You’re a doctor, not a tightrope walker.
But walking the line between patient confidentiality and patient care can feel like a circus act. You want to give your patients the best care possible. Sometimes this requires consulting with other healthcare professionals or talking to family members about your patient’s case.
This can be tricky since you can’t just share patient information freely. Running afoul of the HIPAA Privacy Rule can result in hefty fines, some as much as $250,000. So before you share PHI (Protected Health Information) it’s crucial that you understand how privacy law affects the doctor-patient relationship.
What is patient confidentiality?
Encyclopedia.com defines patient confidentiality as “the right of an individual to have personal, identifiable medical information kept private. Such information should be available only to the physician of record and other healthcare and insurance personnel as necessary.”
Basically, healthcare providers can’t share PHI without previous authorization from a patient. For a list of what is considered PHI, check out this article from UMass Medical School.
HIPAA law requires medical practices to educate patients on their rights using plain language. This means your privacy notices need to be easy to understand the first time a patient reads or hears them.
This can be a challenge since HIPAA law can be confusing, even for healthcare professionals. Fortunately, the Plain Language Action and Information Network provides some helpful advice and checklists. They recommend following these guidelines when writing in “plain language”:
- Organize the piece logically, keeping the reader in mind.
- Use “you” and other pronouns.
- Use active voice.
- Write short sentences.
- Use common, everyday words.
- Implement easy-to-read design features.
It’s up to you to decide how far you’ll take this education. But at a minimum HIPAA requires you to create notices of privacy practices that follow these guidelines.
Collecting patient information under HIPAA
HIPAA not only requires you to educate your patients, but also to take precautions when handling their information. This affects how you collect, store, and use patient information. The following are requirements for storing HIPAA-compliant data:
- Your data storage solution needs to be “…accessible and useable upon demand by an authorized person.”
- You must have contingency plans for disasters and system failures that protect your patient’s information.
- Patient information must be protected and properly stored after it is collected.
One of the most common HIPAA violations is improperly filing or disposing of patient documents. These documents are especially vulnerable before they are filed. Any employee is liable to have a bad day or miss something due to human error.
While you can’t completely eliminate this problem, an electronic filing system can help you mitigate the risk. An electronic form filled out by a patient goes directly into your secure system. Unlike a paper form, it can’t be misplaced or left in the open where it can be seen by anyone passing by.
This doesn’t mean electronic filing systems don’t have their own challenges, but most worries can be eliminated if you have the right data partners.
How to use PHI under HIPAA
HIPAA is intended to provide patients and healthcare providers with peace of mind. Patients are sure their medical information will be kept private and secure, and providers reduce legal risk by staying compliant. In this light, the goal of HIPAA is to protect healthcare providers, not to prevent them from doing their jobs.
As a healthcare provider, you can share information only with approved parties and only after getting proper patient authorization. In all cases, the healthcare provider may share or discuss only the information that the approved party needs to know about the patient’s care or payment for care.
Ensuring HIPAA best practices when handling patient information will keep you legally compliant and help you do your job better.
HIPAA can be complicated; let’s make it easier
JotForm is dedicated to creating tools that make your life easier.
We’ve talked about how an electronic filing system can reduce the risk of improper file handling and storage. Staying HIPAA compliant protects you from hefty fines that could reach $1.5 million per offense and federally enforced action plans to correct violations.
But how can you create forms that are HIPAA compliant and easy to use? JotForm allows you to create HIPAA-compliant forms easily and even obtain patient signatures and files directly through your forms. Simplify data collection and try JotForm today.