You Say Hippo, I say HIPAA

NICC College Comp II

18 Feb. 2004

You may say to yourself “Self, what on Earth is this crazy girl talking about hippos for?” In all seriousness, HIPAA, short for Health Insurance Portability and Accountability Act of 1996 is a new law that protects your healthcare privacy, as well as mine. The formal wording states that it is to “amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term services and coverage, to simplify the administration of health insurance, and for other purposes.”

What does this all mean, you ask. Frankly, HIPAA was a huge piece of legislation that was intended to fix many problems within the health care and health insurance fields. It was also put in place to ensure the portability of health insurance, simplify the administration of health insurance coverage, and standardize electronic transactions between health care providers and insurance companies. This is also the law that requires insurers to cover patients with pre-existing conditions.

HIPAA began with good intent. From the beginning people were coming forward with horror stories of how their privacy had been violated or how employees had been discriminated against because of expensive medical conditions. Patients were having their names sold to marketing and pharmaceutical companies by their physicians without their permission. No one would argue the medical information should be protected and fortunately the Privacy Rule considers the size and type of facility when determining what level of security is needed to provide adequate protection.

When HIPAA was first introduced to the business office employees, including myself, at Medical Associates rumors were flying constantly about the extreme lengths we would have to go to in order to be “HIPAA compliant”. Would we have to soundproof everything? Lock all the drawers to our desk? Would we even be able to say a patient’s name anymore? Fortunately it isn’t as extreme as health care workers feared. You can still call a patient’s name in the waiting room, you don’t need to lock up all your paper work or medical records, you can still send reminder cards to patients in the mail or leave them reminder messages on their answering machines. Although there is room for freedom to practice the way you always have, there are still some precautions. Employees must limit the amount of information to give out just in case it falls into the wrong hands. It’s perfectly okay to leave a message advising Sue Smith she has an appointment tomorrow at Medical Associates. It is not okay to leave a message on Sue Smith’s answering machine reminding her she has a mammogram the following day at Medical Associates; that would be considered protected health information.

Health care professionals can share information between themselves, such as a clinic giving information about a patient to an insurance company to ensure proper payment of claims but they must maintain a good faith effort to only give out necessary information. Civil penalties can be up to $100 per year with a cap of $25,000 per year for multiple offenses. Criminal penalties are much harsher, with a possibility of up to $250,000 and/or 10 years in prison. Now obviously if you make an “incidental disclosure” by saying a patient’s name in the waiting room or if someone overhears you speaking to another patient you will not be thrown in jail. However, if you access someone’s private medical records for a deliberate misuse of the information, such as telling people that someone they know is pregnant, has a mental illness or sexually transmitted disease then you could potentially face civil and criminal charges if someone turns you in.

HIPAA may seem confusing and hard to follow or comply with but it is very easy to access HIPAA compliant information for employees to familiarize themselves with or even provide training courses. Simple things like putting away papers at your workstation or shredding information that is no longer needed and contains patient information will help safeguard you from HIPAA violations.

So, that’s it! Not a big deal