Skip to main content

Spotlight on the HIPAA Need to Know Rule: Safeguard Phi Access

iStock 657991502

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996, to provide a uniform protection of patient medical records. HIPAA is a United States legislation that provides data privacy and security provisions for safeguarding medical information. As an independent physician, how can you protect yourself against HIPAA violations?

HIPAA protects individually identifiable information, including medical conditions, treatment plans, and personal information such as name, address, Social Security number, and birthdate. This protected health information (PHI) should only be made available to those medical professionals and others who have permission to access it. Covered entities include all health plans, healthcare clearinghouses, and healthcare providers.

When working with paper files, including a patient’s medical records, you must be particularly careful not to expose PHI to others, including other patients. When a paper record is visible to anyone other than the medical professionals who have permission to use it (with few exceptions), that is a HIPAA violation.

Benefits of using an EHR

The benefits of electronic health records (EHR), particularly in regard to HIPAA regulations, are that all patient information is maintained electronically and there is no paper record left exposed. Electronic health records are protected as e-PHI under the HIPAA Security Rule, which protects “all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form.”

Further, the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 promotes “the adoption and meaningful use of health information technology.” In part, the HITECH Act requires healthcare organizations to implement secure electronic systems to protect electronic protected health information (ePHI).

As an independent physician taking advantage of the many benefits of electronic health records, you are better able to protect yourself against HIPAA violations that can often result from mishandled paper records.

HIPAA compliance for independent physicians is a crucial part of your practice management. For additional guidance on HIPAA and other topics, check out our Resource Center.