4 Things Small Healthcare Practices Should Know About HIPAA

November 9, 2017

HIPAA is a way of protecting an individual’s medical records, and it has important stipulations around document management, file storage, information sharing and more. Small healthcare businesses should keep this information in mind when it comes to patient medical information and HIPAA.


1. Healthcare Practitioners Must Use Caution When Sharing Information

HIPAA covers any organization that collects, stores, processes, retains or accesses an individual’s health information. When a healthcare practitioner chooses to share personally identifiable health information about a patient, caution must be used. Information should only be shared among other healthcare practitioners and only as it relates to the individual’s need for healthcare services.


2. Access to Patient Medical Records Should Be Limited

Access to patient medical records should be limited. Information should not be shared to marketers, researchers or other entities who are not providing healthcare to the patient. Even within an organization, people who have no need to access a person’s health record should not. When a person’s electronic medical record is accessed, small healthcare practices should use an electronic date and time stamping system that shows when the record was accessed, who accessed it and what was done to the record.


3. Providers Should Disclose Their Privacy Practices to Patients

Every patient has a right to know how their healthcare information is kept private. Small healthcare practices should provide their patients a copy of their privacy policy. If a patient wants to make a correction or have a copy of his or her health records, HIPAA gives the patient that right.


4. Potential Future Changes to Health Document Management

Most small healthcare practices have converted to electronic medical records or are in the process of doing so. HIPAA regulations help ensure that privacy is protected for every patient. To remain in compliance with HIPAA, healthcare businesses should use thorough encryption and dual-authentication for access. Other changes to the industry may include improved information sharing systems between hospitals, clinics, and private physician practices.