BBG’s HIPAA Corner by Sarah Clyburn:
One of the key components of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is the Privacy Rule. The HIPAA Privacy Rule provides federal protection for an individual’s health information, and other personal information, while still allowing for the disclosure of Personal Health Information (PHI) for patient care and other important purposes.
As an employer you need to do your due diligence to ensure your company is not in violation of HIPAA regulations, the most common of which violations are related to the Privacy Rule. If you are found in violation of HIPAA regulations, either unknowingly or willfully, you could face hefty fines and possible jail time. Below are some Personal Health Information or PHI identifiers that you should be aware of:
- Any geographical subdivisions smaller than a state; this includes street address city and zip code
- Any dates that are related to a person; date of birth, admission to hospital, discharge from hospital, date of death, marriage
- Phone number
- Social Security Number
- Medical Record Number
- Health Plan Beneficiary Number
- Account/Group Number
- Certificate/License Number
- Vehicle ID Number or License Plate Number
- Device Identifiers and Serial Numbers
- Web Universal Resource Locators (URL’s)
- Internet Protocol (IP) address numbers
- Biometric identifiers, finger prints and voice prints
- Full face photographic images and any comparable images and
- Any other unique identifying numbers, characteristic, or code (not this does not mean the unique code assigned by investigator to code the data)
One of the easiest ways to protect PHI is to send information through an encrypted e-mail system. This will help ensure that your employee’s information is secure and that if anyone was to attempt to access the data through illicit means, your employee would be protected.
BBG uses a secure e-mail system to transmit PHI electronically to our clients; a system that we have found to be simple to install and use company wide. Please be aware that some e-mail systems have filters that will deliver the secure messages to Spam or Junk folders. However, once the recipient adds the domain to their safe sender’s list there should be no further delay (unless the user forgets their password). If you have question’s about BBG’s secure email system, or wish to learn more for your own use, please contact us at Support@bbgbroker.com.
Click here for a summary of key elements of the Privacy Rule including who is covered, what information is protected, and how protected health information can be used and disclosed. Because it is an overview of the Privacy Rule, it does not address every detail of each provision.
For additional information about PHI check out this great resource from the U.S. Department of Veterans Affairs: