Q1. First of all, what is HIPAA?
HIPAA is short for the Health Insurance and Portability Act of 1996, passed by Congress to set standards for providing privacy and protection of patient’s personal health information. Any service that deals with protected health information (PHI) must ensure that there are security measures and protocols in place to prevent a breach.
Q2. Why is everyone up in arms about HIPAA all of a sudden?
Part of the reason is increased audits from Medicare. When they’re doing audits, they’re finding a lot of HIPAA violations, and recovery of funds and fines has made it more affordable to investigate HIPAA violations. The increased returns allow them to hire more agents and consultants to go out and do more audits. Some of it has also to do with cyber security, and with most people’s information getting out there, they’re wanting to prevent leaks by making sure people are using proper techniques and processes for securing the data.
Q3. What is the biggest change in HIPAA that you discovered during this seminar?
I don’t know if there are any changes. It’s just in the enforcement; they look at things under more of a microscope. They’re pushing more on doing a risk analysis, so you should do a risk analysis every year for potential violations or ways to prevent breaches in your agency.
Q4. What is the single most important thing a service should be doing to improve their HIPAA compliance?
Make sure you have a HIPAA compliance policy on file that is current. Make sure your staff is receiving regular training on HIPAA compliance rules and regulations, as well as your compliance plan.
Q5. What if there is an accidental breach of HIPAA? What should we do next?
Inform your HIPAA compliance officer. The HIPAA compliance officer needs to notify anyone whose information was potentially exposed, file with the Secretary of Health & Human Services, develop a plan to make sure the exposure is not repeated and add it to their HIPAA compliance policy. For more information on the exact procedure for breach notification please visit the following link: Breach Notification Rule.
Some take away points:
☑ Don’t leave documents with PHI lying around out in the open
☑ Make sure the doors and file cabinets are locked
☑ If your crews carry cell phones, make sure you have a cell phone policy, especially on taking pictures on the scenes.
☑ Make sure you use encrypted email or fax machines when sending patient information, runs or face sheets to relevant business associates. For example, Omni uses a HIPAA-compliant encrypted FTP server to share any documents containing sensitive information with our clients.
☑ Understand that sitting around a coffee table and talking about your calls all day may be a HIPAA violation because if your partner doesn’t need to know that information you shouldn’t be telling them. While there are some allowances for training purposes, just saying something like “we ran Fred Smith on a shooting” should never happen.