPAA set national standards for accessing and viewing pertinent health data. Prior to this national law, states determined the accessibility of medical records. HIPAA now makes states adhere to minimum standards. However, HIPAA provides several new provisions for patients' privacy that you should know when working in medical billing. First, it gives patients the right to see and request copies of their health records from providers. It also accounts for who's accessed a health record within the last six years.
What does it cover?
HIPAA protects any health information from patients' medical histories—past, present and future. This data has to be held by a healthcare provider, insurance plan or clearinghouse to be covered by HIPAA. It also has to be combined with identifying facts such as names and addresses or Social Security numbers.2 This data is referred to as protected health information, or PHI. It can be handwritten or entered into a computer or electronic health record.
How does HIPAA affect EHRs?
President Obama's signing of the Stimulus Law in 2009 established further health-related provisions that were included in the Health Information Technology for Economic and Clinical Health Act, or HITECH.3 It specifically dealt with managing healthcare IT and privacy of patient data. The law sought to generate electronic health records for every American by 2014, using nearly $19 billion in funds for a budget. It also determined punishments for facilities that violated HIPAA regulations regarding the secure protection of PHI. For example, a covered entity in Connecticut had a memory drive stolen from its property that contained the information of more than 500 patients, and the provider was forced to provide a financial settlement for failing to take appropriate action to prevent the security breach. However, HIPAA privacy measures have little effect on practices transitioning to EHRs.4 Many of the same rules apply between paper and electronic records, but providers have to adjust their practices to comply with HIPAA. Otherwise, the stipulations from the 1996 law remain the same.
What are best practices for HIPAA?
In order to avoid any possible penalties while working with HIPAA, there are some practices to consider adopting to stay in line with its standards. If you're working a nursing job with a medical practice, you should take inventory of the PHI in the office.5 Determine what kind of information you have on file and how it may require further security. It'll help reveal where leaks might occur and assist in developing a response strategy in case of breaches. You can also help the practice carry out a risk analysis on the possible vulnerabilities of electronic PHI. This way, the risks can be properly identified and managed. It's best to have a management plan in place that includes all aspects of the HIPAA Security Rule. The last thing any practice wants is to fail compliance regulations and find itself in litigation hearings with the government.
Although it may seem complicated, working with HIPAA has many benefits for both practices and their patients. If you're looking to start your healthcare career, learning about patient privacy and security is a great place to begin.
1https://www.privacyrights.org/HIPAA-basics-medical-privacy-electronic-age
2http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/
3http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
4http://www.medicalrecords.com/physicians/compliance
5http://www.healthcareitnews.com/news/5-best-practices-hipaa-security