Healthcare practices & their partners large and small are legally obligated by the HIPAA HITECH and Omnibus regulations to protect the privacy and security of protect health information. These regulations which govern the use PHI (Protected Health Information) its use, storage and processing by healthcare providers and their partners/business associates. As odd as it seems in 2015, I’ve had questions as to whether it applies to many organizations. In light of these consistent compliance questions, I’ll clear up a bit of HIPAA basics.
EPHI/PHI (Electronic Protected Health Information/Protected Health Information)
PHI is Protected Health Information. It’s electronic counterpart in any digital form is EPHI. PHI or EPHI is health information such as:
Name, Email, Phone, Medical record number, Digital radiography, License number, Social Security Number, etc.
Basically any health related info, held or transmitted in any form is protected under HIPAA. So for example: An appointment, list of prescriptions, X-rays or even a list of doctors is all protected information. Within this document I’ll use the term PHI and ePHI interchangeably because both require the same protection under the law.
Does HIPPA Apply to my Practice?
All organizations that work with PHI/ePHI such as Health Care Providers, Health Care Clearinghouses, Health Plans, and their business associates. These organizations are termed covered entities.
What are Covered Entities?
Covered entities are those organizations that are required to maintain HIPPA compliance. Covered Entities are Health Care Clearinghouse, Health Care Provider or Health Plan. These organizations are termed “covered entities” meaning that HIPAA applies to them. In further detail these covered entities includes:
Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing Homes, Pharmacies, Health insurance companies, HMOs, Company health plans, Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs, Business associates of covered entities
Furthermore, the HITECH additions to HIPPA extend the requirements to all business associates of covered entities. The Omnibus rule even further extends the compliance requirements of HIPPA compliance to business associates of business associates.
In essence, any covered entity and its partners working with PHI or ePHI must remain compliant.
Steps to Compliance
If you are a covered entity and you haven’t taken the steps towards compliance, there is hope. Evolutionary IT provides expert HIPAA compliance guidance and can bring you into compliance without the headaches and financial risks associated with attempting an audit in-house. Want to learn more, Contact Evolutionary IT and learn how we can get you on track for HIPAA compliance today.