Electronic protected health information (ePHI) is extremely private and its exposure could lead to negative consequences such as social stigma and job discrimination. HIPAA protects this information and grants patients the right to view their own health information so that they can enjoy more control over their care. Healthcare practices must therefore make sure that they got all their bases covered when it comes to HIPAA compliance. Below are four of the most important ones to consider.
If your practice has invested in, or is thinking about investing in, telehealth or mobile health (mHealth), you need to make sure that the tech you utilize is HIPAA-compliant. While most telehealth technology is HIPAA-approved, one or two additional measures might be required to make it compliant. An IT specialist should have no problem making sure your telehealth is up to code.
On the other hand, mHealth might be a little more problematic. While a lot of hardware and apps, including Fitbit and the Apple Watch, are HIPAA-compliant, it is a field that is still very new and constantly changing. Your best bet is to consult with an expert to make sure your mHealth services are following all the necessary regulations.
If your office has individually identifiable ePHI data on site, including information like billing records, appointment information, and test results, they must be kept on HIPAA-compliant devices and servers. A lot of medical practices that use cloud-based storage for their EHRs overlook this fact and opt for low-cost platforms that don’t meet certain minimums. While it’s good to have your EHRs ready to go on the cloud, make sure that your non-EHR data is protected as well. If it isn’t, you could be facing a fine.
If your practice has a website, HIPAA’s rules dictate that it must contain a copy of your updated protected health information notice for patients to access. If you have a website and this information is not currently posted, rectify this as soon as possible to avoid any problems.
Compliance to HIPAA regulations is not just limited to medical practices, healthcare clearinghouses, and health plan organizations.
Any business that has access, electronic or otherwise, to protected health information is also required by law to be HIPAA-compliant. This includes any accounting or law firms you work with that may already be accessing your files electronically to carry out work.
To avoid any potential trouble for your practice or its partners, it is best to ask them if they are HIPAA-compliant before partnering with them. If they aren’t, revoke all data access privileges, and make sure they take action to correct this issue immediately.