Skip to main content

What HIPAA does and how the healthcare industry has been complying

HIPAA, or the Health Insurance Portability and Accountability Act, has been a huge source of interest since cyberattacks became prevalent in the business world. Many people have argued that hackers will begin to focus on the healthcare industry, due to lack of innovation in cybersecurity affecting a variety of equipment.


HIPAA privacy and procedures

Both healthcare providers - such as dentists, hospitals, pharmacies, laboratories and health plan providers - and business associates are affected by HIPAA. The whole point of the act is to ensure that these entities maintain the privacy of sensitive records, whether these take the form of electronic documentation or paper reports.


The act also determines what can and cannot be shared by healthcare providers. For example, according to HIPAA, professionals can share confidential information if a life or lives are in danger. This was established by the Tarasoff v. Regents of University of California ruling. A psychologist was unable to warn Tatiana Tarasoff (due to confidentiality) that a man was planning to kill her after he confided his homicidal plans to the professional. The psychologist was unable to warn Tarasoff because of the laws in place, and she was murdered. Providers now have a duty to inform any third party that they're at risk of violence or a contagious disease. Not only does HIPAA keep people safe, but it may help those related to patients feel at ease. HIPAA allows healthcare clients to sign over professionals' ability to disclose information to friends and family, such as a patient's rate of deterioration.


HIPAA and cybersecurity

 

mHealth News reported how healthcare providers are increasing their use of laptops, personal devices and other forms of technology. This has made it easier to deliver prescriptions and inform patients about their health, as well as provide medicine in a fast, flexible and informative way.


However, use of technology in this industry has caused concern. There have yet to be firm regulations on what health care providers have to maintain in terms of cybersecurity. mHealth News mentioned that encryption for medical records is a gray area within HIPAA compliance, as the law only suggests professionals encrypt "whenever deemed appropriate."


A lack of encryption is extremely risky for digital health care records. Email encryption has become a basic necessity for those in the corporate world - since emails hold incredibly sensitive data, they are often the first channel hackers focus on to compromise electronic information. This was evident in last year's attack on Sony Entertainment, when executive emails were released to the public. The source insisted health care professionals encrypt information even though this is not yet a standard under HIPAA.


HIPAA compliance in the medical community

NueMD conducted a survey last year regarding HIPAA compliance among healthcare providers and found that only 58 percent of respondents said they had a HIPAA plan in place. Additionally, 23 percent said they had no plan at all and 19 percent were unsure.


This is bad news for many healthcare professionals, as HIPAA will be conducting Phase 2 audits this year to review both healthcare providers and business associates. Mike Sacopulos, CEO of the Medical Risk Institute, estimated approximately 85 percent of small to medium-sized medical practices have a deficiency in their processes, according to Physicians Practice.


Healthcare Dive suggested practices take action to achieve HIPAA compliance. Conducting a risk analysis of a practice to determine where there may be violations is a good first step. Then, further addressing OCR audit program protocol to be prepared for the 2015 audits.
Overall, HIPAA compliance requires properly training medical professionals. Supervisors should be open and willing to help those who feel as though they're behind in regulations and practices, and in turn, patients and staff will benefit.

 

David Bailey is Senior Vice President at Protected Trust. 

Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services.  More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.

 

 

Add Comment

Comments (1)

Newest · Oldest · Popular

What's really comical is while MFP vendors are touting the great features of their HIPAA complaint systems, walk through a typical sales office and I guarantee you'll be able to find a lease with a personal guarantee and a person's SS# left out somewhere on a desk.  

Post
×
×
×
×
Link copied to your clipboard.
×
×