A few weeks ago I was at the doctor’s office receiving my 20 week ultrasound. This was not my first ultrasound, but it was the first ultrasound with my new provider. I went into the ultrasound room with my mom, both of us ready to capture the images and video on our phones as we had with my previous provider. My excitement turned to confusion when we were told it would be HIPAA violation for me to video or photograph my ultrasound.
As a patient, the Health Insurance Portability and Accountability Act (HIPAA) is designed to protect my personal health information. Therefore, the employees at the provider’s office cannot video or photograph my ultrasound. But, as a patient, the images showing on the TV during the ultrasound are of me- meaning I have the right to photograph them, video the ultrasound live and do whatever I please with the footage. It is more likely the provider office does not want video or photo done in the ultrasound room because it is a distraction to ultrasound tech, but the policy should not be incorrectly referring to HIPAA as the reason for this rule.
It is apparent that many healthcare professionals have been given incorrect information about or misinterpret HIPAA rule and regulations. Today, I want to explore the basics of HIPAA rules and regulations in an effort to provide clarification.
What is the reason for HIPAA?
HIPAA became law in 1996. At that time, no one could have predicted the ease of using a cell phone to share information. Regardless, the purpose of HIPAA is more relevant today than ever.
“The purpose of HIPAA is to improve the efficiency and effectiveness of the healthcare system by standardizing and protecting the communication of health information, with particular regard to: privacy, security and electronic data interchange.”
Who does HIPAA rules and regulations apply to?
HIPAA applies to certain Covered Entities, which include certain health care providers, health plans and health care clearinghouses. HIPAA also applies to business associates, such as CaptureProof, that are independent contractors or agents of a covered entity, such as a doctor or hospital, that receives or obtains protected health information on behalf of the covered entity.
What information is safeguarded under HIPAA rules and regulations?
Protected Health Information (PHI) is the personal health information protected by HIPAA. PHI is information regarding an individual's health that also contains information that can be used to identify who the individual is.
It may include:
- First and Last Names
- Telephone/Facsimile Numbers
- Medical/Health Plan Numbers
- Dates (e.g. DOB, dates of treatment)
- E-mail Addresses
- Social Security Numbers
- Addresses and other Geographic information
- Medical Conditions
- Doctor’s notes
The bottom line is that HIPAA rules and regulations are in place to protect patient information from being used or shared by covered entities and business associates in a manner that is not appropriate (not to prevent patients from documenting their own health, as suggested when I went in for my sonogram). HIPAA also provides patients the right to know, and control, how their health information is shared and used. Patients can learn more about their rights under HIPAA on the U.S. Department of Health and Human Services website.
Medical professionals must be aware of HIPAA rules and regulations at all times as violations of HIPAA can result in very large fines. For more information on HIPAA rules and regulations visit https://www.hhs.gov/hipaa.
Download our HIPAA Security White Paper! http://captureproof.com/assets/pdf/CaptureProof_Security_White_Paper.pdf.