Wednesday, March 31, 2010

Hipaa Clinic Policies

The Health Insurance Portability and Accountability Act impacts covered entities, such as medical clinics and independent practitioners, that provide health care services to patients. HIPAA was instituted by the U.S. Congress in 1996 out of the rising need to put privacy practices in place that keep health care information confidential.


Privacy Policies


Upon receiving new patients, the clinic must obtain consent from the patient to release any of her medical information to outside entities, such as the patient's spouse, kids or parents. Under HIPAA, medical information may not be released to anyone other than whomever the patient identifies. Other privacy policies include ensuring that medical records are stored in a locked room or cabinet, inaccessible to unauthorized individuals.


Security Policies


Clinics that maintain patient information electronically must adopt security policies for their computers. One such policy is that computers must always remain locked when not in use, and all computers must be password protected. If sending electronic correspondence that contains patient information, secured email settings must be in place to avoid interception by outside hackers.


Enforcement Activities


Breeches of HIPAA policies within the workplace must be rectified by employers. HIPAA violations are serious and are considered federal offenses. The Department of Health and Human Services penalizes clinics that are out of compliance with HIPAA. Depending on the severity of the offence, consequences range from financial penalties to jail time.







Tags: computers must, entities such, health care, medical information, patient information