“Please sign here for acknowledgement of your HIPAA privacy rights before we head to the exam room.” For any patient seeing a physician for the first time, this statement and its various iterations, will inevitably be uttered prior to examination. Have you ever wondered what that actually is, or thought about reading the voluminous stacks of paper that detail your rights? If so, let us break it down!
Image Source: Tim Robberts
The Health Insurance Portability and Accountability Act, more colloquially known by its acronym as HIPAA, was a multifaceted piece of healthcare regulation signed by President Bill Clinton in 1996. The first of its two main parts, Title I of HIPAA, protects health insurance coverage for workers and their families when they change or lose their jobs. The better known component, Title II of HIPAA, requires the establishment of national standards for electronic medical records, including the regulation of protected health information (PHI). As seen in a previous article, the Affordable Care Act has mandated the transition to electronic medical records, making HIPAA even more prominent in today’s healthcare settings.
Honing in on Title II, the Privacy Rule details the responsibilities that “covered entities” (generally, healthcare clearinghouses, employer sponsored health plans, health insurers, and medical service providers with associated staff) have in regards to PHI. These responsibilities include – but are not limited to – safeguarding patient information, disclosing the minimal amount necessary for effective care, and correcting any breaches in PHI disclosure. The Privacy Rule also requires the appointment of a Privacy Official/contact person responsible for receiving complaints, as well as the training of all members of their workforce in procedures regarding PHI.
This is all fine on paper, but what does that actually look like in the office? For the most part, it is largely making sure that patient information is kept in a secure fashion. All printed PHI is shredded after use and the utmost care is placed to make sure that no other patients/unaffiliated peoples see any PHI without the patient’s approval. Patients are asked what their preferred contact method is and if messages can be left on voicemail. Another form details who PHI can be released to as well as if information can be obtained from other offices. Demographics are double-checked to ensure that all contact information is up to date. All of this happens in the first five minutes you are in the office and while you may dislike filling out the 10,000 forms, they all serve to keep you and your personal information safe.
Feature Image Source: Justin Chin