Privacy laws changed profoundly with the Health Insurance Portability and Accountability Act (HIPAA), which has had a major impact on the healthcare industry and IT in CT. Not only does a healthcare firm have to commit to protecting patient data--- it has to be very careful in how it uses social media.
Here are important points for businesses to remember about HIPAA compliance:
Protected Health Information
At the core of HIPAA is protected health information (PHI), which can be medical records, health insurance plans and other private information about a patient. The goal of the law is to give patients more control over who can access their medical information. PHI includes the following information:
- Name, address, and birth date
- Demographic data of the patient
- Social security number
- Current and past health conditions
- Past, present, and future payments for healthcare services
Health organizations are required to disclose protected information only under two circumstances. The information must be presented to patients or their representatives when they request it and to HHS in the event of a compliance investigation or review. There are other exceptions, such as PHI may be disclosed to appropriate government authorities in cases of abuse or domestic violence.
HIPAA Violations
Every healthcare organization must guard against unauthorized use of PHI, including sharing pictures online that include patient information in the background. The organization must avoid sharing any form of PHI unless they have written consent from the patient. Furthermore, doctors cannot post gossip about a patient even if they don't mention their name. IT firms in CT that serve medical clients should be conscious of HIPAA rules.
Employees in the medical industry need to go through HIPAA training when they are hired. The consequences of violating HIPAA rules can be as much as fines of $1.5 million and a 10-year jail sentence. This penalty may further damage a medical career, as the medical professional is at risk of losing their medical license and possibly employment.
When communicating with a patient on social media, it's best for the doctor not to acknowledge any medical treatment or conditions related to the patient. Doctors should take such conversations offline.
Businesses Affected By HIPAA
- Health insurance providers
- Healthcare providers
- Healthcare clearinghouses
- Business associates
Conclusion
Make sure your IT consultant in CT understands HIPAA rules so that they can help ensure compliance. Failing to follow such regulations can lead to costly fines and lawsuits. Contact us at Kelser Corporation to learn more about how we can help your business with HIPAA compliance and overall IT consulting.
