Overview of HIPAA Compliance

What is HIPAA and what does it stand for

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is a federal law that was enacted to protect the privacy of individuals’ protected health information (PHI), which includes medical records, billing information, and other personal health-related data. It also sets standards for how healthcare providers must secure and manage PHI.

Who must comply with HIPAA regulations

All healthcare providers, whether they are hospitals, doctors’ offices, nursing homes, or any other type of healthcare providers must comply with HIPAA regulations. Additionally, many other organizations that handle PHI on behalf of these providers – such as insurance companies, pharmaceutical companies and third-party contractors – must also follow the regulations set out by HIPAA.  

What are the penalties for not complying with HIPAA

Not complying with HIPAA can result in both civil and criminal penalties that could include hefty fines and jail sentences depending on the severity of the breach or noncompliance issue. Organizations found to have committed fraud or intentionally violated HIPAA rules may face criminal prosecution at a federal level resulting in fines up to $250,000 or imprisonment for up to 10 years upon conviction. Civil penalties are also possible if an organization is found to have willfully neglected their obligations under HIPAA laws with financial sanctions ranging from $100-$50,000 per violation depending on the circumstances involved in the case.  

How can you ensure that your business is compliant with HIPAA regulations

To ensure your business is compliant with HIPAA regulations there are several steps you can take including:
  • conducting regular employee training regarding how to properly handle PHI
  • developing detailed policies outlining how PHI should be handled
  • regularly auditing employee activities regarding PHI
  • maintaining physical security measures such as encryption technology
  • having a secure way to dispose of confidential documents
  • implementing systems that control access to sensitive data
  • keeping detailed logs of all accesses and uses of PHI within your organization

What are some of the key provisions of HIPAA

Some key provisions included in HIPAA are: Providing individuals with rights to their personal health information including access and amendment rights when applicable; providing organizations with requirements about how they should safeguard private health information; establishing national standards for electronic transactions such as billing claims, referrals and authorizations; imposing administrative safeguards like ensuring all employees receive necessary training about protecting patient information; establishing technical safeguards like setting up secure networks which allow only authorized personnel access to patient data; providing civil monetary penalties for failure to comply with regulations set forth by HIPAA; and requiring covered entities—healthcare providers—to provide proof that their systems remain in compliance with current regulations at all times.   

What Types of Medical Records Need to Be Shredded

HIPAA requires that any paper documents containing PHI, such as:
  • Patient medical history, diagnoses, treatment information
  • Financial records
  • Social security numbers
  • Credit card numbers
  • Addresses
  • Phone numbers
  • Certificate/license numbers
  • Biometric identifiers
  • Email addresses
  • Medical record numbers
  • Health plan beneficiary numbers
Organizations can also use HIPAA compliant shredding services for other types of documents such as business records, legal records and confidential correspondence. HIPAA does not require all of these documents to be destroyed; however, it is important for organizations to take steps to protect the privacy of their employees and customers by securely destroying any documents that contain sensitive information. Download our “what to shred” poster and display it in high-traffic areas, like the break room or hallways so your workers are informed.  

How to Avoid Horrifying HIPAA Violations

Storing records offsite is the easiest way to ensure that you’re HIPAA compliant. With active records storage from Corodata, we’ll deliver records to your site as you need them. New customers start with 3 months of free records storage. Sign up now