The Healthcare Information Portability and Accountability Act of 1996 (HIPAA) is the federal law that created standards to protect the privacy and security of sensitive patient health information. A patient’s healthcare information is protected by the standards established by the Act for the collection, storage, and transmission of medical records.
Release of Information (Medical Records) and HIPAA
Release of all medical information is governed by HIPAA, and all medical providers require HIPAA compliant written authorizations for the release of information.. Although many law firms may not be directly subject to the Act, most states have enacted privacy laws that require law firms to protect sensitive information, including healthcare information. Therefore, it is best practice for law firms to, at a minimum, comply with the requirements and guidelines established by HIPAA.
Key tenets of HIPAA and how it applies to Release of Information
Let’s look at the key tenets and a few steps which your firm can follow to comply with the requirements established by HIPAA.
- Developing and Documenting policies– Privacy and security policies and procedures should be developed by law firms that deal with protected health information (PHI) or electronic protected health information (ePHI).
- Implementation of privacy and security policies– As per the Act’s privacy and security rule, there should be policies and procedures implemented to protect PHI and EPHI.
- Deploy a privacy and security officer– Privacy and security officer who is conversant with all rules and regulations, and any applicable state regulations should be appointed to ensure that the law firm’s rules and regulations about HIPAA are not violated.
- HIPAA Training –All employees who have the right to access and use the PHI or EPHI should be trained in ensuring HIPAA compliance. Retraining should be done at regular intervals to stay in phase with changes to the law firm’s policies and procedures.
- Audit controls– Regular audits should take place to ensure that the law firm’s employees are following the HIPAA guidelines while working with PHI or EPHI.
- Valid Business Agreements– All a law firm’s vendors and business associates should act in accordance with HIPAA rules and regulations. The assurance to safeguard the PHI or EPHI should be in writing.
- Breach notification policies– The policies governing a breach and steps taken during the breach of any unsecured protected health information should be very specific and set forth in writing. The business associates should provide timely notification to the law firm if any breach occurs.
AcroDocz is fully HIPAA compliant. We ensure that the medical records and information collected remains safe and confidential by using established, standardized policies and procedures.