You shouldn’t, unless you are somehow linked to the healthcare industry. And then if you don’t, it could cost you up to $100,000 or 5 years in prison, depending on the severity of the violation.
Have you ever stood in line at a pharmacy at Costco or Walgreen’s, and had your name called out loud? Or, when visiting a doctor’s office, filled out a sign-in sheet with other names before yours? When a curious nurse at UCLA looks through Angelina Jolie’s charts, and decides to sell the information to a tabloid, he should be making vacation plans to the Federal jail, not Hawaii! According to HIPAA, these are violations.
Title II of The Health Insurance Portability & Accountability Act, also known as Administrative Simplification, addresses the security and privacy of health data. The pharmacy and the doctor’s office must make reasonable arrangements to protect your privacy. So, instead of calling out your name, they must call out a number. The sign-in sheets at the doctor’s office should be separated for each patient. As for the nurse, he should probably have chosen another profession.
Last month, we were working on project for a doctor’s office. The doctor had built a brand new office in another part of town, and wanted an inexpensive solution to access his billing data at the old office. Several third-party software such as Team Viewer, Log Me In and GoToMyPC could give him easy access to his data. However, only one of them, Citrix GoToMyPC Corporate, explicitly claims to be HIPAA compliant. Here are some features of this software: Host PC access is protected by two levels of strong password authentication, separate passwords are used for authentication to web site and then to the host PC, and the account manager can terminate sessions in progress with a single click of the mouse.
To add to the complexity of matters, physician practices are scrambling to go paperless by 2014. The Healthcare Information Technology Act (HITECH Act) requires all physician practices to adopt Electronic Medical Record processing software. And if they are able to do this by the end of 2014, Medicare and Medicaid reimburse them the cost of transitioning from paper to electronic record. With HIPAA regulations being so rigid, EMR vendors and healthcare providers have to tread this path very carefully. What seems like a generous Government dole out could very quickly turn into hefty financial penalties.
Yet, the thought behind HIPAA is not to penalize, but to protect the ordinary person’s privacy. Don’t you wish they had a similar law for social media?