Sorry, you have Javascript Disabled! To see this page as it is meant to appear, please enable your Javascript! See instructions here

8 Important Tips You Should Know About HIPAA

MARLENE MAHEU, PhD

June 28, 2017 | Reading Time: 2 Minutes

 374

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

The federal government passed a law known as the Health Insurance Portability and Accountability Act in 1996. Commonly referred to as HIPAA, the measure was written to serve two main functions. The law’s primary purpose–portability–is to protect workers and their families from losing health insurance coverage when changing jobs or suffering a layoff. HIPAA’s secondary purpose–accountability– protects the privacy and security of individual health information. In 2016 HIPAA turned twenty. Here’s what you should know.

1. PHI wears many hats

HIPAA has been amended every few years since it was signed into law. An update implemented in 2003, known as the Privacy Rule, defined private health information (PHI) as any health-related information that can be used to identify a particular individual.

2. Organizations are slow on the uptake

In 2005 the Security Rule was added to HIPAA creating administrative, physical, and technical guidelines to standardize the handling of electronic PHI. Unfortunately a 2016 HIPAA compliance survey, found that only 70 percent of healthcare organizations planned to become compliant.

3. HHS has power to enforce these laws

The Department of Health and Human Services (HSS) was granted power in 2006 to monitor organizations under the Enforcement Rule. HSS has the power to investigate complaints related to the Privacy and Security Rules. It also allows HSS to fine organizations which fail to comply with HIPAA regulations.

4. BAAs must comply with HIPAA too

All health-related businesses must follow HIPAA guidelines. The HITECH rule requires healthcare organizations to notify their Business Associate Agreements (BAAs) that they are legally bound to comply with HIPAA. The 2016 survey indicated that only 60 percent of healthcare organizations were aware of these expectations.

5. You may be subject to a compliance audit

HHS has conducted compliance audits for just over five years. Your company may be subject to an audit as a method to increase HIPAA compliance and expectation awareness. Last year only 40 percent of healthcare organizations were informed that an audit may take place.

6. It’s legal to store encrypted health info indefinitely

The omnibus rule of 2013 allows companies to store PHI forever, but the information must be encrypted. Last year’s survey showed only 69 percent of healthcare organizations were aware of this HIPAA update three years later.

7. HIPAA compliance declines in some areas

The survey also showed a decrease in the number of organizations providing HIPAA compliance training since, and a decrease in the number of security and privacy officers employed since 2014.

8. Many providers are moving to electronic communication

More healthcare providers are using mobile apps, email, social media, and text messages to communicate with patients. As more organizations move to electronic communication, it is important to regulate the security of these processes. Over the last two years, more organizations claim they are confident that when communicating sensitive information electronically they are following HIPAA regulations. As we settle into the technology era maybe more than 25 percent of organizations (on average) will claim their process is HIPAA approved.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Advanced Telehealth Regulations & Ethical Issues: Best Practices & Informed Consent

Essentials of practice guidelines published by the leading professional associations, explained with a focus on what-to-do rather than theory that leaves you empty-handed.

Telehealth Law & Ethical Course Bundle

This Telehealth Legal & Ethical Course Bundle provides the most important risk management and telehealth compliance training available anywhere to help meed telehealth, regardless of the size of your telehealth services.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.