The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the Congress. It was enacted to guarantee that people may transfer their health insurance from one business to another as their careers progressed or they relocated across the country. It was also designed to facilitate the transfer of medical records from one health facility to the next. Finally, HIPAA emphasizes patients’ right to privacy when it comes to their medical records.
Despite the fact that it has been in effect for almost two decades, many individuals are unfamiliar with HIPAA. If you are found in violation of this law, claiming ignorance will not prevent you from being punished. The fines are substantial; you do not want to end yourself on the wrong side of the law – fines vary from $100 to $5,000 per infraction. The maximum penalty for each infraction is $1.5 million.
So we’ve made it simple for you by gathering HIPAA facts to guarantee you’re in compliance:
Employer-Sharing of Health Information
A medical institution can only share a patient’s medical records with the patient’s written permission.
The authorization must include the information to be shared, the identity of the person who is permitted to use the data, the authorization’s expiration date, and the individual’s signature.
HIPAA Compliance is Required
The HIPAA regulation requires healthcare institutions to follow rigorous requirements. Compliance may appear to need a lot of staff training, and you may put off doing it, but you must do it eventually.
Information sharing between doctors
The transfer of your medical records from one doctor to another does not require your agreement as a patient.
Without the patient’s agreement, the doctor is allowed to share health information for treatment, payment, and healthcare operations.
Obtaining Prescriptions for the Patient
Another person can pick up medications, medical supplies, or any other types of protected health information on behalf of a patient.
Medical Records Are Shared With Family Members
Healthcare organizations are permitted to exchange information directly related to a family member’s engagement in the patient’s treatment.
Using Patients’ Information in Marketing
HIPAA prohibits healthcare companies from marketing to patients based on their medical records. They can only do so if a patient has given them written permission to do so.
However, broad conversation is permitted.
Finally, it is critical to educate yourself on HIPAA compliance requirements and instruct your employees on what constitutes a violation. As a patient, you should be aware of HIPAA in order to protect your personal health information from being abused.
Ready to learn more about how eRemede can help ensure that your practice stays compliant? Book a demo here today!