Shred Right is available by phone please call 651-647-3484 to reach our customer support specialist.
Get a Quote
x

Healthcare and HIPAA; the importance of compliance

physician discusses test results with her female patient

Copyright: Alexander Raths /123RF

We’ve touched on the Health Insurance Portability and Accountability Act, or HIPAA, in a past blog as well as throughout our website and social media channels referencing healthcare and privacy practices. If you work in the healthcare industry, you probably know that HIPAA is important, but what is it all about? We’ve put together some key details for you below.

The ethical importance of HIPAA compliance

Why is HIPAA necessary? HIPAA is a major regulation that helps prevent Protected Health Information or PHI from being leaked. Think about your doctor visits. Would you want to have your confidential medical data such as test results, doctor notes, private conversations, mental health or insurance status information out in the open for anyone to see? Of course not! Would you want anyone seeing your family’s information?

HIPAA helps keep covered entities and business associates (the ones that handle your confidential information for billing, etc.) within areas that only those with authorized access should be able to see.

The legal importance of HIPAA compliance
HIPAA isn’t a recommendation, it’s a legal requirement when dealing with PHI. To be compliant with HIPAA, you have to uphold the standards created by its four parts, which are comprised of the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA breach notification policies, HIPAA enforcement rule.

  • The HIPAA Privacy Rule was created for owners of PHI data to be able to better control who has access to their information and prevents unauthorized disclosure of this data. The Privacy also acknowledges that required parties—including the individual owner of their PHI data—should be able to access the data as needed. Complying with the HIPAA Privacy Rule also implies that you’re compliant with the HIPAA Security Rule.
  • The HIPAA Security Rule refers to the methods that a business associate or covered entity uses to protect patients’ information. The Security Rule dictates that all communications surrounding PHI data be securely handled and/or encrypted where possible. The U.S. Department of Health & Human Services (HHS) says that this policy was created to, “Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.
  • HIPAA breach notification policies differ slightly when breaches affect either more or less than 500 individuals. Both types of breach notification policies require that breaches be reported to the HHS Secretary. However, the necessary reporting is timelier in the case of 500 or more individuals being affected. A case of 500+ must be reported within 60 days of the breach happening, whereas 500 or less must be reported within 60 days after the calendar year of when the breach happened.
  • The HIPAA Enforcement Rule states the details of HIPAA violation investigations and what happens when a business associate/covered entity causes a breach to happen or could have taken measures to prevent a breach, but did not. The Enforcement Rule details how much money is owed if the breach results in a civil money liability.

Are HIPAA breaches rare?

After all, there is a lot of policy that has gone into safeguarding PHI data. Unfortunately, HIPAA breaches happen fairly often. The HHS reported that between April 14, 2003 and April 2018, 180,192 privacy rule complaints were received, resulting in 37,332 investigations. In fact, several breaches have happened this year already, including one in the state of Minnesota.

Tips for remaining compliant

With all the information and paperwork surrounding HIPAA and upholding its compliance, there’s a lot to remember. Here are some good tips to keep in mind about trying to stay compliant.

You can…

  • Develop privacy policies for communications (this includes your website, emails, login portals, devices and more). Encrypt where you can and provide yourself and your patients with peace-of-mind.
  • Develop a plan of action for potential breaches. A HIPAA breach is bad enough, but an improperly handled and/or communicated one? Even worse. It’s a great idea to have a plan in place to know what steps you will take, should a breach occur.
  • Train your employees to know how to handle HIPAA data.
  • Clear out excess clutter. PHI data that’s poorly stored, handled or simply thrown away in the trash is a HIPAA violation waiting to happen. Shred Right can also help you securely shred unneeded documents and old hard drives containing information to remain compliant.

Ready to leave your HIPAA hassles behind you? Shred Right can help you stay compliant. Contact us so we can personalize our services to your information destruction needs.

Join Our Mailing List

  • This field is for validation purposes and should be left unchanged.

What are people saying about us?

Customer testimonials

Shred Right provides great, reliable service we feel very good about. Highly recommended!
Ridgewater College
Shred Right has always been prompt and willing to work around any time frame that we have in mind. They are a very friendly company that resolves all of our data-destruction needs.
National Communication Services, Inc.
Shred Right has good service, is flexible and prompt. We like that service is on call and as we need for pick up.
Integrity Wealth/Raymond James
Friendly, reliable staff, who are always on time. Trucks that are built for safe handling of sensitive information. We are very happy with the safety and confidentiality. It's always a good day when Shred Right comes!
First National Bank Northfield
Shred Right has been our company of choice for a number of years. As a bank, we have a large amount of data that needs to be taken care of properly and the folks at Shred Right take care of that.
FNB Osakis
I would highly recommend Shred Right to anyone looking for safe and secure document destruction. They provide a very professional and timely service.
State of Minnesota