HIPAA Series Part I: Protecting Patient Data

One of the most important considerations when it comes to working with clients is being cognizant of their protected health information (PHI). PHI includes any information that can be used to identify a patient such as name, telephone number, social security number, etc. PHI has been protected since 1996 by the Health Insurance Portability and Accountability Act (HIPAA). While the specific provisions for compliance are constantly updated, the core principles remain the same: it is the responsibility of a covered entity to protect patient information and report any breaches. 

It is important to maintain the integrity of PHI for a number of reasons. Unfortunately, a number of conditions still face considerable stigma, and there is a risk that health status information can be used for discriminatory purposes. Additionally, PHI includes important information including addresses and social security numbers. It’s important for these to remain private to mitigate the risk of identity threat and fraud. Most importantly, however, is that patients trust their healthcare providers with important personal information. It’s critical to maintain the trust of the patient-provider relationship by upholding patients’ right to privacy. There is not only a legal, but an ethical responsibility to the patients.

Maintaining the integrity of PHI is also important for your practice. Each year, HIPAA violations and data breaches incur billions of dollars in fines across the country.

To meet your patients’ expectations regarding their PHI, and to avoid fines, there are a number of tricks and tools that can be implemented by your practice. One of the best strategies to prevent a breach of PHI is to apply make sure that your employees/associates only have access to the minimum amount of PHI that is necessary to accomplish their tasks. There are a number of online trainings that can help you make sure that your practice is in compliance. Additionally, it is important to consider: 

Business Associate Agreements

Any of your business associates are held to the same standards as you are in protecting PHI. In order to remain compliant with HIPAA, you must keep a Business Associate Agreement (BAA) on record for all businesses that you work with.

Encryption Encryption Encryption

Encryption of data is your best friend when it comes to protecting PHI. All digital platforms that you use should be HIPAA-compliant. 

Most email services are not encrypted, and therefore not fit for correspondence including PHI. At Healthy Bytes, we use Virtru to encrypt all of the many sensitive emails we send each day. This platform is low-cost, easy to use, and easily-integrated with many common email platforms, including Gmail and Outlook. 

If you want to watch your footprint and reduce your paper consumption, a digital filing service is a great option for you.

If you’ve been thinking of incorporating telehealth into your practice, you’ll need to identify a secured platform on which you can conduct your appointments. Unfortunately, popular video chat services such as Skype and FaceTime are not suitable, but there are a number of alternatives that protect PHI.

Remember, as you incorporate these tools into your practice, you will need to file a BAA with each. 

Do you use any tools to help you protect your patients’ PHI? Share your best practices with us in the comments!