Skip to main content

Staying Compliant With HIPPA: The Privacy Rule

Staying Compliant With HIPPA: The Privacy Rule

Health Insurance Portability and Accountability Act (HIPPA) compliance is a major concern for any organization in the healthcare industry. The newest version of HIPPA regulations came into law in 2013. The new regulations increase patients' rights, and widen the scope of liability. They also impose new safeguards for medical practice in the digital world. Make sure you are aware of the latest HIPPA privacy requirements to protect your patients, and your organization.

HIPPA's Privacy Rule

HIPPA's regulations addressing Protected Health Information (PHI) are the heart of the act. The new rules provide updated guidelines for patient information disclosure. For example, only a minimal amount of personal information is disclosable to a third party. This applies regardless if the communication is digital or in-person.

It is important to recognize which information qualifies as PHI. IPPA defines such information as having the following characteristics:

  • Demographic info relating to a patient's past, current or future health.
  • The type of medical care the person is receiving.
  • Data about payments for any past, current or future care.

When any of this information is usable to reasonably identify an individual, it falls under PHI. Clearly identifiable information, such as a name, birth date or patient number is also protected.

When Disclosure is Allowed

The intent behind the privacy rule is to limit the transmission of PHI to covered entities. However, there are some instances where disclosure is allowable. The two major exceptions include when the Privacy Rule specifically allows disclosure, or where the patient gives written consent. Mandated disclosures exist for situations where the patient (or his experienced attorney) requests personal information, or where the data is required for an official, government investigation.

What Happens With Incidental Disclosure?

HIPPA regulations treat incidental disclosures rather fairly. Entities are not required to eliminate all types of erroneous disclosure under the Privacy Rule. Disclosure that occurs incident to an authorized transmission of PHI is protected. Such activity will not be considered a HIPPA violation if it was a minimal amount of data, and safeguards are otherwise used by the agency.

Legally Required Disclosure

There are some instances where information can be released without the consent of the patient. These are known as national priority exceptions. HIPPA law permits disclosures under this exception, but doesn't mandate it. Some of the scenarios that qualify as a national priority include a court order, public health activity, law enforcement request or for a workers' compensation claim. If you are unsure whether your agency has the authority to disclose patient data, consider consulting with an experienced lawyer.

T.R. Spencer Law Office can assist agencies that need to create or modify a regulatory compliance plan. Learn how you can keep your organization HIPPA compliant to avoid unnecessary fines and lawsuits.

HIPAA, incidental disclosure, PHI