Privacy compliance in the healthcare field

Although regulations have been in place for awhile, healthcare providers in Ohio should brush up on compliance laws on a regular basis. This is especially important for those practitioners looking to open their own office, as the penalties for not observing the guidelines can be stiff.

According to the AAPC, healthcare compliance refers to laws and regulations that ensure medical facilities are:

  • Charging appropriately for services rendered
  • Protecting the health and personal information of their patients
  • Regularly auditing their practice’s compliance
  • Providing and following safety procedures in the workplace

HIPAA was formed in 2003, and it laid out standards which were intended to prevent a privacy breach in regard to a patient’s personal information. This information includes their name; phone numbers; physical and email addresses; social security, insurance ID and medical record numbers; birth date and dates related to medical visits.

According to the U.S. Department of Health and Human Services, when this personal information is shared without the patient’s permission, this is considered to be a breach of privacy. If a breach occurs, the facility is required to take a number of steps depending on the specific situation. In all cases, the individual(s) who are affected by the breach must be notified via mail or email within 60 days of the incident discovery. The notice should include a brief description of what information was shared and what the person can do to protect themselves.

If the breach affected more than 500 people, the healthcare facility must inform media outlets in the affected area. The HHS Secretary must also be informed of any breach. When the breach affects fewer than 500 individuals, the report can be submitted annually. However, if the breach affects more than 500 people, the Secretary must be informed within 60 days.