HIPAA and You: Protecting Patient Privacy

HIPAA & You: Protecting Patient Privacy

Maintaining patient confidentiality is no longer just a matter of keeping private information you learn on the job to yourself. The storage of individual patient records in large computer databases brings its own threats of theft, hacking, and privacy breaches.

The healthcare industry is growing by leaps and bounds. There are many people searching to for a meaningful career with good hours, good benefits, and a higher pay. The healthcare industry can provide that and you do not have to spend four to eight years on an expensive college education to be eligible for a career in the healthcare industry.

If you want to pursue a career in healthcare, regardless of whether it is a clinical or a clerical role, you’ll need to have a sound understanding of the standards for privacy of individually identifiable health information. These standards were established by the U.S. Department of Health and Human Services (HHS) in December, 2000 to implement the privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and are generally referred to simply as the HIPAA Privacy Rule or HIPAA Privacy.

Candidates for positions who are already trained in HIPAA are valuable because it means you won’t have to go through training with the company on HIPAA before you are able to start working. Your job, and your paycheck, will start sooner when you have this knowledge from the word go.

The purpose of HIPAA Privacy

The privacy rules established under HIPAA carefully balance two potentially conflicting goals: protecting individual’s medical information and ensuring the flow of such information when it will promote positive medical outcomes for individuals or the community.

To achieve these aims, the Privacy Rule requires healthcare providers and employees such as medical administrative assistants, billers and coders, and other health information specialists to strike a careful balance. Sharing information when necessary and permitted, while still protecting the privacy of those who seek care and healing.

Who is covered by the Privacy Rule?

HIPAA Privacy applies to a wide range of healthcare organizations and their business associates. Organizations that must adhere to the rule are referred to as ‘covered entities’. In almost any healthcare career you choose some or all of HIPAA’s privacy rules will apply, including:

  • Direct health care providers, such as hospitals, physicians practices, dental practices, community medical clinics, and so on.
  • Health plan providers including health, dental, vision, and prescription drug insurers, health maintenance organizations (HMOs), Medicare, Medicaid, and Medicare supplement insurers, and most long-term care insurers.
  • Health care clearinghouses which function as intermediaries forwarding claims information from healthcare providers to insurance payers, checking the claims for errors. Clearinghouses are covered by slightly differed rules under HIPAA Privacy, since they are only business associates of medical organisations, not health providers themselves.

As you can see, no matter the facility you work in or the positions you hold in the healthcare industry, they will all need a proficient knowledge of HIPAA rules and regulations.

What kind of information is protected?

The Privacy Rule protects all health information about patients and customers that is individually identifiable. Whether an individual’s information is simply kept on file or is transmitted – whether on paper, electronically, orally, or by any other means – their privacy must be ensured.

Individually identifiable health information can include anything that relates to:

  • An individual’s past, present or future physical or mental or physical health
  • The provision of health care to an individual
  • Information about the past, present, or future payment for the provision of their health care where this information contains details that could identify the individual.

These details could be as obvious as the person’s name and address, or something more subtle such as demographic information which could be used to identify the patient.

HIPAA is essential for entry-level healthcare careers

A solid understanding of HIPAA rules around privacy is very important if you want a career in the healthcare industry. Hospitals, medical clinics, dentists, and other healthcare providers know it isn’t enough simply to have management understand HIPAA Privacy, because breaches can occur at any level.

Anyone working in healthcare will, at one time or another, be dealing with protected patient information. That’s why you need a solid understanding of HIPAA – and a certification that demonstrates it – before you start searching for entry-level healthcare jobs.

Why is HIPAA training highly valued in healthcare?

While the privacy rules discussed above might seem straightforward enough, proper training is required to ensure they are followed strictly. Due to the inherent vulnerability of patient information, privacy breaches can occur unintentionally. On top of that, strict protocols and intensive vigilance are required to prevent more nefarious breaches by employees or outside parties.

There are high penalties associated with non-compliance with HIPAA rules and regulations. Beyond that, doctors offices, hospitals, and other healthcare industries know that if there is a breach in HIPAA it will be widely reported on and they will lose the trust of their patients in regards to their medical privacy. Money will be lost because patients will be lost. This is why the utmost care is taken to training everyone who works with patient information in any capacity is highly trained in these rules.

Isn’t common sense enough?

While the HIPAA Privacy Rule is fairly simple in principle, in practice it is easy to violate through simple carelessness or seemingly innocent behavior. A healthcare employee might feel that, so long as they are not actively sharing patient information with third parties, they are protecting patients’ privacy but this is not the case. Examples of ‘innocent’ behavior that actually constitutes privacy breaches include:

  • Grabbing a coffee or taking a bathroom break, leaving a patient file on your desk where it could be accessed improperly.
  • Emailing information relating to a patient to yourself so that you can catch up on work at home.
  • Discussing protected information with a co-worker in an area where you could easily be overheard by members of the public.
  • Forgetting to logout of a work computer that contains individually identifiable health information.

As such, it is very important to employers in the healthcare industry that all employees have a thorough understanding of the rules, to avoid such mistakes.

Is patient information vulnerable to hacking?

Healthcare IT News sites 39 examples of cyber breaches of patient privacy for 2017, up to the end of October. The threat of data theft is always presence where large amounts of personal data is collected.

Due to the necessity of storing and transmitting patient information in multiple mediums and between various organisations, this information is always vulnerable. For this reason, it’s important that the entire staff – from entry level medical assistants to doctors and management – have a thorough understanding of HIPAA Privacy as well as strong cyber-security systems and information sharing protocols, every member of staff must help contribute to a work culture that respects and protects patient privacy proactively at all times.

What are the financial and public relations consequences?

An important reason employers want staff trained in HIPAA Privacy is the potential for legal and financial repercussions, as well as damage to their reputation, if breaches occur. The HHS can impose fines of $100 per offence, up to a maximum of $25,000 for multiple violations of an identical requirement. In large organisations where huge volumes of sensitive information change hands every day, even small privacy breaches can add up quickly leading to large fines.

Proving your HIPAA Privacy knowledge

It is well worth your time to get HIPAA training before applying to a job as it will give you a substantial leg up over other candidates applying for the same position without training in HIPAA privacy rules and regulations.

A career in the healthcare industry is one of the best you can begin to give you job security. With the rising need of healthcare, the demand for healthcare professionals outside of practitioners is in even greater demand given the complex task of running an office to compliance with the many rules and regulations that come along with the field.

If you are already certified in not only HIPAA, but other healthcare industry certifications that CCI Training Center can help you prepare for, you will be a valuable asset to any healthcare industry company or facility.

Without a doubt, employers want to know that you are able to manage personal patient data responsibly and that you will adhere to the HIPAA privacy rules. But training takes time, so they would much prefer it if you already understood prior to employment. That’s why CCI Training’s Health Information and Medical Assistant programs include in-house certification and training for HIPAA Privacy in Dallas and Arlington.

Start on the path to your new life with CCI Training Center today. Our staff is ready and waiting to answer your questions and help you put together a training program that fits your needs. Our class schedules are flexible, so while you are training for your new career, you will not have to take time off of your current one. We are excited to get you on your way to a new career in the healthcare industry!

(Photo by rawpixel.com from Pexels)

CCI Training Center is proud to have completed 40 years in service.