As an answering service that handles many medical accounts, we take HIPAA very seriously. But this is something that everyone in the healthcare industry should know about.
Editorâ€™s Note: This post was submitted by one of our valued guest bloggers. Enjoy!
The Health Insurance Portability and Accountability Act (HIPAA) turned twenty in 2016, but there are still a lot of misconceptions surrounding its role in society. HIPAA strives to protect private health information and provide the ability to transfer insurance between employers. Thatâ€™s just the tip of the iceberg, though. These five common HIPAA questions will help you learn the basics.
1. What does HIPAA do?
HIPAA has two main functions: portability and accountability. Portability refers to legislation that protects workers and their families from losing health insurance coverage when changing jobs or suffering a layoff. Accountability regulations protect the privacy and security of individual health information.
2. What information is protected?
In 2003, HIPAAâ€™s Privacy Rule defined private health information (PHI) as any piece of data that can be used to identify a particular individual. In 2005, the Security Rule established administrative, physical, and technical guidelines for handling electronic PHI. Unfortunately, a 2016 HIPAA compliance survey found that only 70% of healthcare organizations had a plan to become HIPAA compliant.
3. How does HIPAA protect electronic info?
In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH) created incentives for organizations that abandon paper files for electronic records. The rule also requires organizations to report data breaches that exceed 500 people. Four years later, the OMNIBUS rule made it legal for healthcare providers to keep PHI indefinitely. It also requires organizations to encrypt electronic PHI.
4. Who oversees HIPAA?
The US Department of Health and Human Services (HHS) oversees HIPAA. In 2006, the Enforcement Rule gave them the power to investigate complaints related to the Privacy and Security Rules and to fine organizations which fail to comply with these regulations. In 2011, HHS also began conducting compliance audits. However, the same survey found that only 40% of healthcare organizations were aware of the ongoing audits.
5. How compliant are organizations?
Itâ€™s difficult to say how many organizations comply with HIPAA guidelines. The federal government has been conducting audits for approximately six years, but none of their findings have been released to the public. While data suggests that most organizations are becoming more compliant, it has actually decreased in two key areas: surveyed organizations are providing less HIPAA compliance training and employing fewer security and privacy officers. Furthermore, compliance is lowest when it comes to electronic data. In 2016, a whopping 22% of surveyed organizations had not yet begun to catalogue electronic devices that contain PHI.
Looking to the future, it is important to consider the security of exchanging information electronically. As we settle into the technology era more companies are using social media sites, mobile phone applications, email, and texting to get in touch with their clients. To learn more about how advances in technology are affecting HIPAA compliance, check out this infographic…