A clear understanding of HIPAA laws is crucial for health informatics professionals. As doctors and health care providers rely increasingly on technology to facilitate patient care, health informatics professionals are in high demand. This career combines an interest in information technology with the sharing of:
- health care data
HIPAA, also known as the Health Insurance Portability and Accountability Act, is a federal act that ensures that the health data of Americans will be kept private. Read on to learn more about key HIPAA facts that are critical for health informatics professionals to consider.
What Information Does HIPAA Laws Protect
HIPAA means that patients’ protected health information can only be shared with certain entities under certain circumstances. Protected health information (PHI) is any data that describes physical or mental health that is identifiable to the patient, even if does not include his or her name.
Who Is Responsible for Protecting PHI?
Under the law, three groups are responsible for protecting the PHI of patients. These include:
- health care providers
- health care plans
- health care clearinghouses
For most health care informatics professionals, this last category is the most notable. Clearinghouses include businesses that process health information, including manufacturers of electronic health records and databases. Many health informatics professionals work to ensure that patient information included in these systems is encrypted (hidden from view) so that it is not shared.
What is the HITECH Act?
The Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009, promotes the safe and effective use of healthcare information technology. It also includes provisions about how HIPAA affects the field of healthcare informatics, as well as privacy and security rules for this industry. HITECH outlines levels of culpability in the case of leaked PHI as well as penalties for each level.
Which Health Informatics Professionals Are Most Affected by HIPAA?
Network administrators and IT managers are the two roles in which awareness of HIPAA is most critical. Network administrators are directly responsible for ensuring that networks are secure when information, particularly PHI, is being transmitted. And IT managers are responsible for drafting policies and procedures to ensure that health informatics operations, both independent entities and those within hospitals and physicians offices, are HIPAA-compliant. Managers should also make sure that their entire teams are trained in information security and HIPAA compliance.
What Areas Should You Focus on to Protect PHI?
Health informatics professionals should focus on four key areas:
- First, ensure that anyone accessing PHI on your system must log in and authenticate his or her identity as a registered user
- Second, access should be restricted to anyone who does not need to have this information
- Third, your system must have built in audit controls so that there’s a record of who accesses information and when they access it
- Fourth, all transferred data must be secured and encrypted so that it cannot be intercepted by a third party.