Sensitive Information, Protected: Patient Privacy, HIPAA, And You

August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

The early 1990s was a time of computerized evolution. Cell phones were becoming popular, Google was founded, and the very first text message was sent. During this time of rapid growth in technology, sensitive information was beginning to be electronically stored and transmitted. This was applicable in the healthcare industry as well, prompting lawmakers to look for a way to protect personally identifiable information (PII) and other forms of sensitive data while not impeding on the necessary progress being made in the digitization of medicine.

The Creation of HIPAA

HIPAA is an acronym that you have probably heard of, whether it was on television, in the newspaper, or while in the hospital. But what does it stand for? HIPAA stands for The Health Insurance Portability and Accountability Act, a legislative act passed in 1996. The act has two distinct parts, known as Title I and Title II, and has been updated a few times since its initial passing.

Title I is referred to as the Health Care Access, Portability, and Renewability part of HIPAA. It covers health insurance plans and policies, including the ability to delay coverage for individuals with pre-existing conditions like diabetes, COPD, cancer, and more. Title I also allows for health insurance plans to be carried between jobs when a person switches companies.

Title II of HIPAA is known as the Preventing Health Care Fraud and Abuse section, which has five parts to it, all revolving around the protection of patients and their information. Part of the sensitive information protected under Title II of HIPAA is known as PHI.

What Is PHI?

There are many different types of sensitive information, including your name, social security number, bank account routing number, and more. Under HIPAA there is a specific category of protected information called Protected Health Information. It is any information contained in records meant to be used for medical purposes such as diagnosis or treatment, that can be used to identify a person.

PHI can be passed between physicians and other care providers as the need arises without redaction, making it possible for the diagnosis, procedure, and aftercare process of medicine to be carried out effectively. However, when these records are distributed for non-medical reasons, the sensitive information must be protected through redaction. Redaction is the removal of information, done in documents that contain sensitive data like PII and PHI for privacy protection.

The Consequences Of Violating HIPAA

View into prison cell through metal bar door with key lock.

HIPAA violations can be broken down into two categories, civil and criminal. Violations can be carried out by individuals, covered entities (e.g. Health insurance plans), or a business associate of a covered entity.

If a member of a covered entity or business associate violates HIPAA, the consequences can be handled internally by an employer or escalated up to criminal charges, fines, and imprisonment.

The severity of punishment for civil violations of HIPAA is dependent on a multitude of factors. These include the nature of the violation, if it was intentional or unintentional, whether the violation was malicious or for personal gain, or if harm was caused as a result of the violation, and more.

Unlike civil violations, criminal violations of HIPAA are not accidental. Criminal violations are punished with a minimum fine of $50,000 and imprisonment for up to ten years in jail.

How To Be HIPAA Compliant

The largest part of being compliant with HIPAA guidelines is education. By educating companies and their employees about the strict guidelines when it comes to protecting PHI and other forms of sensitive information. Covered entities and business associates should have guidelines for all employees to adhere to to remain compliant and when documents containing PHI and other sensitive information are being digitally or physically transmitted, they should have the proper redactions on them.

For digital document redaction of PDF or scanned files, it is important to have a program that does more than place a black highlight over the information. To truly redact a document, the information behind the redaction must be completely removed from the file. This leaves no room for a leak of information that could amount to a costly HIPAA violation. Poor redaction in any industry can lead to financial, legal, and/or punitive action. So why risk non-compliance with sub-par redaction practices?

With a software like CaseGuard Studio, there are manual and automatic ways to redact that do just that. One way to use CaseGuard to redact medical files to remain HIPAA compliant is to use a list of medical diagnoses and prescription drug names and redact all instances of those from one or many documents at a time. The Find & Redact feature can be paired with AI Text Analysis, a tool that can automatically identify and redact over 50 types of PII with the click of a button including names, phone numbers, social security numbers, and addresses.

To learn more about the Find & Redact feature, take a look at the video below.

Video Thumbnail
Play Video

Are you interested in scheduling a demo to discover how CaseGuard Studio can help your agency remain HIPAA compliant? Click here to do so.

Related Reads

Cigna Hit With Lawsuit Over Controversial AI Technology Use
August 09, 2023 | 4 minutes read
Cigna Hit With Lawsuit Over Controversial AI Technology Use

Insurance giant Cigna faces a lawsuit over claims they’re using AI to wrongly reject claims in bulk, hurting Americans in the process.

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »
AI Winter: A Cycle of Over-Promising & Under-Delivering AI Technology
May 22, 2023 | 6 minutes read
AI Winter: A Cycle of Over-Promising & Under-Delivering AI Technology

AI Winter is when consumer interest in artificial intelligence is low and therefore investors stop investing money in artificial intelligence development. It is a time when few advancements are made in AI technology and technological progress stands still.

Learn More »
The Comprehensive Policing and Justice Reform Emergency Amendment Act
May 15, 2023 | 6 minutes read
The Comprehensive Policing and Justice Reform Emergency Amendment Act

An “Amendment Act” is what describes legislation that can alter existing laws instead of producing a new law from the ground up. The Comprehensive Policing and Justice Reform Emergency Amendment Act is a standalone emergency legislation passed by the D.C council in June of 2020 amending some existing laws relating to justice reform and policing.

Learn More »
Barcodes, A Sick Wife, and Long Lines Made it Happen
April 24, 2023 | 5 minutes read
Barcodes, A Sick Wife, and Long Lines Made it Happen

Problems of Yesteryear Imagine receiving news that your spouse, who is away on a business trip, is very ill. To make matters worse, the way the news was delivered to you took days for you to receive it, and by the time you acknowledged the fact, your spouse had already passed away. This was Samuel […]

Learn More »