There are already so many misconceptions about the HIPAA Act. This post will explore some of them while sorting the myths from the facts to help improve the quality of health by enhancing care clinicians’ efforts to keep patient information private and secure.
HIPAA is applicable to specific healthcare providers
HIPAA is applicable to all healthcare providers, health plans, and healthcare clearinghouses (PHI) that transmit health data electronically in connection with transactions for which the Department of Health and Human Services has adopted standards.
Email correspondence between doctors and patients is prohibited under HIPAA
HIPAA does not prohibit the electronic transmission of PHI. It allows healthcare providers to use multiple means of communication, including email, although HIPAA-covered entities must apply reasonable safeguards when transmitting PHI related information to ensure the confidentiality and integrity of data.
For HIPAA violations, patients can sue healthcare providers.
Patients cannot sue healthcare providers for HIPAA violations as HIPAA does not create the right for a patient to sue. Although, they can file a complaint which is then investigated by authorities.
Exchange of medical records between doctors is prohibited under HIPAA
Not true! HIPAA allows a doctor to securely exchange medical records with another doctor even without explicit authorization. It allows the doctors to consult patients’ conditions with another physician or discuss a patient’s treatment regimen with a nurse who will be involved in the patient’s care.
HIPAA regulations are applicable to electronic records only.
Both electronic data and paper records are subject to the HIPAA Privacy policy. HIPAA privacy and safety regulations are applied to all kinds of patient records, irrespective of their nature.
Calling out the patient’s name is prohibited under HIPAA
HIPAA permits incidental disclosures that may occur as a byproduct of an otherwise permitted disclosure. Calling out patient names in the waiting room can reveal health information, especially in a highly specialized facility. For example, simply calling your name associated with an oncology unit or a fertility clinic can reveal PHI.
Healthcare providers can share PHI with employers
Healthcare providers cannot share PHI with employers without the patient’s consent. The Privacy Rule controls how a health plan, or a covered health care provider shares your protected health information with an employer.
How to remain HIPAA compliant?
If you haven’t already taken any steps to protect patients’ sensitive data and stay compliant with HIPAA, start now! Check out HIPAA Ready! It’s an app that helps you to stay compliant with all rules and standards of the act by organizing and all the data at one spot.
