To ensure patient’s medical information and records are private and secured, Health Insurance Portability and Accountability Act of 1996 (HIPAA), has associated rules about who can view, receive, and utilize patients’ health information as well as steps to take to protect the confidentiality, integrity, and security of the information.
The HIPAA Privacy Rule establishes national standards to safeguard the privacy of individually identifiable health information and to ensure the security of electronic personal health information (PHI).
Under HIPAA, covered entities must:
- Put proper safeguards to protect patient’s health information.
- Reasonably bound uses and sharing to the minimum needful to execute your intended purpose.
- Have agreements in place with any service providers they use, perform activities on their behalf. These agreements are to assure that these services providers (referred to as “business associates”) only utilize and disclose patients’ health information decently and safeguard it suitably.
- Have procedures in place to bound that can access your patients’ health information as well as conduct training programs for you and your employees about how to protect your patients’ health information.