HIPAA is a term that’s used quite often in the health-care industry, but not everybody realizes exactly what it is or why it is such a necessary and important factor for any medical facility or healthcare practice. The following is a brief overview of what exactly HIPAA is and why it should matter to all healthcare professionals, from doctors and nurses to management and administration.

01   /  All about HIPAA: What You Need to Know as a Medical Facility

HIPAA is the Health Insurance Portability and Accountability Act. Congress passed this legislation in 1996, and it largely has to do with measures and protocols that were put into place to protect private and sensitive patient information. Such information includes general information such as name, date of birth, and social security number, but it also entails medically related information, such as any conditions you have, treatments you’ve undergone, and so forth. 

In other words, HIPAA protects those without express permission from accessing a patient record or a person’s personal and private medical information. This law is applicable to any medical service or facility, including dental providers, clinics, pharmacies, psychologists, chiropractors, and private practices. 

HIPAA also gives a patient the right to have access to their health information – even their electronic medical records or EMR, as well to request copies of that information. It also gives the patient rights to access fees for services.

HIPAA dictates many facets of privacy in medical practice scenarios, and HIPAA compliance is mandatory. 

02   /   What is HIPAA’s Connection to OSHA?

The Occupational Safety and Health Administration (OSHA) and HIPAA are both federal laws and both focus on the rights of individuals when it comes to their health. OSHA dictates many laws and regulations that relate to overall safety and health within the workplace but it also  mandates that certain training - such as privacy rules - are conducted in facilities throughout the medical industry, especially when it comes to medical records and their destruction. In such cases, HIPAA regulations apply.

Anyone in a healthcare facility that comes into contact with protected health information (PHI) must undergo OSHA training to ensure knowledge and compliance for its handling. HIPAA regulations and OSHA rules intersect in regard to record-keeping and maintaining the privacy of protection of health information. Under the privacy rule however, OSHA is able to (under limited circumstances) disclose private health information and still comply with HIPAA requirements when it comes to such disclosures of information for public health reasons and government requirements to track injuries or illness. 

Only in certain instances does the HIPAA privacy rule not apply. If in doubt, refer to the U.S. Department of Health & Human Services for additional information.

03   /    Document Destruction - How to Avoid HIPAA Violations

Medical facility need to be cognizant and compliant with HIPAA and OSHA rules. One essential way to stay on top of this is through proper document shredding protocol. Every piece of paper that has any patient information on it—even if that’s just a name or other seemingly benign identifier—needs to be kept under lock and key and then properly shredded and destroyed.

While document destruction used to be utilized most extensively in the health-care industry, the relatively low document shredding cost has made it a popular choice for other business scenarios too. Today, businesses know how important it is to protect the confidential information of their employees and customers, so shredding has become a mainstream practice.

In the medical field, the growth of electronic and digital media has changed the way PHI is documented and preserved, but paper documentation still exists. Many healthcare facilities throughout the country don’t use EMR or digital records alone. An average size doctors’ office might still produce enough documents to require shredding weekly. This, of course, varies drastically with the facility’s patient base. Regardless, it is vital to protect private information from exposure.

Violations through purposeful or accidental release of personal health information or other protected data under HIPAA rules can result in huge fines.

04   /   Why Does a HIPAA Violation Matter?

HIPAA protects the privacy of patients and ensures confidentiality. If PHI is accessed, stolen, or revealed due to negligence with HIPAA regulations, the integrity of the facility and the safety of one or more patients has been compromised. Potential financial ramifications include:

  • Patients less likely to trust that the physician or their facility can keep private or confidential information safe, resulting in loss of patients.
  • A potential OSHA audit. If a facility has been found to be non-compliant, fines are not just possible but probable. Fines for HIPAA violations range from minimums of $100, $1,000, $10,000 per violation and up to $50,000 per violation, with a maximum penalty of $1.5 million per year for each violation. Fines are assessed on a tiered level depending on severity.
  • Legal action by a patient whose information has been compromised can file a lawsuit against the facility.

05   /   What Resources Do You Have at Your Disposal?

Healthcare facilities are required to ensure that all employees go through proper HIPAA training. In addition, some OSHA trainings are required yearly. Others only need to be updated periodically. Because there are numerous required trainings and each of those trainings has slightly different requirements, it can quickly become confusing and complicated to manage.

To ensure compliance, turn to experts. A reliable and reputable medical waste management company like MCF Environmental Services can help support such facilities in maintaining both HIPAA privacy laws and OSHA rules. OSHA compliance training provides the knowledge base needed to educate all employees regarding privacy laws, reduces risks of data breeches and resulting penalties. 

For more information on HIPAA and OSHA regulations and compliance issues, contact a representative of MCF Environmental Services, an Atlanta-based waste management company.

Robert Losurdo

President, COO