Protected Health Information and HIPAA
By Richard J. Mata; MD, MIS, CMP™ [Hon]
One important concept of the Health Insurance Portability and Accountability Act [HIPAA] is the “minimum necessary” rule, which states the minimum use of Protected Health Information [PHI] to identify a person, such as a social security number, home address, or phone number. Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information.
Financial Information Included
This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties. The “minimum necessary” rule is also changing the way software is set up and vendor access is provided.
Human Resources
Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally (within your hospital, Emerging Healthcare Organization, or medical entity) and externally (such as through your business associates). The patient has the right to know who in the lengthy data chain has seen their PHI. This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally. When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.
http://www.findbookprices.com/author/Hope_Hetico
One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient. It is up to the hospital, EHO, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale.
Assessment
Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls. For more information about the Security Standards final rule, reference the Federal Register; or www.HealthcareFinancials.com
Conclusion
And so, your thoughts and comments on this Medical Executive-Post are appreciated. Tell us what you think. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
Get our Widget: Get this widget!
Our Other Print Books and Related Information Sources:
Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759
Physician Financial Planning: http://www.jbpub.com/catalog/0763745790
Medical Risk Management: http://www.jbpub.com/catalog/9780763733421
Healthcare Organizations: www.HealthcareFinancials.com
Health Administration Terms: www.HealthDictionarySeries.com
Physician Advisors: www.CertifiedMedicalPlanner.com
Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Sponsors Welcomed
And, credible sponsors and like-minded advertisers are always welcomed.
Link: http://healthcarefinancials.wordpress.com/2007/11/11/advertise
