Sensitive Information, Protected: Patient Privacy, HIPAA, And You

Sensitive Information, Protected: Patient Privacy, HIPAA, And You

The early 1990s was a time of computerized evolution. Cell phones were becoming popular, Google was founded, and the very first text message was sent. During this time of rapid growth in technology, sensitive information was beginning to be electronically stored and transmitted. This was applicable in the healthcare industry as well, prompting lawmakers to look for a way to protect personally identifiable information (PII) and other forms of sensitive data while not impeding on the necessary progress being made in the digitization of medicine.

The Creation of HIPAA

HIPAA is an acronym that you have probably heard of, whether it was on television, in the newspaper, or while in the hospital. But what does it stand for? HIPAA stands for The Health Insurance Portability and Accountability Act, a legislative act passed in 1996. The act has two distinct parts, known as Title I and Title II, and has been updated a few times since its initial passing.

Title I is referred to as the Health Care Access, Portability, and Renewability part of HIPAA. It covers health insurance plans and policies, including the ability to delay coverage for individuals with pre-existing conditions like diabetes, COPD, cancer, and more. Title I also allows for health insurance plans to be carried between jobs when a person switches companies.

Title II of HIPAA is known as the Preventing Health Care Fraud and Abuse section, which has five parts to it, all revolving around the protection of patients and their information. Part of the sensitive information protected under Title II of HIPAA is known as PHI.

What Is PHI?

There are many different types of sensitive information, including your name, social security number, bank account routing number, and more. Under HIPAA there is a specific category of protected information called Protected Health Information. It is any information contained in records meant to be used for medical purposes such as diagnosis or treatment, that can be used to identify a person.

PHI can be passed between physicians and other care providers as the need arises without redaction, making it possible for the diagnosis, procedure, and aftercare process of medicine to be carried out effectively. However, when these records are distributed for non-medical reasons, the sensitive information must be protected through redaction. Redaction is the removal of information, done in documents that contain sensitive data like PII and PHI for privacy protection.

The Consequences Of Violating HIPAA

View into prison cell through metal bar door with key lock.

HIPAA violations can be broken down into two categories, civil and criminal. Violations can be carried out by individuals, covered entities (e.g. Health insurance plans), or a business associate of a covered entity.

If a member of a covered entity or business associate violates HIPAA, the consequences can be handled internally by an employer or escalated up to criminal charges, fines, and imprisonment.

The severity of punishment for civil violations of HIPAA is dependent on a multitude of factors. These include the nature of the violation, if it was intentional or unintentional, whether the violation was malicious or for personal gain, or if harm was caused as a result of the violation, and more.

Unlike civil violations, criminal violations of HIPAA are not accidental. Criminal violations are punished with a minimum fine of $50,000 and imprisonment for up to ten years in jail.

How To Be HIPAA Compliant

The largest part of being compliant with HIPAA guidelines is education. By educating companies and their employees about the strict guidelines when it comes to protecting PHI and other forms of sensitive information. Covered entities and business associates should have guidelines for all employees to adhere to to remain compliant and when documents containing PHI and other sensitive information are being digitally or physically transmitted, they should have the proper redactions on them.

For digital document redaction of PDF or scanned files, it is important to have a program that does more than place a black highlight over the information. To truly redact a document, the information behind the redaction must be completely removed from the file. This leaves no room for a leak of information that could amount to a costly HIPAA violation. Poor redaction in any industry can lead to financial, legal, and/or punitive action. So why risk non-compliance with sub-par redaction practices?

With a software like CaseGuard Studio, there are manual and automatic ways to redact that do just that. One way to use CaseGuard to redact medical files to remain HIPAA compliant is to use a list of medical diagnoses and prescription drug names and redact all instances of those from one or many documents at a time. The Find & Redact feature can be paired with AI Text Analysis, a tool that can automatically identify and redact over 50 types of PII with the click of a button including names, phone numbers, social security numbers, and addresses.

To learn more about the Find & Redact feature, take a look at the video below.

Video Thumbnail
Play Video

Are you interested in scheduling a demo to discover how CaseGuard Studio can help your agency remain HIPAA compliant? Click here to do so.

Related Reads