How Well Do You Know HIPAA (what keeps kids’ health data safe)?

doctors visit is protectedThe Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 in order to allow for transfer of one’s health insurance from one job to another, and, among other regulations, to protect all patients of physicians from having their personal information abused. When you take your child to his Doctor, he is allowed to collect certain private and sometimes intimate details of your health related history. With the institution of this law, this information must be handled in a way that will not disclose such information to anyone you do not wish to receive it. With each initial visit to a physician, you will be asked to sign a receipt that you in fact have been given a copy of the office’s HIPAA policy, whether or not you have read it. The law has been tweaked many times and will be re- tweaked this year again to more broadly include the use of Electronic Medical Records with all of its security hazards.

All of your (and your childrens’) very personal health data can only be used for the medical treatment of your child, and can be given to whoever you allow (in writing) to see that information and to nobody else except in the case of legal requirements. You can feel safe knowing that your personal life will remain personal and secure. The mandates in this law are very strict and the punishment for breach of these mandates by your health care provider can be quite harsh, from monetary fine to imprisonment. The law itself, by the very nature of legislation is long, intricate and boring to read but compliance of a medical practice with this law is an absolute. If any patient feels as though his or her rights have been violated, there is legal recourse one can take.

In order to remain in compliance with this law, here are some suggestions that health care professionals should monitor: a practitioner should occasionally walk around his office as if he were a patient and look at the various areas where he would be uncomfortable. Areas such as the front desk sign in area where it might be possible for a close by patient to view the information you are placing in the sign in log. The patient should only be asked what time his appointment is and his/her name; anything else could be construed as being personal information, and available to anyone within range. Also information on computer screens should never be visible to other patients as they walk by. There are many more areas of possible breach that a physician must be aware of and attempt to fix.

There is much more information about this topic and if there are any further questions let us know and I will deal with them in the future.

About the Author

Dr. Joseph Skoloff received his undergraduate degree from the University of Pennsylvania and his medical degree from The Jefferson Medical College in Philadelphia. He is a past Vice Chairman of the Department of Pediatrics, a past Chairman of the Infection Control Committee at the Loudoun Hospital Center and a Fellow of the American Academy of Pediatrics. In his 41 years as a practicing pediatrician he has kept hundreds of kids and families healthy and safe and plans to continue to do so for years to come. Dr. Joe believes strongly in the combined power of parent and physician working together for the health of their children. He is an advocate for children everywhere and and adheres strongly to the principles of the American Academy of Pediatrics. Dr Joe is a member of the PedSafe Expert team


9 Responses to “How Well Do You Know HIPAA (what keeps kids’ health data safe)?”

  1. Given my extensive health issues and the fact that my husband writes insurance billing code software I’ve become quite familiar with HIPPA. I think it’s important for everyone to know!

  2. I think it’s great for a physician (and really all office staff) to take these privacy issues seriously, but unfortunately not all doctor’s institute procedures to be sure HIPAA rules are not violated. I hope more doctor’s office read your post and make changes if necessary.

  3. What’s really missing when it comes to healthcare and HIPAA compliance is security awareness training and there’s really no excuse for this. There are actually hundreds of free and cost-effective solutions online, but time and time again, I see Covered Entities and Business Associates failing to implement basic training. As a HIPAA security specialist, it’s somewhat upsetting to see this because something that’s so vital to an organization and that is so easy and cost-effective to obtain is many times never done. C’mon folks, train your employees about ensuring the safety and security of PHI (protected health information), it’s not that difficult. Think about it, healthcare companies spend massive amounts of money on new hardware and software products for security, but the true front line for defense for protecting PHI is well-trained and educated employees, something that’s so easy to do!

    • Stefanie Zucker Stefanie Zucker says:

      Hi Heather,
      What a great comment! It reminds me of what’s going on with internet safety / privacy and kids. There is a ton of software available for parents to monitor their kids internet use to keep them safe (from exposure to potentially harmful content, predators, bullying, etc.) but in the end, the best protection is parents teaching their kids and then observing and guiding their behavior. Thanks for stopping by and sharing your thoughts with us! 🙂 -Stefanie

  4. Jus to add to Heather’s post about security awareness training, as a security expert who has spend years in the healthcare and compliance arena, it all comes down to awareness – understanding one’s roles, responsibilities, and actions they should take if they see something that’s not right. As for HIPAA, it can be a real difficult challenge for some companies, but I would just add that if you want to see a decrease in data breaches of Protected Health Information (PHI), then both Covered Entities and Business Associates should do three (3) primary things. 1. Put in place all necessary HIPAA policies and procedures. (2). Strictly enforce annual security awareness training for all employees and workforce members and (3). Build a network that has comprehensive elements of layered security and defense-in-depth within it. Call the 3 point triangle for HIPAA success, which is relatively straightforward, yet many CE’s and BA’s simply fail to grasp the importance of such initiatives. Remember that HHS | OCR has announced even more annual HIPAA compliance audits, so be ready.

    • Stefanie Zucker Stefanie Zucker says:

      I think the more we are made aware, the better precautions we can all take (and that means both on an individual as well as professional level). Thanks Jack for the input!

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!