ObamaCare Brings HIPAA Front and Center

With the implementation of the Affordable Care Act upon us, it’s a good time to refresh everyone’s memory about some of the important regulations that affect the intersection of technology and healthcare; particularly given the expanding public sector role in service provision. Mandated compliance with the new HIPAA regulations began on September 23 and any entities not yet up to code can face substantial liability. This includes subcontractors of covered entities. HIPAA, The Health Insurance Portability and Accountability Act, outlines federal protections for sensitive health information. HIPAA affords certain rights to patients regarding control over their health information balanced by privacy rules that allow the disclosure of health information when required for patient care or other enumerated purposes. Here’s what you need to keep in mind.

For Patients

HIPAA outlines several critical patient rights. Patients have a right to safeguard their health information, whether it is stored in print or, more importantly for our purposes, electronically. Patients also have a right to access their medical records. If a patient finds an error or disagrees with an assessment, they can request corrections by filing a written statement of disagreement which will be kept with the record in question (remember the Seinfeld episode where Elaine gets black-listed as “uncooperative”?).

Patients also have a right to know how their health information is used and shared.  Doctors can share information in order to provide you with the best treatment; however, they cannot share information with certain entities, such as your employer, unless expressly authorized to do so. A patient also has a right to get an accounting of disclosures showing with whom private information was shared.

HIPAA gives patients a right to choose how they should be contacted and whether health providers can leave a message. In addition, patients have a right to limit who health care providers can contact about the patient’s care.

Importantly, patients have a right to file a complaint if they think their healthcare provider has violated HIPAA’s policies.

Patients can look for a notice of privacy practices at their doctors office or hospital which will tell them how their rights are protected and how their information will be shared.

For more information visit http://www.hhs.gov/ocr/privacy/index.html

For Health Care Providers (and the tech Industry that serves them)

Under HIPAA, healthcare providers, and their technology service partners must keep patient medical information secure and confidential. Healthcare providers can start by devising a security plan to make sure that patient information is kept confidential. A risk analysis can help healthcare providers establish the safeguards that they need to maintain compliance with the regulations. Healthcare providers can also develop administrative safeguards, office rules and procedures to keep patient data secure.

In addition, physical safeguards should not be overlooked. We wrote previously about some of the simple ways in which you can protect physical access to sensitive electronic equipment or data and that advice applies well here. This month we’re talking separately about software security and password policies and anyone interested is advised to read that article for more information.

Get a Risk Analysis

If your company handles sensitive patient healthcare information, we recommend that you have a security and risk analysis performed in order to obtain detailed information on your compliance with HIPAA regulations. The rules are too complex to be fully described in an article such as this and the various ways in which technology service providers interact with patient records further complicates the situation. A specific review of your company’s actual data practices is the only way to fully protect your business.


Kjeld Lindsted Kjeld Lindsted
Content Architecture, Copywriting, and Editing
Full Bio >

Recent Articles

Did the “PC” Really Die?

Who Needs Net Neutrality Anyway?

Rise of the Visual Web

Microsoft Is Retiring Windows XP This Year

Email Marketing Part V: Back to basics

Mobile Is King: But you knew that already

Website v. Web Presence

Password Strength and Quality: How to build, and use, a password that holds



Coding and Design
e-Commerce, Privacy, and Legal
Hosting and Technology
OC Updates and Announcements
New Projects