Protecting Your Patient’s Info Online: FAQs Of What HIPAA Mandates
Asking patients to fill out online patient forms, including patient registration forms and intake forms, may not seem like a big deal. In reality, any form of online health information, even information that may seem insignificant, falls under the guidelines and requirements of the HIPAA Security Rule. As a result, you need to understand what the rule actually says and its implications or consequences for violating it.
What’s the HIPAA Security Rule?
The HIPAA Security Rule is an expansion of pre-existing guidelines and requirements for HIPAA compliance of protected health information (PHI), explains HealthIT.gov. But, how do you share with other providers without violating the Security Rule? The answer lies in security.
Is Sharing of PHI Electronically Acceptable?
Sharing PHI is acceptable and often necessary in providing the best care possible. For example, underwriters may require the submission of dental insurance verification forms electronically. However, you cannot simply rely on unsecured connections or basic email servers to complete this process.
Instead, any information sharing should only take place through a secured electronic environment, adhering to the “5 Pillars of Cybersecurity Excellence.” In addition, you must inform patients about your intent to share their information in most cases. There are a few exceptions, such as disclosure to public health authorities or under court subpoena.
What Can Violating the Security Rule Cost?
If the breach of the Security Rule is unintentional, the fines can range from $100 to $50,000 in summation. However, cases involving willful neglect or breaches not corrected within an acceptable time frame can result in a max fine of $50,000 per violation. Some health care organizations have even been assessed millions of dollars, so taking preventative action by securing all PHI transmissions is critical.
There may be penalties assessed against health care organizations, including dental practices, who participate in Medicare or Medicaid and fail to enact security standards for the use of electronic health records (EHRs). Yet, the whole cost of working with a known provider of PHI sharing in a secured setting could cost significantly less to set up and maintain than a single violation. Ultimately, you have to determine if your dental or medical office could survive a $1,000,000+ fine due to your failure to maintain all PHI within acceptable standards of the Security Rule.
Like dental work, an ounce of prevention is worth a pound of damage control in maintaining the security of your patients’ information online.
Posted: October 3, 2016
Source: Enclothed Cognition
Reprinted with permission.
[Image: Pixabay / TBIT]