The Importance of HIPAA

As you start taking classes in your medical assistant training program, you’ll want to pay especially close attention when your instructors bring up Health Insurance Portability and Accountability Act (HIPAA). Knowing the ins and outs of HIPAA regulations can make all the difference between a stable medical career and an unexpected termination. Although your courses will cover HIPAA in detail, it still pays to know what it is, and why it can have such a major impact on your career. Here are the basics.

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 consists of two main sections: Title I, which requires group health plans to provide certain types of coverage; and Title II, which sets guidelines for privacy and security of individual patients’ health care information. When people talk about HIPAA regulations in the context of medical assistant work, they usually mean  the regulations in Title II.

Four of Title II’s rules are of particular concern for medical assistants and other staff members involved in medical record-keeping:

  • The Privacy Rule
    This rule requires anyone who keeps medical records to create “appropriate safeguards” to prevent unauthorized viewers from accessing patients’ Protected Health Information (PHI). The only cases where it’s permissible to disclose PHI are those directly involved in treatment, payment or medical operations – or to help law enforcement authorities with an investigation. Even in those cases, only the minimum information necessary can be shared. For any other release of PHI, the patient must give his or her express consent.

  • The Security Rule
    Many medical documents are now stored electronically, so this rule was created specifically to address concerns associated with Electronic Protected Health Information (EPHI). The Security Rule requires appropriate safeguards for EPHI, including specific instructions for handling this information, restrictions on which staff members have access to it, plans for dealing with an emergency security breach, and technical safeguards for protecting patient data.

  • The Breach Notification Rule
    Anytime there’s a breach of security in private patient records, this rule requires the entity keeping those breached records to notify the patients in question.

  • The Enforcement Rule
    Despite the regulations imposed by the other rules, breaches sometimes do happen, and record-keeping entities don’t always address them in a timely way – so this rule imposes fines and other penalties on entities that don’t comply with the rules. These penalties can result not only if PHI is accessed by an unauthorized party, but also if an investigator discovers that PHI isn’t sufficiently protected, if an entity releases more than the minimum information necessary, or even if a patient is unable to access his or her information on request.

Why is HIPAA important to your medical assistant career?

Clinics and other medical services are under a lot of pressure to keep patients’ information secure – which means medical employers are especially eager to hire new employees who’ve got a solid grasp of the HIPAA rules, and the proper techniques for following them. If you take time to memorize and understand the basics of HIPAA’s rules and how they operate, you’ll have a knowledge base that’ll make you much more desirable than many of your competitors.

On the other hand, breaching a HIPAA rule can seriously endanger your medical career, or perhaps even end it permanently. Many breaches aren’t intentional, and result from inexperienced employees misplacing a file, forgetting so secure information when they’re done with it, or sharing it with someone who claims to be authorized but actually isn’t. Breaches like these can mean tens of thousands of dollars in fines for medical providers, not to mention lawsuits from the affected patients. And as a medical assistant, you’re responsible for making sure that doesn’t happen while you’re on the job.

How can you stay in line with HIPAA’s rules while on the job?

The good news is that you can prevent the vast majority of HIPAA breaches just by sticking to a few simple rules while you’re working:

  • Avoid sharing more patient information than absolutely necessary, even in ordinary conversations. Whenever possible, only refer to patients using their first names, and never discuss their cases with people outside of work.

  • Carry patient charts and other hardcopy records in ways that conceal personal info, and never carry patient information out of the office unless one of your higher-ups specifically instructs you to.

  • If you’re not actively dealing with a certain patient’s case, don’t look at that patient’s  information, even if it happens to be on someone else’s screen or desk.

  • Keep charts in their proper places, and destroy any additional notes that aren’t necessary. And when you’re disposing of patient records, check to make sure you’re following HIPAA’s disposal guidelines.

Combine these rules with your own common sense, and you’ll avoid the vast majority of HIPAA-related problems. In general, just think of how you’d want your own private information to be treated, and treat patients’ information with the same amount of care.