HIPAA: Protecting Personal Health Information

HIPAA: Protecting Personal Health Information

In 1996, Congress passed the Health Insurance Portability and Accountability Act, better known as HIPAA. This far-reaching act created national standards for the protection of personal health information, through what is known as the Privacy Rule. Virtually every entity that is involved with health care is affected by HIPAA. There are severe civil penalties for non-compliance with HIPAA regulations or for knowingly violating patient privacy.

Secret Identities

The underlying purpose of the Privacy Rule is to ensure the confidentiality of patients’ medical information. A key to this is to remove all patient identifiable information from the outside of the chart. This includes not only the patient’s name and address, but any other information that could be used to determine their identity, including social security numbers, birth dates or phone numbers. Color-coded numeric indexing is a good solution. Charts are identified by a patient number only.

Information that reveals a health condition or payment status should also be removed from the outside of the chart.

Fileroom Security

The filing areas where medical records are stored and used must also be HIPAA compliant. Steps must be taken to ensure that charts are only accessible to authorized health care providers and staff. This can be easily accomplished through:

  • Lockable File Cabinets
  • A locked file room
  • Compacting mobile filing equipment
  • Lockable rotary file cabinets
  • Shelf filing equipment with locking, retractable doors
  • Lockable rolling file carts

HIPAA regulations have forced many small clinics to revise their filing systems in order to be compliant. For some, it’s as simple as re-labeling charts to eliminate patient identifiable information. For others, it means redesigning the entire filing system.