As a healthcare practitioner, it's your duty to comply with the Health Insurance Portability and Accountability Act (HIPAA). Passed by Congress in 1996, it is intended to enhance the privacy of patients by setting rules and requirements for covered entities. One such requirement is compliance with the Privacy Rule, which we're going to discuss further in today's blog post.
It Regulates the Use and Disclosure of Protected Health Information
The HIPAA Privacy Rule essentially regulates both the use and disclosure of Protected Health Information (PHI). PHI may include Social Security numbers, medical records, health insurance member numbers, and other personally identifiable information pertaining to healthcare. Doctors and other covered entities are not allowed to share PHI without the respective patient's consent, as per the Privacy Rule.
It Affects About Paper and Digital PHI
Unlike the Security Rule, which only affects Electronic Protected Health Information (EPHI), the Privacy Rule affects all forms of PHI, both paper and digital. So, don't assume that an old manila folder containing patient records doesn't count, because this isn't the case. The Privacy Rule was written specifically in a manner that covers all forms of PHI.
Disclosure Within 30 Days
It's a little-known fact that healthcare patients have the right to view their PHI upon request. Furthermore, the respective covered entities must grant this request by disclosing the patient's PHI within 30 days. Failure to do so could be viewed as a violation of the HIPAA Privacy Rule, with the covered entity possibly incurring fines or other penalties handed down by the Office for Civil Rights (OCR).
Other Reasons for Disclosure
Of course, there are other instances in which a covered entities must disclose PHI. If a doctor believes a patient to be the victim of child abuse, for instance, he or she is required to report the incident, even if it contains PHI. Law enforcement agencies may also request PHI from a covered entity, in which case it must disclose the requested information.
If a patient believes that his or her PHI is incorrect, the Privacy Law grants them the legal right to request a correction. Granted, it's rare for patients to request a copy of their PHI, and it's even more rare for them to identify an error. Nonetheless, the HIPAA Privacy Rule gives patients the right to both request PHI and request corrections when false information is present.