HIPAA privacy policies exist to protect patients’ personal health information. The responsibility of complying with HIPAA regulations falls with healthcare providers, insurance companies, and any other organization that collects and stores health records.
Sometimes, companies – especially small companies – wonder if HIPAA privacy policies apply to them. At Gilmore Services, we’re well-versed in HIPAA rules. Here’s what you need to know.
What Are HIPAA Privacy Rules?
The HIPAA Privacy Rule was enacted to establish national standards that protect the medical records and personal health information of individuals. Those records relate to the privacy, storage, and disclosure of health information to third parties.
Organizations that fall under the HIPAA Privacy Rule must take careful steps to properly store and destroy individuals’ medical records. They must also adhere to rules about how and when to use or disclose the information they store. The Rule gives patients certain rights that relate to their health information, including:
- The right to examine their health records
- The right to obtain copies of their health records
- The right to request corrections to their health records
In most cases, it requires patient authorization before health records may be used or disclosed by an organization.
Who Must Adhere to HIPAA Privacy Rules?
The HIPAA Privacy Rule applies to companies that store individual medical records and other personal health information. These include:
- Medical providers, including doctors, hospitals, pharmacies, and nursing homes
- Health plans
- Insurance companies
- Healthcare clearinghouses
- Third parties who perform certain functions involving health information, including claims processing or administration.
It may also apply to any other company that maintains individual health records, including medical equipment companies.
Do HIPAA Privacy Rules Apply to Your Organization?
Here are some questions to ask yourself to determine whether HIPAA privacy policies apply to your organization.
- Does your organization provide healthcare or a related service, such as claims processing or administration?
- Do you furnish, bill, or receive payment for any healthcare services in the course of business?
- Do you transmit any covered transactions electronically?
- Does your organization process health information from one format to another?
- Do you perform any healthcare-related function for another entity, such as a healthcare provider, hospital, or pharmacy?
- Does your organization provide or pay for medical care in any capacity?
Answering yes to any of these questions means that your organization is responsible for adhering to HIPAA privacy policies. If you’re still not sure, you can use the Department of Health and Human Services’ evaluation tool to determine if HIPAA regulations apply to your company.
What to do if HIPAA Privacy Policies Apply to You
If you determine that HIPAA privacy policies apply to your organization, it’s important to make HIPAA compliance a priority. Here are some pointers:
- Create a secure system for storing and transmitting HIPAA-protected data electronically
- Encrypt all stored data
- Limit employee access to protected records, so that only employees who need access have it
- Protect all records with two-factor authentication that includes a secure password and a biometric check such as a fingerprint
The best way to ensure that you are maintaining and destroying documents in accordance with HIPAA privacy rules is to partner with a document management company with extensive HIPAA experience. At Gilmore Services, we work closely with our healthcare clients to properly store, transport, and destroy protected health records.
HIPAA privacy policies exist to protect the personal health information and privacy of individuals in the United States. If your organization stores such records, it is your responsibility to adhere to HIPAA rules.
Do you need assistance with HIPAA compliance? Click here to learn how Gilmore Services can help!