Student Dissertation

Agency : HIPAA Compliance; Health IT Company; PHI

Objective : The purpose of this study is to understand the importance of HIPAA compliance and determine its application to PHI. The objectives of this study included: • To understand PHI in Health IT company. • To determine when HIPAA rules apply to PHI. • To understand limiting release of PHI • To determine ways to protect PHI • To establish ways in order to keep workplace HIPAA compliant. • To understand patient’s right in HIPAA compliance

Background : Prior to the year 1996, there was no legislation restricting the manner in which patient’s healthcare related information was shared, disclosed, stored and protected. In 1996, Congress passed the Health Insurance Portability and Accountability Act, otherwise called "HIPAA." One of the arrangements of the Act (Section II) seriously limits the capacity of social insurance associations to share persistent data that is protected health information. Protected Health Information implies any data, regardless of whether oral, composed, recorded, in any frame or medium that demonstrates or is identified with a person's past, present or future wellbeing status. This would incorporate any physical or emotional well-being condition, treatment or administrations gave. This data must be secured and by and large, can be utilized or unveiled just with the person's authorization.

Methodology : The study was Descriptive Cross-sectional study. The study area was the Health IT Company. Method of data collection was an In-depth interview and consultations. Total ten in-depth interviews were conducted, four interviews with managers of the compliance team, three interviews with the training team and three interviews with virtual scribes.

Findings : HIPAA rules apply to PHI in conditions when chart note is in use, when PHI is released, when PHI is stored, when PHI is visible on computer, when PHI document is lying on desk, when two providers share the PHI information, when PHI is shared with associated service providers, when PHI is discussed in conversation and when PHI is discussed over a phone call. PHI has 18 elements which includes Address, Date, Phone number, Fax, Email, Social security number, Medical record number, Health design recipient number, Bank account number, Certificate or permit number, Vehicle identifier, Device identifier and serial number, Web widespread asset locator, Internet convention address number, Biometric identifier, Full confront photographic pictures and any practically identical picture, any other one of a kind recognizing number or trademark or code. The process flow of PHI in chart note preparation through virtual scribing was identified.

Recommendations : After understanding, the significance of HIPAA in Health IT Company, identifying PHI used in chart notes and processes involving PHI standard operating procedures were built which define the ways to secure protected health information in organization and measures to prevent a data breach. For each employ, a self-audit check-list is prepared in order to be HIPAA compliant and prevent a data breach.


x