Holidays or no holidays, HIPAA fines are always a possibility. That’s why OnPage took the opportunity at the beginning of December to co-produce a webinar with HIPAA scholar and lawyer Matt Fisher. Matt is a partner at the law firm of Mirick & O’Connell and has advised numerous hospital clients on how to maintain HIPAA compliance.
The webinar, entitled How to Avoid a HIPAA Fine, is instructive in separating HIPAA fact from HIPAA fiction. It let viewers know what they can do to accommodate HIPAA requirements and what practices must be avoided in order to dodge the pain of hundreds of thousands of dollars in HIPAA-related fines.
Who is required to follow HIPAA?
HIPAA law is not nearly as restrictive as may be initially believed. However, at times it can seem complicated. Part of the complication stems from knowing who exactly is required to comply with HIPAA law and who is not. Essentially, there are three groups that must comply with HIPAA:
What does HIPAA require?
The question then becomes one of what does HIPAA require? At its core, HIPAA law focuses on privacy and consent to ensure patient confidentiality of their PHI. This means that patient information must be stored in a secure manner and have a patient’s consent to be shared. There are, of course, exceptions.
For example, patient treatment and payment do not require patient notifications or consent. Furthermore, collaboration between two physicians on a patient’s diagnosis or treatment does not require patient consent. However, if patient information is exchanged between physicians in a digital manner, HIPAA states that the information must be encrypted.
The encryption of patient information provides another wrinkle to HIPAA requirements. HIPAA requires that all patient information and records must be secured and encrypted. This means actual patient charts and records as well as exchanges regarding patient needs must be encrypted. Additionally, all digital exchanges that specifically reference a patient’s status or condition must also comply with HIPAA standards.
The potential impact of not following these rules is that the information can be breached. For example, if a physician sends a request for a consult through Gmail and the email mentions the patient name and condition, that could be considered a breach. There is no expectation that the Gmail account is secured.
According to the legislation laid out by the HITECH act and codified by Omnibus Rule of 2013, if the information in the Gmail is accidentally sent to the wrong account the clinic is required need to notify person affected, the government and potentially the media if more than 500 individuals are breached
Requirements for HIPAA Compliant Messaging
So given HIPAA’s importance and the impact on a clinic of a violation, practitioners need to ensure that any exchange of PHI is secure. As PHI is often exchanged through digital messaging, you have to know how to exchange HIPAA secure messaging.
OnPage’s Bill Van Loon picked up this part of the webinar and laid out the requirements for HIPAA compliant messaging. Bill laid out the following requirements:
Conclusion
Avoiding a HIPAA fine is not impossible but it requires practitioners and administrators to be thoughtful and err on the side of caution. Part of this thoughtfulness is achieved by building secure messaging into HIPAA infrastructure.
In a world where physicians are focused on improving patients’ lives, it rests with administrators, managers and the C-suite to drive change. These cohorts need to ask the questions that will affect change.
Watch the full video to learn how your practice can avoid a HIPAA fine!
Gartner’s Magic Quadrant for CC&C recognized OnPage for its practical, purpose-built solutions that streamline critical…
Site Reliability Engineer’s Guide to Black Friday It’s gotten to the point where Black Friday…
Cloud engineers have become a vital part of many organizations – orchestrating cloud services to…
Organizations across the globe are seeing rapid growth in the technologies they use every day.…
How Effective Are Your Alerting Rules? Recently, I came across this Reddit post highlighting the…
What Are Large Language Models? Large language models are algorithms designed to understand, generate, and…