HIPAA is a complex federal law drafted in 1996. It establishes rules to improve access to insurance coverage, standadize electronic billing and cement patient privacy rights.

PHI

The HIPAA privacy rule is based on the concept of Protected Health Information, or any part of the medical history or payment record. In short, PHI includes any facts that can be linked to a specific patient. It can be:

n Written (on a doctor's order, for example)
n Electronic (in a computer record)
n Oral (spoken, during a conversation)

When can we use PHI?

PHI is shared on a Need to Know basis, generally for coordination of care or payment. Caregivers have access to the medical chart and may communicate the information as necessary to provide for the health and safety of the patient. In other contexts, we try to the limit the data shared to the minimum amount necessary to get the job done. In billing, for example, we include procedural and diagnosis codes, but no unnecessary details.

Other than for coordination of care or payment, patient consent is generally necessary for the use or release of PHI.

Need to know

Need to Know is the best rule of thumb for employees, physicians, contractors and anyone working for Shore Health Services. That means seek out or disclose PHI only if you need it to do your job.

Infractions

Violating HIPAA may be grounds for dismissal.

Rules of thumb

Don't look at a patient's chart unless you're involved in their care

Don't disclose medical information unless it's necessary

Take reasonable steps so that visitors, the public or other patients don't overhear

Links
HIPAA